Majority of U.S. Adults Believe Companies Generally Do a Good Job of Protecting Their Customers’ Personal Information and Privacy

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.ipsos-na.com/news-polls/pressrelease.aspx?id=6562

While a majority of U.S. adults do see the risks involved with companies
having access to their personal information, six in ten (58%) feel that
generally speaking, companies in the U.S. do a good job of protecting their
customers’ personal information and privacy , including one in ten (11%)
who feel that they do a very good job, according to a new poll of over
1,000 adults conducted by Ipsos Public Affairs on behalf of the American
Bankers Association. Just over one-third (35%) view companies as doing a
bad job, including 8% who view it as very bad, while 6% are not sure.

There is a wide range of opinions in terms of how specific types of
companies do in protecting their customers. Local banks (89%), online
retailers like Amazon, Zappos, and Buy.com (76%), credit card companies
(74%), and online e-commerce companies like PayPal and eBay (71%) are most
likely to be seen as doing a good job of protecting their customers’
personal information and privacy. To a slightly lesser extent, department
stores (65%), small businesses (64%), and big box retailers (62%) are seen
as doing a good job. However, fewer than four in ten (37%) say that social
networks like Facebook, Twitter, and Instagram are doing a good job of
protecting their customers.

When it comes to how responsive companies would be in helping customers
resolve any problems they experience in the event their customers’ personal
information and privacy has been compromised, a similar pattern emerges.
One’s local bank (89%), credit card companies (83%), and online retailers
(78%) are most likely to be seen as being somewhat/very responsive. Three
quarters also feel that online e-commerce companies (76%), department
stores (76%), and big box stores (76%) would be responsive to their
customers’ needs following a breach, while fewer feel this way about small
businesses (67%) and social networks (48%).

Nearly Half of Adults Have Been Notified of a Data Breach Involving Their
Personal Information

About half of American adults (47%) say that they have been notified by a
company or organization (such as a retailer, their bank, their credit card
company, or a credit card monitoring service) that their personal
information may have been compromised through some sort of data breach. The
same proportion (47%) say that they have not ever been so notified, while
6% are not sure.

While close to half have been notified of a breach, one in five (20%) have
experienced negative consequences as the result of a data breach. This
includes one in eight (13%) who lost money but were reimbursed, and one in
twenty who lost money and were never reimbursed (5%), or had their identity
stolen (5%).

Half Think It Is Likely That Their Personal Information Will Be Compromised
in the Next Year and the Vast Majority Feel that Consumers Are More
Susceptible to Privacy Violations Today than they Were Five Years Ago

Respondents are evenly split on their perception that their personal
information will be compromised through some sort of data breach in the
coming year, with 50% believing that this is likely (including 11% who
believe that it is very likely). Among the 50% who believe that this is
unlikely, just one in seven (14%) believe that it is very unlikely.

The vast majority of U.S. adults (81%) feel that consumers are more
susceptible to violations of their privacy today than they were five years
ago, including 44% who feel that consumers are much more susceptible. Just
one in ten (11%) believe that consumers are less susceptible these days,
while 8% are unsure.

While Most Have Taken Some Action to Protect Themselves, Fewer than One in
Four Have Reduced or Stopped Making Online Purchases, Reduced or Stopped
Using their Debit or Credit Cards, or Signed Up for a Credit Monitoring
Service

Majorities have taken some action in the past year to help protect their
personal information and privacy from being compromised, including changing
their pin or password information (68%), checking their bank and credit
card statements more frequently (68%), and only shopping on websites
certified as secure (60%). Respondents also report that, in the past year,
they have stopped visiting a particular website (33%) or retailer (25%)
that they viewed as untrustworthy, or that they reduced or stopped using
their credit and/or debit cards (23%) or making online purchases (24%).
About one in five (19%) signed up for a credit monitoring service.

When asked what additional tools would be most useful in helping customers
better protect their data, respondents offered suggestions of what
consumers might do to protect themselves, including limiting the amount of
information you provide (5%); only using secure credit or debit cards with
chip or encryption (4%); changing pin or password information, or doing so
more frequently (4%); checking bank and credit card statements more
frequently and double-checking all transactions (3%); and better customer
awareness or being more alert (3%).

Other responses relate to what companies or organizations could do in this
regard, including more or easier credit monitoring, or a free credit
monitoring service (5%); better encryption for internet sites/online
protection (4%); more credit alerts and immediate notification of problems
(4%); requiring identification, such as photo id of fingerprints (3%); and
improved security procedures by companies (3%).

A range of suggestions were offered by 2% or fewer respondents, while one
in ten or fewer offered some other response (7%), or nothing (9%). Just
over one-third (36%) say they do not know what additional tools would be
helpful.

Many Respondents Know There Is Some Risk to Companies Having Access to
Personal Information

Generally, most acknowledge that there are risks involved with companies
having access to their personal information. While one-third (34%) take
these risks because of the benefits, over four in ten (43%) say that they
don’t feel they have any choice with regard to these risks with so much
commerce taking place electronically. About one in five (19%) say that they
are uncomfortable with the risks of companies having access to their
personal information to the point where they avoid most forms of electronic
commerce. Conversely, just 4% say that they are completely comfortable with
companies having access to their personal information.

Most Believe Companies Should Have Procedures and Policies in Place to
Protect Consumers

While a majority believes that various companies do a good job in
protecting their customers’ privacy, and would be responsive in helping
customers resolve any problems they experience, there is also widespread
support for strict guidelines and regulations around how companies should
handle consumers’ personal and financial information.

Nine in ten (92%) adults agree that any company who handles consumers’
personal and financial information should have rigorous internal procedures
in place to protect that information, including 80% who strongly agree.
Just 5% disagree, while 3% are unsure.

An equally high proportion (92%) also feel that any company who has a data
breach that could be harmful to consumers should be required to publicly
notify customers in a timely and effective manner, including 81% who
strongly agree. Again just 5% disagree and 3% are unsure. While nine in ten
(90%) also agree that any company that has a data breach should be
financially responsible for any losses that arise from the breach, fewer
(68%) strongly agree with this sentiment. At the same time, very few
respondents (6%) would not want to see the company held financially
responsible, while 4% are unsure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!