Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       


2012 Most Trusted Companies for Privacy - Study of Consumers in the United States

Part 1. Executive Summary

Ponemon Institute's Most Trusted Companies for Privacy Study |1| is an objective study that asks consumers to name and rate organizations they believe are most committed to protecting the privacy of their personal information. This annual study tracks consumers' rankings of organizations that collect and manage their personal information.

More than 100,000 adult-aged consumers were asked to name up to five companies they believe to be the most trusted for protecting the privacy of their personal information. Consumer responses were gathered over a 15-week period concluding in December 2012 and resulted in a final sample of 6,704 respondents who, on average, provided 5.4 discernible company ratings that represent 25 different industries.

The top 10

American Express
Hewlett Packard
US Postal Service
Procter & Gamble

Following are our most salient findings:

  • American Express (AMEX) continues to reign as the most trusted company for privacy among 217 organizations rated in our most trusted companies list.
  • New entrants to this year's top 20 most trusted list includes: Microsoft (ranked 17), United Healthcare (ranked 18) and Mozilla (ranked 20).
  • Healthcare, consumer products, and banking are the industry segments considered by consumers to be the most trusted for privacy (among 25 industry categories). In contrast, Internet and social media, non-profits (charities) and toys are viewed as the least trusted for privacy.
  • Seventy-eight percent of respondents continue to perceive privacy and the protection of their personal information as very important or important to the overall trust equation. Further, the importance of privacy has steadily trended upward over seven years.
  • While most individuals say protecting the privacy of their personal information is very important, 63 percent of respondents admit to sharing their sensitive personal information with an organization they did not know or trust. Of those who admit to sharing, 60 percent say they did this solely for convenience such as when making a purchase.
  • Fifty-nine percent of respondents believe their privacy rights are diminished or undermined by disruptive technologies such as social media, smart mobile devices and geo-tracking tools. Fifty-five percent say their privacy has been diminished by virtue of perceived government intrusions.
  • Only 35 percent of respondents believe they have control over their personal information and this result has steadily trended downward over seven years.
  • Less than one-third (32 percent) of respondents admit they do not rely on privacy policies or trust seal programs when judging the privacy practices of organizations they deal with. When asked why, 60 percent believe these policies are too long or contain too much legalese.
  • Forty-nine percent of respondents recall receiving one or more data breach notifications in the past 24 months. Seventy percent of these individuals said this notification caused a loss of trust in the privacy practices of the organization reporting the incident.
  • Seventy-three percent of respondents believe the substantial security protections over their personal information is the most important privacy feature to advancing a trusted relationship with business or government organizations. Other important privacy features include: no data sharing without consent (59 percent), the ability to be forgotten (56 percent) and the option to revoke consent (55 percent).
  • The number one privacy-related concern expressed by 61 percent of respondents is identity, closely followed by an increase in government surveillance (56 percent).

We believe this research provides an unambiguous measure of how consumers perceive the privacy and personal data protection practices of specific organizations. While perception is not a perfect substitute for reality, in our experience this aggregated consumer view is an important indicator.

We offer a cautionary note about the results of this year's study. Based on previous consumer studies, we have found that consumer perceptions about privacy can be influenced by a number of extraneous factors. In fact, the ratings may not reflect at all the actual privacy practices of the company and its efforts to protect the personal information of its customers and employees. Further, what a company does in the area of privacy and data protection can be invisible to the consumer until he or she experiences a problem and seeks redress or has a question about the organization's privacy and data protection practices that needs to be answered.

Some factors influencing consumers' perceptions about a company's privacy commitments may include opinions about brand or product, personal experiences with a website, and how well the company's advertising messages resonate with them. In addition, favorable privacy trust perceptions may result when a customer receives exceptional value from goods or services received. We also believe media coverage of companies experiencing data breach or other negative stories can significantly influence privacy trust perceptions.

Part 2. Survey Method

Our Web-based research study asked respondents to name up to five companies in 25 different industries they believe to be the most trusted for protecting the privacy of their personal information. Our survey procedures also asked respondents to name one to five companies they believed to be least trusted when handling their personal information. Company names were not provided as a pull down list. The survey instrument allowed each participant to freely select the organizations believed to be most trusted for privacy. |2|

Participants were asked to apply the following definitions when determining the companies they trusted most for privacy:

  • Personal information - Information about yourself and your family. This information includes name, address, telephone numbers, e-mail address, Social Security number, other personal identification numbers, access codes, age, gender, income and tax information, purchases, website preferences, health information, account activity and many other pieces of data about you and your household.
  • Privacy trust - Your belief that the company is honoring its privacy commitments to you and keeping your personal information safe and secure. This includes its commitment not to share your personal information unless there is a just cause or you have given your consent.

The survey was fielded over a 15-week period ending in December 2012. This effort resulted in a total sample of 6,704 useable responses. Participants were asked to write-in up to five companies that they trust the most for protecting the privacy of their personal information. These favorable responses were used to compile a list of the most trusted companies for privacy. This year's aggregated list consists of 217 discernible company names, compiled from 39,890 individual company ratings. |3|

Using the same ranking procedures as in our earlier studies, we carefully executed the following decision rules to compile this year's list of most trusted companies for privacy:

All companies with 20 or more individual favorable (positive) ratings were included in the initial ranking procedures mentioned below.

A combined rating system composed of three ranking procedures was used to determine the overall rank of a given company. Following are the three different rating procedures:

  • R1: The rank order of a given company based on the net positive responses. While this metric is unambiguous, it is biased. That is, larger-sized companies would be more likely to achieve a higher net response than small companies.
  • R2: The rank order of a given company based on the percentage of "first place" ratings. This is an unbiased metric because the percentage is not associated with the size of a given company or brand name.
  • R3: The rank order of a given company based on the ratio of positive to negative ratings. This metric is biased to favor smaller companies because they are more likely to have a fewer number of negative ratings than larger companies (thus cancelling out the size bias caused by R1).

Because our work focuses on companies viewed as the "most trusted" for privacy, all unfavorable ratings were excluded from further analysis after compiling the master list of 217 of most trusted companies.

Table 1 shows this year's sample response statistics. As reported, the response rate is 6.6% and a final sample size of 6,704 usable responses. On average, respondents provided 2.8 favorable company ratings and 2.6 unfavorable company ratings. Both the favorable and unfavorable ratings were then used to derive the three separate ranks described above.

Table 1: Sample response FY 2012
Total sample frame 101,675
Total responses 7,001
Total rejections 297
Total usable responses 6,704
Total positive & negative ratings 39,890
Average number of ratings per subject 5.4
Average number of favorable ratings 2.8
Average number of unfavorable ratings 2.6
Number of separate companies identified 709
Number of companies with > 20 positive ratings 217
Response rate 6.6%

Pie Chart 1 shows the geographic distribution of respondents across six regions of the United States. Please note that this study only obtained information from people living in the United States (not including U.S. territories). Our sampling procedure attempted to screen out individuals who were below 18 years of age and who were not citizens or permanent residents. The largest segment includes individuals from the northeast (n=1,255) and the smallest segment includes individuals from the southeast (n=895).

Pie Chart 1: Sample distribution by U.S. geographic regions

Fifty-three percent of respondents are female and 47 percent male. The average age of respondents is 34.6 years (median age at 35.0 years). The extrapolated median household income of respondents is $55,900.

Part 3. Results

Bar Chart 1 shows the top 10 list of most trusted companies in ascending order based on the combination of three rank scores as described above. The number next to each bar reflects the combined score for each company. Like a golf score, a low combined rank is more favorable than a high combined rank. As can be seen, AMEX achieves the top position in this year's study, followed by Hewlett Packard (HP), Amazon and IBM. |4| Also noteworthy, the US Postal Service (USPS) achieves the top trust rating among all other governmental entities.

Bar Chart 1: The top 10 most trusted companies for privacy

As shown in Bar Chart 2, the average trust score for the top 10 companies is 99. The average score for the top 20 companies is 149. The first quartile averages 210 points and the fourth (lowest) quartile averages 563 points.

Bar Chart 2: Average trust scores for the top 10, top 20, first quartile and fourth quartile

Table 2 lists the top 20 most trusted companies for privacy. Last year's results are shown for comparison purposes. As shown, 22 companies are listed because of tied ranks. Also noted, three companies ranked this year were not ranked last year - including Microsoft (ranked 17), United Healthcare (ranked 18) and Mozilla (ranked 20).

Table 2: Top 20 performers 2012 Rank 2011 Rank
American Express 1 1
Hewlett Packard 2 2
Amazon 3 5
IBM 4 3
US Postal Service 4 6
Procter & Gamble 6 6
USAA 7 11
Nationwide 8 8
eBay 9 4
Intuit 10 10
Verizon 11 12
Johnson & Johnson 12 7
FedEx 12 15
WebMD 13 9
Weight Watchers 14 17
U.S. Bank 15 16
Disney 16 16
Microsoft 17 NR
United Healthcare 18 NR
VISA 18 16
AT&T 19 19
Mozilla 20 NR

*NR = Not rated in the stated year

The following table lists 25 industry sectors (clusters) in ascending order based on average trust rating. The top rated company for privacy trust for each industry sector is also listed. The top five industries for privacy trust are: healthcare, consumer products, banking, communications and technology & software. In contrast, the bottom five industries are: Internet & social media, nonprofit, toys & games, airlines and conglomerates.

Table 3. Top ranked companies by industry

Industry Top company in industry Industry rank Cluster size
Healthcare WebMD 1 11
Consumer products Procter & Gamble 2 12
Banking U.S. Bank 3 9
Logistics US Postal Service 4 4
Communications Verizon 5 5
Technology & software Hewlett Packard 6 10
Financial services (general) American Express 7 12
eCommerce* Amazon 8 15
Entertainment Disney 9 7
Insurance USAA 10 9
Brokerage Scottrade 11 5
Pharmaceuticals Eli Lilly 12 6
Transportation BMW 13 6
Health & beauty Weight Watchers 14 7
Energy BP 15 5
Hospitality Westin 16 8
Personal services Angie's List 17 9
Media PBS 18 5
Retail Nordstrom 19 26
Food service Whole Foods 20 6
Conglomerate Emerson 21 5
Airlines Southwest 22 4
Toys & games Hasbro 23 6
Non-profit NRA 24 13
Internet & social media* Mozilla 25 12

Total 217

*Note: The eCommerce subgroup consists of Internet retailers (merchants). All other Internet companies are contained in the Internet & Social Media subgroup.

Bar Chart 3 presents what consumers say are their most significant privacy-related threats. As shown, fear of identity theft is the most significant privacy concern followed by increased government surveillance. Data breach notification, violation of civil liberties and annoying background chatter in public venues are also rated as significant privacy concerns.

Bar Chart 3: What consumers consider the most significant privacy-related threats
More than one response permitted

Graph 1 shows two trend lines complied from seven annual studies. The bottom line pertains to consumers' sense of control over their personal information. The downward slope suggests that over time consumers perceive a loss of control over their personal information (from a high of 56 percent in FY 2007 to a low of 35 percent in FY 2012). The top line pertains to the importance consumers attach to their privacy (very important and important response combined). Despite a loss of control, the upward slope suggests privacy preferences have increased in importance for consumers over time (from a low of 69 percent in FY 2007 to a high of 78 percent in 2012).

Graph 1: Seven-year trend on control over personal information and importance of privacy

Pie Chart 2 summarizes consumers' response to the question, "Did you ever share your sensitive personal information such as Social Security number, credit/debit card details, passwords, date of birth, or other private facts to an organization you did not know or trust?" As shown, 63 percent said yes and another 25 percent can't recall. Only 12 percent said no. Despite the importance of privacy, many consumers appear to be careless in protecting their personal information. When asked why they shared their sensitive personal information, 60 percent said convenience (such as when making a purchase). Another 26 percent said they gave this data to enter a promotion or contest.

Pie Chart 2: Did you ever share your sensitive personal information with an organization you do not know or trust?

Pie Chart 3 summarizes consumers' response to the question, "Have your privacy rights been diminished over time?" As shown, 61 percent said yes and 28 percent said no. When asked why they chose yes, 59 percent said disruptive technologies such as smart phones, geo-tracking and social media. Fifty-five percent said increased government intrusions.

Pie Chart 3: Have your privacy rights have been diminished over time?

Pie Chart 4 summarizes consumers' response to the question, "Do you rely on privacy policies or web seals to determine the privacy practices of organizations you deal with?" As shown, only 32 percent said yes and 58 percent said no. When asked why they do not rely on privacy policies, 60 percent said these policies were too long or contained too much legalese.

Pie Chart 4: Do you rely on privacy policies or web seals to determine the privacy practices of organizations you deal with?

Nearly half (49 percent) of respondents in this year's study recall receiving one or more data breach notifications over the past 24 months. For those who recall this incident, Pie Chart 5 summarizes their response to the question, "Did data breach notification cause you to lose trust in the privacy practices of the organization reporting the incident?" As shown, 70 percent said this incident diminished their trust in the organization reporting the incident.

Pie Chart 5: Did data breach notification cause you to lose trust in the privacy practices of the organization reporting the incident?

Bar Chart 4 reports eleven (11) privacy features consumers view as important or very important to advancing a trusted relationship with business or governmental organizations. As can be seen, substantial security protection, no sharing without consent and the ability to be forgotten are viewed as the top three most important privacy features considered by consumers in our study. In contrast, clear policies, access to personal data and data accuracy are the bottom three most important privacy features.

Bar Chart 4: What consumers consider the most important privacy features
Very important & important response combined

The above findings suggest that privacy matters to consumers. We believe companies that implement responsible information management practices across the enterprise are likely to enjoy consumer support, loyalty and participation in marketing campaigns.

Part 4. Limitations

There are inherent limitations to survey research that need to be carefully considered before drawing inferences from the presented findings. The following items are specific limitations that are germane to most survey-based research studies.

  • Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of adult-aged consumers located in all regions of the United States, resulting in a large number of usable returned responses. Despite testing for non-response bias, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the survey.
  • Sampling-frame bias: The accuracy of survey results is dependent upon the degree to which our sampling frame is representative of the American public.
  • Self-reported results: The quality of survey research is based on the integrity of confidential responses received from respondents. While certain checks and balances were incorporated into our survey evaluation process including sanity checks, there is always the possibility that some respondents did not provide truthful responses.
[Source: Ponemon Institute LLC, 28Jan13]

Appendix 1. Seven Year History of the Top 20 Performers

Top performers over 7 years 2012 2011 2010 2009 2008 2007 2006 Seven Year Average
American Express 1 1 1 1 1 1 2 1.1
Hewlett Packard 2 2 4 6 16 4 5 5.6
Amazon 3 5 8 4 5 2 4 4.4
IBM 4 3 2 3 3 8 7 4.3
US Postal Service 4 6 6 6 7 7 6 6.0
Procter & Gamble 6 6 7 7 9 3 3 5.9
USAA 7 11 9 11 15 20 NR 12.2
Nationwide 8 8 8 9 9 NR NR 8.4
eBay 9 4 5 2 8 5 1 4.9
Intuit 10 10 11 12 19 NR NR 12.4
Verizon 11 12 14 17 NR NR NR 13.5
Johnson & Johnson 12 7 3 5 6 14 14 8.7
FedEx 12 15 18 18 NR NR NR 15.8
WebMD 13 9 10 13 12 NR NR 11.4
Weight Watchers 14 17 16 NR 20 13 19 16.5
U.S. Bank 15 16 15 19 17 NR 14 16.0
Disney 16 13 12 16 15 20 11 14.7
Microsoft 17 NR NR NR NR NR NR 17.0
United Healthcare 18 NR NR NR NR NR NR 18.0
VISA 18 16 NR NR NR NR NR 17.0
AT&T 19 19 20 NR NR NR NR 19.3
Mozilla 20 NR NR NR NR NR NR 20.0
Apple NR 14 12 8 NR NR NR 11.3
Harley Davidson NR 18 NR NR NR NR NR 18.0
Google NR 19 13 NR 10 10 NR 13.0
Best Buy NR 20 NR NR NR NR NR 20.0
Charles Schwab NR NR 15 10 2 12 NR 9.8
Facebook NR NR NR 15 NR NR NR 15.0
Yahoo NR NR 17 14 4 6 NR 10.3
Dell NR NR 20 20 13 8 10 14.2
Walmart NR NR 20 NR NR NR NR 20.0
AOL NR NR NR 16 4 6 NR 8.7
ELoan NR NR NR 20 11 16 17 16.0
Countrywide NR NR NR NR 14 NR NR 14.0
Bank of America NR NR NR NR 18 NR 12 15.0

*NR = Not rated in the stated year


1. This research series has been conducted by Ponemon Institute over the past seven years using the same methodology. [Back]

2. In earlier studies we provided the respondent with a choice of a free-form (contextual) field or selection of a given company from a pull-down menu sorted by alpha and industry. Generally, respondents found the free-form field rather than the pull-down list to be more usable. [Back]

3. A total of 709 company names were captured from 39,890 individual ratings. A subset of 217 companies met the criteria for inclusion in this year's most trusted company for privacy list. [Back]

4. AMEX has achieved the top privacy trust rating for six consecutive years (since 2007). [Back]

Tienda de Libros Radio Nizkor On-Line Donations

DDHH en Espaņa
small logoThis document has been published on 16May13 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.