2002

Only 13% of FTSE 100 Web sites rated 'good' for overall quality of on-line privacy management, according to benchmarking survey from PA Consulting Group - 24 June 2002

The findings of a Web site benchmarking study conducted by PA Consulting Group suggest that, currently, companies are failing significantly to provide the information consumers need on key privacy and security issues. The PA benchmarking study revealed that only 13% of FTSE Web sites were rated 'good' on overall quality of privacy management, while 74% gather data on site visitors without their knowledge or permission. More disturbingly, over 50% of the Web sites either have no privacy policy or one the study rated as poor quality. This fact is definitely a cause for consumer concern but can also be seen as an opportunity for companies to win consumers' trust.

Bernie Robertson, PA's leader on data protection and Web privacy issues comments:

"This isn't just about data protection but about addressing consumers' concerns.

Companies that effectively address the issue of privacy transparency over the next 6-18 months have a great opportunity to enhance their reputation with their customers. Beyond this time, having a clear on-line privacy policy will cease to be a key differentiator with customers, instead becoming an assumed 'must have' factor in consumer purchasing decisions."

The PA report concludes that the balance of power has now shifted to consumers, and companies need to be more proactive on privacy and data protection issues. Rapid change is needed because new technology standards, such as P3P, and regulatory pressures are going to force companies to take on-line privacy issues much more seriously.

Greg Jones, the lead researcher on the benchmarking study, added:

"On the surface, achieving at least a 'good' rating for an on-line privacy policy statement isn't difficult. It means making sure that the statement is easy to find and answers the right questions about data collection and site policy on data retention, storage and dispute resolution. But the survey found that many companies don't seem to understand all the elements of overall privacy management."

The survey also revealed that of the companies that are good at security (27%), only 5% actively promote their security practices as a differentiator. This fact shows a missed opportunity to cultivate and build customers' trust.

Greg Jones continues:

"The findings of the benchmarking study were quite surprising given the extent of publicity this subject has received recently. The poor results may indicate that companies are either unaware of what constitutes best practice in this field or do not understand the importance of privacy transparency to consumers. But whatever the reason, there is more to good privacy management than simply adding some text to the external Web site - an organisation's underlying processes and people need to fully support the principles of privacy and data protection as well."

PA predicts that the recent announcement on 16th April of new P3P standards by the World Wide Web Consortium or W3C will result in rapidly increasing levels of compliance. This emerging Web privacy and security standard allows P3P-enabled Web sites to make their policies available in a computer readable, standardized format that answer a comprehensive range of privacy questions.

-ends-

For more information, please contact:

Polly Ferguson PA Consulting Group 123 Buckingham Palace Road London SW1W 9SR United Kingdom Tel: +44 20 7333 5653 Fax: +44 20 7312 4612 E-mail: polly.ferguson@paconsulting.com

Notes to editors
1. A copy of the survey report Empowered consumers raises the on-line privacy stakes is attached.

2. About the research
During early April 2002 PA Consulting Group analysed Web sites from over 100 leading UK corporations, including the FTSE 100. In each instance the Web site was reviewed to gauge how well it dealt with consumer privacy concerns and emerging technology standards. Wherever possible, sites identified for analysis were selected on the basis that personal information is required to use the site, make a purchase or complete a transaction (financial or otherwise).

The Web sites were benchmarked against some key questions relating to privacy and data protection in order to arrive a rating for their 'overall quality of privacy management'. The focus was on four key areas:

• Does the Web site use cookies to track information?
• Is the site protecting information using secure communications (ie using encryption)?
• Is the site P3P-enabled to facilitate consumer choice?
• Does the site have a good privacy policy statement?

A privacy policy is considered to be 'good' if it is prominently displayed on the Web site home page or is very easily located and it effectively answers the following questions:

• Who is collecting the information?
• Exactly what information is being collected and for what purposes?
• What information is being shared with others and who are the data recipients?
• Can consumers access and modify information held about them?
• Can consumers make changes in how their data is used (opt-in/opt-out)?
• What is the site's policy for retaining data?
• How are disputes resolved?
• What are cookies and how does the site use them?
• How is data secured whilst stored and during communication over the Internet?

No assessment is made of the desirability or otherwise of the practices described within a privacy policy statement.

3. P3P and W3C® Definition
The Platform for Privacy Preferences (P3P®) specification, was issued by the World Wide Web Consortium (W3C®) on the 16th April 2002. This emerging Web privacy standard allows P3P-enabled Web sites to make their policies available in a computer readable, standardized format that answer a comprehensive range of privacy questions. A P3P enabled browser (such as Microsoft Internet Explorer 6™) or agent program (such as AT&T Privacy Bird™) can read these policies and automatically compare them to privacy preferences set by the consumer.

4. PA Consulting Group
PA Consulting Group is a leading management, systems and technology consulting firm, with a unique combination of these capabilities. Established almost 60 years ago, and operating worldwide from over 40 offices in more than 20 countries, PA draws on the knowledge and experience of some 4,000 people, whose skills span the initial generation of ideas and insights all the way through to detailed implementation.

PA builds strategies for the creation and capture of shareholder and customer value, and helps clients accelerate business growth through innovation and the application of technology. PA works with clients to improve performance, mobilize human resources and deliver change effectively, including managing major projects, and designing and implementing enterprise-wide systems and full e-business solutions.

PA focuses on creating benefits for clients rather than merely proposing them, and this focus is supported by an outstanding implementation track record in every major industry and for governments around the world. PA also develops leading-edge technology both for its clients and within its own portfolio of venture companies in areas ranging from software to wireless technology to life sciences.

PA distinguishes itself from its competitors through the range and quality of its people, the depth of its industry insight, its development and use of technology, and also its independence and culture of respect, collaboration and flexibility in working with clients.

We are proud that our clients say "PA makes it happen".

  |  Previous  |    |  Next  |