EMC has just announced the results of research into the attitudes of consumers around the world towards privacy, particularly in terms of the often conflicting requirements of online convenience and online privacy. The research results were formulated into the EMC Privacy Index: a numerical ranking of countries in terms of the predominant attitudes of consumers in each country with regards to this issue. The results are interesting in terms of the profile it indicates for the various countries. But even more striking is the generally consistent attitude towards online privacy and online convenience, captured in three paradoxes that summarize the results of the study:
- The “We want it all” paradox. Consumers say they want all the conveniences and benefits of digital technology, while at the same time wanting to retain all of their personal privacy.
- The “Take no action” paradox. Although privacy risks directly impact many consumers, most take virtually no action to protect their privacy, instead placing the onus on government and businesses.
- The “Social sharing” paradox. Users of social media sites claim they value privay, zet freely share large quantities of personal information, depsite lacking confidence in instituions that protect that information.
Here are a closer look at some of the global survey results across 15,000 consumers in 18 countries:
These paradoxes are not surprising. They reflect what we have heard from many other sources regarding consumer attitudes, as well as discussions that remain highly visible in the media, such as in terms of Google’s recent announcements regarding the right to be forgotten. But the study is extremely valuable in addressing these issues with a rigorous methodology and on a world-wide basis. The report is well worth the attention of everyone who is concerned about their own online privacy or who is responsible for the online privacy of others.
What are the implications for government and industry, given consumer expectations that these organizations should be taking the lead in ensuring their online privacy? It is clear that the public expects government to support the protection of consumer privacy as it does consumer safety. But that does not mean that what actions to take is obvious. Should the focus be on supporting work in the standards community related to privacy, such as the Privacy Management Reference Model being developed in OASIS? Should the focus be on legislative and regulatory approaches, such as the development of new privacy regulations in the European Union? Should the focus be on educating consumers in best practices that consumers can already engage in to protect their privacy, the best practices that this study indicates are often neglected by consumers?
The study indicates both the critical need and the opportunity for governments to take the lead in helping consumers with these paradoxes. But it aso indicates that there are things industry can and should do immediately that will help in addressing these paradoxes. One of the insights from the study is that consumers generally have the highest confidence in financial institutions in terms of protecting consumer privacy. This is very likely precisely because of the capabilities that many financial institutions have put in place to accomplish that complementary role of security and privacy that I have written about in earlier blogs, through capabilities such as risk-based models for authentication. The visibility that many financial institutions give to questions of security and privacy also promotes consumer confidence in their concern about privacy.
We in the industry have a unique opportunity to challenge the paradoxes of privacy, to respond to them by helping consumers be more secure and more private. It’s a challenge that many of us already are responding to. I hope this report encourages everyone engaged in security to take those challenges even more seriously.