Why do Americans trust the U.S. Postal Service with their personal information more than the U.S. Central Intelligence Agency (CIA), the U.S. Department of Homeland Security and the U.S. Department of Justice? The reason may not be that surprising. According to the results of our first annual Privacy Trust Survey (PTS) of the United States Government, it seems to be due to the personal relationship we have with the friendly mail carrier who brings us our birthday cards and holds our mail when we go on vacation.
Americans also have confidence in the Department of Veterans Affairs and the Internal Revenue Service. These are organizations many of us have contact with on a regular basis and probably have the most understanding of how they collect and use our personal information.
The study was conducted by Ponemon Institute and sponsored by the CIO Institute at Carnegie Mellon University to determine how people feel about the handling of their personal, sensitive data by 60 U.S. governmental organizations.
We surveyed some 6,300 adults across the country about how much of a privacy commitment they thought government entities had towards the personal information of citizens. This information includes names, addresses, telephone numbers, e-mail addresses, Social Security numbers, other personal identification numbers, access codes, age, gender, income tax information, travel information and account activity.
There were three possible responses for each government organization listed in the survey: – Yes, I am confident that the government organization is committed to protecting the privacy of my personal information; No, I am not confident that the government organization is committed to protecting the privacy of my personal information; and I am unsure if the organization is committed to protecting the privacy of my personal information.
The overall average PTS score was 52 per cent. There was also a very high level of Unsure responses (more than half of all responses). This suggests that the public has a lot of uncertainty about the privacy practices of the government organizations presented in our survey.
Privacy commitment in the survey was defined as “an obligation by the specified government organization to keep your personal information safe and secure,” and included “the commitment not to share your personal information without a just cause or without obtaining your consent to do so.”
Since Sept. 11, there has been much debate about the possible invasion of our privacy by government in order to achieve greater security. We wanted to determine if this discussion has influenced citizens’ perceptions about how diligent the government is in protecting and respecting personal information. According to the survey, respondents ranked loss of civil liberties, surveillance of personal life, monitoring of e-mail and Web activities as issues of greatest concern to them.
The overall results of the survey showed that 83 per cent of Americans surveyed consider privacy a matter that is important or very important to them. However, many respondents indicated that they have a high level of uncertainty about the government agencies that collect and use that information, thus creating a negative impression of those organizations. The survey also showed that protecting personal information is important to people of all ages, education and income levels.
While data privacy should be a top priority for any organization, government agencies have a greater responsibility to protect personal information because of the quantity collected and the often sensitive nature of that information. As I have noted, Americans ranked the U.S. Postal Service as the number one government organization that takes this priority seriously. Other “trusted” agencies included the Department of Veterans Affairs, Internal Revenue Service, Social Security Administration and the Federal Trade Commission.
It also seems the organizations that scored high are those that have held the trust of the American public for many years. Among organizations that didn’t enjoy a high PTS rating were the Department of Justice, the CIA and the Office of the Attorney General, which all scored a PTS below 30 per cent. However, a low score doesn’t necessarily mean that these organizations have poor information handling practices.
With most of the low-scoring organizations, there were also a high number of Unsure responses. This suggests that negative perceptions about an organization’s privacy practices are driven more by uncertainty, than by knowledge of carelessness or lax policies.
It seems that one way to gain Americans’ trust would be for these organizations to be more proactive in communicating their privacy policies and discussing what measures they are taking to protect personal information. This is a lesson that many companies have learned and one that government should now study.
If you are interested in obtaining a copy of the first annual Privacy Trust Survey of the United States Government, please send an e-mail to research@ponemon.org.