BreachExchange mailing list archives
Harris Poll on notifications of improper disclosure
From: "Dissent" <Dissent () pogowasright org>
Date: Fri, 10 Nov 2006 16:04:28 -0500 (EST)
http://biz.yahoo.com/prnews/061110/nyf085.html?.v=55 ROCHESTER, N.Y., Nov. 10 /PRNewswire/ -- An estimated 49 million adults in the U.S. indicate that they have been told that their personal information had been lost, stolen or improperly disclosed over the past three years. Most of this notification has come from government agencies and financial institutions. While many of these people do not believe anything has happened to them as a result of the lost information, a small but significant number do think that something may have happened. The Harris Poll® was conducted online by Harris Interactive® between October 4 and 10, 2006 among a national sample of 2,010 U.S. adults aged 18 or over. This survey was designed in collaboration with Dr. Alan F. Westin, Professor of Public Law and Government Emeritus, Columbia University, and noted authority on privacy issues. Specifically the survey found that: * Just over one in five (22%) U.S. adults claim that in the past three years a business, government agency or other organization notified them that the organization had lost, had stolen or otherwise improperly disclosed their personal information. This translates into approximately 49 million adults.(1) * Among those adults who say that they have been notified, most indicate that the notification was made by a government agency (48%), a financial company (29%) or a commercial company (12%). Other organizations that have made notifications include educational institutions (6%) and health care facilities (5%). Furthermore, eight in 10 (81%) adults who have been notified about lost or stolen personal information perceive that nothing harmful happened to them as a result. However, a significant 19 percent -- representing abut 9.3 million persons -- do believe that something harmful happened to them. Among this group who indicate that something happened to them, the following occurred: * Merchandise was charged in their name (43%) * Some kind of fraud was committed that cost them some money (35%) * Money was taken from their bank account (18%) * A credit card was taken out in their name (11%) * Someone posed to get government benefit or service (8%) When analyzing the results by the types of organizations that have notified adults about lost or stolen personal information, there are interesting differences. For those notified by either financial institutions or government agencies, most adults (by 81% to 19% for financial institutions and 86% to 14% for government agencies) think that nothing happened to them. However, for those notified by other commercial companies such as a retail company, a telephone company or a company used on the Internet, the percentage of U.S. adults who feel that something happened to them is considerably higher (38%). One should be cautious in interpreting these results as the percentage of those who think they were notified by other commercial companies is small (12%). "We know from detailed studies of ID theft that many of these harms are caused by actions of friends and family of the victims, stolen wallets or purses, pilfering identifying information from mailboxes or trash containers, and from insider theft of personal data by employees of organizations," Dr. Alan Westin commented about the findings. "However, our survey shows that almost 10 million persons out of the almost 50 million persons notified of a data breach over the past three years believe that direct harm to them resulted from the breach. This documents the importance of business, government, and other types of organizations applying stronger data security measures when handling personal information -- if they are to retain the trust of their customers, members, or citizens." TABLE 1 HAS PERSONAL INFORMATION BEEN LOST, STOLEN, OR IMPROPERLY DISCLOSED? "In the past three years, has a business, government agency, university or any other organization notified you that they had lost, had stolen, or otherwise improperly disclosed personal information about you?" Base: All adults 2006 % Yes 22 No 78 TABLE 2 WHAT ORGANIZATIONS INDICATED THAT PERSONAL INFORMATION WAS LOST, STOLEN, OR IMPROPERLY DISCLOSED "Which one of the following kinds of organization notified you?" Base: Adults who have been notified that data was lost or stolen Total % A government agency (federal, state, or local) 48 A financial company (a bank, credit card firm, investment or insurance organization) 29 Commercial Companies (Net) 12 A company you used on the Internet 4 A retail company 3 A telephone/telecommunications company 1 Other 4 A school, college or university 6 A hospital or other health care facility 5 TABLE 3 HOW LOST, STOLEN OR IMPROPERLY DISCLOSED PERSONAL INFORMATION WAS USED "Which of the following things did someone use the lost, stolen or improperly disclosed information to do?" Base: Adults who have been notified that data was lost or stolen Organizations Other Government Commercial Total Financial Agency Companies* % % % % Happened to Me (Net) 19 19 14 38 Charge merchandise in your name 8 13 6 9 Carry out some other kind of fraud that cost you money or harmed your position as a consumer 7 5 5 17 Get money from your bank account 3 3 1 4 Get a credit card in your name 2 2 1 8 Pose as you to get a government benefit or service 2 1 1 7 Other 3 * 4 7 Nothing Happened to Me 81 81 86 62 Note: Multiple-response question *Small Base (n=61) - caution should be used in interpretation TABLE 4 HOW LOST, STOLEN OR IMPROPERLY DISCLOSED PERSONAL INFORMATION WAS USED "Which of the following things did someone use the lost, stolen or improperly disclosed information to do?" Base: Adults who indicate that item happened to them* Total % Charge merchandise in your name 43 Carry out some other kind of fraud that cost you money or harmed your position as a consumer 35 Get money from your bank account 18 Get a credit card in your name 11 Pose as you to get a government benefit or service 8 Other 17 Note: Multiple-response question *Small Base - caution should be used in interpretation Methodology This Harris Poll was conducted online within the United States between October 4 and 10, 2006 among 2,010 adults (aged 18 and over), including 425 who have been notified that data has been lost or stolen, and 84 who believe that something happened to them as a result. Figures for age, sex, race/ethnicity, education, region and household income were weighted where necessary to bring them into line with their actual proportions in the population. Propensity score weighting was also used to adjust for respondents' propensity to be online. All surveys are subject to several sources of error. These include: sampling error (because only a sample of a population is interviewed); measurement error due to question wording and/or question order, deliberately or unintentionally inaccurate responses, nonresponse (including refusals), interviewer effects (when live interviewers are used) and weighting. With one exception (sampling error) the magnitude of the errors that result cannot be estimated. There is, therefore, no way to calculate a finite "margin of error" for any survey and the use of these words should be avoided. With pure probability samples, with 100 percent response rates, it is possible to calculate the probability that the sampling error (but not other sources of error) is not greater than some number. With a pure probability sample of 2,010 adults one could say with a 95 percent probability that the overall results would have a sampling error of +/-2 percentage points. Sampling error for data based on sub-samples would be higher and would vary. However that does not take other sources of error into account. This online survey is not based on a probability sample and therefore no theoretical sampling error can be calculated. These statements conform to the principles of disclosure of the National Council on Public Polls. J28939 Q 1105, 1110, 1115 The Harris Poll #81, November 10, 2006 By David Krane, Vice President, Public Affairs and Policy Research, Harris Interactive About Harris Interactive® Harris Interactive is the 12th largest and fastest-growing market research firm in the world. The company provides research-driven insights and strategic advice to help its clients make more confident decisions which lead to measurable and enduring improvements in performance. Harris Interactive is widely known for The Harris Poll, one of the longest running, independent opinion polls and for pioneering online market research methods. The company has built what it believes to be the world's largest panel of survey respondents, the Harris Poll Online. Harris Interactive serves clients worldwide through its United States, Europe and Asia offices, its wholly-owned subsidiary Novatris in France and through a global network of independent market research firms. The service bureau, HISB, provides its market research industry clients with mixed-mode data collection, panel development services as well as syndicated and tracking research consultation. More information about Harris Interactive may be obtained at www.harrisinteractive.com . To become a member of the Harris Poll Online and be invited to participate in online surveys, register at http://go.hpolsurveys.com/HarrisPoll . (1) Based on July 2005 U.S. Census estimate released January 2006 (223 million total adults aged 18 or over) Press Contact: Michelle Soto Harris Interactive 585-214-7665 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 141 million compromised records in 469 incidents over 6 years.
Current thread:
- Harris Poll on notifications of improper disclosure Dissent (Nov 10)