Bennett Gold LLP Earns Mention In Toronto Life Magazine, April 2005.

Building Trust on the Internet

Making Your Client's Privacy Your Business (Part 1)

This article explores one of the more sensitive issues surrounding business on the Internet - Privacy. We cover this subject in considerable depth - and will do so in two articles. This first discusses the importance of online privacy to your existing and desired clients. In the next article we will summarize the options available to web businesses committed to addressing the demand for protection of clients' personal and private information. As in all of our articles, we clarify current issues and provide some practical guidelines. Our aim is to ensure that your forays on the web won't be marred by nasty surprises which hinder your efforts to serve your clients and the Internet community well.

Because privacy is such a critical issue to every Internet business' success and longevity, we delve deeply into this topic. We answer the four most critical questions as you wrestle with your role in addressing privacy on the Internet.

In this article, we answer the questions which provide insight into the importance of privacy, these questions include the following:

1) How important is privacy to your clients?

2) Why is privacy important to your clients and why now?

In the next article, Making Your Clients' Privacy Your Business Part 2: Taking Action, we will complete our exploration of privacy on the web by answering the two questions that help you address your clients' concern for online privacy:

3) What is being done to ensure your clients' privacy on the Internet?

4) What can and should your business do to ensure the privacy of your clients' information on the Internet?

Part 1 - The Importance of Privacy

1) How important is privacy to your clients?

It's not the best price. It's not the convenience. And, it's not the fast service. It's knowing their personal information will be kept private. That's what people are consistently saying when asked what will cause them to do business on the Internet.

Ever since the Internet has emerged as a way to sell goods and provide services, businesses in every industry have been trying to understand how to encourage consumers and vendors to use this technology. For almost 10 years, study after study has pointed to consumers' lack of trust as the primary barrier to conducting business on the Internet. These studies have revealed that consumers and businesses alike would buy from organizations with whom they have built a trusting relationship.

This trusting relationship hinges on whether net consumers believe their most valuable asset -- their privacy -- is respected. Nowhere are these messages clearer than in the most current studies exploring barriers preventing businesses and individuals from buying or selling online -

- 92% of consumers would give demographic data to web sites if they felt they could trust the transaction and the organization.

- Over 72% of web users said they would provide data, if the web site would only provide a statement regarding how the information collection was to be used.

- Almost 60% of web users would be more likely to provide basic demographic information to a web site if the site had both a privacy policy and a seal of approval.

- 66% of web users fear sending personal information over the web.

- 71% of web purchasers were concerned with privacy of personal information.

- 84% of web non-purchasers opted out of web transactions because of concerns over privacy.

The messages are clear for any business venturing onto the web:

(1) Taking steps to ensure customers of the privacy of their personal information is a prerequisite to successful online business;

(2) people want control of their own information; and

(3) people will share their personal information when they feel they can trust the organization at the other end of the monitor.

Sources:

1 - Vanderbilt's University School of Management's Building Consumer Trust in Online Environments (1998).

2 - AT&T's Beyond Concern: Understanding Net Users' Attitudes About Online Privacy (1999).

3 - Ernst & Young and The Information Technology Association of America's Electronic Commerce Barriers Survey (1999).

4 - CommerceNet's Barriers & Inhibitors to the Widespread Adoption of Internet Commerce (1996/97/98).

5 - Better Business Bureau (1999).

2) Why is privacy important to your clients and why now?

Why is maintaining privacy over personal information on the web so important to consumers and businesses alike? The answer is simple. When a firm overestimates their ability to protect their clients' information, any breach can expose massive numbers of people's most personal information. The speed of the Internet also means that such information can be accessed, downloaded, and misused instantly. As a result, the negative consequences of a privacy breach are as wide as the web itself. Consider the following examples:

- Last year, one of North America's fastest growing loyalty groups left unprotected on their site the names, credit card numbers, home and business telephone numbers, employee information, financial information of businesses, and e-mail addresses of over 30,000 customers. To this day, the firm is not sure how long the information was exposed.

- Earlier this year a university medical center left unprotected on their site the medical records of several thousand patients for over two months. Among the personal information free for the world to capture was patient names, addresses, phone numbers, personal identification numbers, employment information, and the treatments for medical conditions.

Industry experts estimate that over $1.5 (US) billion worth of privacy breaches occurred last year. That number is expected to rise as more businesses get on the web without taking the necessary privacy precautions. And even then, that number doesn't include the money sought in lawsuits resulting from privacy breaches. What makes this most unsettling is that less than 5% of web privacy leaks ever make the headlines. That means this dollar figure is just the tip of the iceberg.

But, why is privacy so very important to your clients now? The answer reflects the growing acceptance that the Internet is the next business frontier. Agencies like Neilson Media and Forrester Research estimate that by 2002 over 320 million people will have access to the Internet, online buyers will number almost 130 million, and online commerce will approach $3 trillion. As such, people are beginning to recognize the benefits and potential of Internet business. When this is combined with the immense importance consumers place on trust and the potential risk that accompanies breaches, consumers and businesses alike seek methods for protecting their privacy.

Making Your Client's Privacy Your Business (Part 2)

This is the second of two articles exploring the sensitive area of conducting business on the Internet. These are the issues that don't get a lot of air play in the contemporary literature because they're not glamorous, they're complex and they're potential business-stoppers. As in the last article, this issue explores privacy on the web.

Having demonstrated clients' desire for online privacy, we turn our attention to summarizing the options available to web businesses committed to addressing the demand for protection of clients' personal and private information. As in all of our articles, we clarify current issues and provide some practical guidelines. Our aim is to ensure that your forays on the web won't be marred by nasty surprises which hinder your efforts to serve your clients and the Internet community well.

3) What is being done to ensure your clients' privacy on the Internet?

Many different types of solutions have emerged to address businesses' and consumers' need for protection of their private information. These solutions generally fall into one of three broad categories: (a) technical; (b) regulatory; and (c) industry self-regulatory. Because the field of Internet privacy is relatively new, no one solution effectively spans all three categories. Below, we identify the latest developments in each category and highlight the methods that currently hold the most promise for enhancing businesses' and consumers' Internet privacy.

(a) Technical Solutions

Few business leaders truly understand, or really need to understand, the complex array of technical solutions that have emerged to address Internet privacy. The reason for this is simple - technical solutions will not by themselves address the issues of privacy; even technology gurus and enthusiasts agree on this point. Even faster than your computer becoming obsolete, technological methods are changing so rapidly as to render any one solution impotent. The fact that the last few years has seen the introduction of various digital signatures and encryption methods is testament to the need for a non-technical solution.

Still, because the Internet is a technically-driven method for conducting business, new technical solutions emerge frequently. For instance, the World Wide Web Consortium, an international industry group is currently developing what it hopes will become the technical standard. This consortium is developing P3P, a modification to web browsers that enables web sites that collect personal information to explain what they do with it, while users who provide information can define how their data may be used.

Other technical solutions include the variety of digital currencies, none of which has emerged as the preferred method with any significant group of Internet businesses or consumers.

(b) Regulatory Solutions

Industry Canada's Personal Information Protection and Electronic Documents Act, Bill C54, the centerpiece of the department's drive to nurture electronic commerce in Canada, is in danger of fizzling out. The proposed legislation was unveiled with much fanfare last fall to make Canadians feel more comfortable conducting business online. It obliges organizations to obtain consent before using personal information, and explain to consumers why it needs the data.

However, the Bill has emerged bruised from Commons debate. It has also faced a barrage of criticism from law enforcement agencies, the Canadian Bar Association, the insurance industry and others. Industry Canada has responded with a long list of amendments meant to address the concerns expressed by police and fraud investigators. While a watered down Bill C54 may become law, it's relevance and responsiveness are presently hard to predict.

(c) Industry Self-Regulatory Solutions

The influx of technical solutions and the lack of ability or willingness for regulators to set standards for Internet privacy has left businesses to develop practical, affordable and flexible methods for ensuring their clients' privacy. Businesses are using three methods to build their clients' trust by demonstrating a commitment to client privacy: web site design; privacy policies; and seals of approval. Drawing from the latest and most thorough research, we identify key steps that your business can and should take to maximize each of these methods.

4) What can and should your business do to ensure the privacy of your clients' information on the Internet?

Web Site Design

Only recently has anyone identified web design principles and features that produce a sense of trustworthiness for visitors. We summarize some of the key findings from one of the most thorough studies to date, the E-commerce Trust Study (Cheskin Research and Studio Archetype/Sapient, 1999). By applying the six key elements found to communicate online trustworthiness, you can build a web site that will encourage considerable e-commerce:

1. Seals of Approval. Web-based seals using the leading-edge technologies are the most effective method of communicating trustworthiness.

2. Brand. "Dirt world" brand recognition can bring clients to a web site. However, familiarity with a brand does not communicate trust. In fact, some of the best known brands are not seen as the most trustworthy. Add to this that any brand familiarity established off line is quickly replaced by the attributes established online. Finally, web-based brands consistently brand themselves better online than traditional retail competitors.

3. Navigation and Fulfillment. Navigation refers to the ease of finding what a visitor wants. Any new web-based brand must build in excellent navigation if it is to be trusted. Fulfillment refers to how orders will be processed and recourse procedures if there are problems. For lesser-known brands, navigation of, and fulfillment from, their web site play significant roles in establishing trust.

4. Same as 3.

5. Presentation. Web sites with the following presentation characteristics communicated trustworthiness: layout that clearly conveyed the purpose of the site; exceptional layout craftsmanship; and similarity with other sites that are trusted.

6. Technology. Users feel that a professionally run site using the latest technology, even if this technology is difficult to fully comprehend, is more trustworthy. The more functional and faster the site, the more the web site was considered worthy of trust.

Privacy Policies

One of the critical ways to establish a web site that is considered trustworthy is to develop and publicize a substantial privacy policy. This message has sparked some frantic, if not well thought out, activity. A report to the Federal Trade Commission in May of 1999 revealed that only modest advances have been made in the development of consistent and meaningful privacy.

Because so few firms are developing meaningful privacy policies, this provides real opportunities for businesses to distinguish themselves from traditional and non-traditional competitors. We summarize the report's key finding which suggests critical elements of a web privacy policy. We also identify additional guidelines if you are determined to develop a privacy policy that will build trust between you and your customers.

Georgetown Internet Privacy Policy Survey key finding: only 10% of web businesses place statements to offer and inform visitors of the following:

- What information is collected, how information is collected, how the information will be used and whether it uses or does not use Cookie technology.

- A choice about being contacted again by the same organization and a choice about having non-aggregate personal information collected by the web site disclosed to other parties.

- An opportunity to review or ask questions about the information the site has collected and whether the site discloses how inaccuracies in personal information are handled.

- Methods used to protect information during transmission and during subsequent storage.

- A contact number if a consumer wishes to ask a question about the site's information practices or to complain to the company or another organization about privacy.

Additional guidelines for developing your web site's privacy policy include:

- Disclose what choices are available to users regarding the collection, use and distribution of visitors' private information.

- Explain the measures employed to ensure the confidentiality, integrity and quality of the visitors' private information.

- Identify with whom visitors' private information will be shared.

- Provide your visitors choices concerning the degree to which they want to disclose information. Do not intend/declare that you will collect information and only cease collection if consumers choose to opt-out.

- Integrate your Internet privacy policy into your general business privacy policy and make it easily accessible from any point of the web site.

- Use third-party authentication for added credibility.

- Make clear for yourself, and for your visitors, where your site begins and ends. The trend towards shared content and "sites within sites" create data privacy confusion about whose privacy policy is in operation. Have clearly agreed ownership of customer information and explain to the customer the various uses to which the data may be put.

Seals of Approval

Online seals of privacy are sprouting up quickly in response to the increasing volume of business conducted on the Internet. Since online seals are granted to businesses, the firm bestowing these seals needs to be carefully considered. When evaluating online seals it's important to make sure these third-party issuers meet the following criteria:

- They are held accountable by a professional association.

- They are willing to disclose to consumers their standards for bestowing the online seal.

- They have a rigorous method for measuring compliance to their standards.

- They review enterprises awarded seals at least three times a year.

Only WebTrust meets or exceeds the above criteria - and only WebTrust has professionally developed principles and criteria for the conduct of online commerce. WebTrust was created by the professional accounting bodies in Canada and the United States for the sole purpose of enhancing business on the Internet. WebTrust services are now offered by CAs and CPAs in Canada, the US, England, Australia, Scotland, Ireland and soon in France and Hong Kong.

The WebTrust Global Information site is at www.WebTrust.net

Overtime, consumers and businesses alike will change their expectations of what privacy on the Internet is, and what it should be. Businesses hold the best opportunity to shape these expectations by providing what clients want - commitment to their privacy. By carefully integrating web design principles, developing a meaningful privacy policy and adopting an online seal of approval businesses can:

- Demonstrate their devotion to client needs;

- Enhance the volume of e-commerce conducted on their web site;

- Achieve return on investment in the web; and

- Reduce the likelihood of governments enforcing regulations that impede commerce.

Bennett Gold LLP invites your questions, comments and feedback: E-Mail: action@BennettGold.ca Telephone: 416-449-2249. Read Bennett Gold LLP's Privacy Policies and Practices.

WEBTRUST is a trade mark of the Canadian Institute of Chartered Accountants. All other cited trade names and marks are property of their respective owners.

BennettGold.ca is a P3P compliant and W3C validated web site, coded and developed by Planetcast.