For the second straight year, American Express is the top-rated company in the U.S. for privacy based on responses from more than 7,000 participants in an online survey conducted by Ponemon Institute, a U.S.-based privacy think tank.
Following it are The Charles Schwab Corp. and IBM, both of which moved up a few notches from their rankings of 12 and 8, respectively, in the same survey last year.
Ponemon Institute's annual survey asks Web users to pick up to five companies that they respect the most and the least for privacy practices. Instead of asking respondents to pick from a preselected list of companies, each respondent is free to select organizations of their choice. Companies that are mentioned by fewer than 20 people are dropped from the final list.
Participants are asked to make their decisions based on their perception of how a company might be collecting, using and protecting personal information such as names, addresses, telephone numbers, Social Security numbers and other data.
This year's results show that companies that score highly on the privacy front are also those that are viewed as respecting their customers the most, said Larry Ponemon, chairman of the institute. The companies have a good overall reputation for quality products and services and have clearly defined policies and disclosure practices surrounding the data they collect and how it is used, shared and protected, he said.
"It is not initially a privacy issue," Ponemon said. "Initially, it is about respect and trust and how the organization respects them as customers" that appear to be most important factors for survey respondents. "People will really say, 'I like an American Express or a Company X because I trust them,'" he said. "If you don't meet that trust threshold, you won't make the privacy list."
At the same time, data breaches and the overuse of online marketing tactics such as the use of too many pop-up advertisements had a negative effect on consumer perceptions of privacy, Ponemon said. "People associate annoying and irrelevant advertising with an abuse of privacy. If you're a privacy officer, there is clear evidence in our research that bad or overly aggressive marketing does have an effect on privacy trust scores."
Data breaches are, however, the No. 1 reason for an erosion in trust, Ponemon said. "We do know that perceptions are very volatile," he said. "They do change based on events. If an organization has a significant data breach or privacy event that was in the newspaper, it would drive perceptions down."
One example is Hewlett-Packard Co., which dropped from fourth spot last year to 16th in this year's survey. The negative publicity surrounding the company's pretexting practices and a boardroom scandal appears to have hurt the company's privacy rankings, Ponemon said.
At the same time, many companies that suffered from similar problems appear to regain some of the lost trust over time, he said.
The remaining companies in the top 10 list this year are AOL, followed by Amazon.com, Johnson & Johnson, the U.S. Postal Service, eBay, Procter & Gamble and Nationwide Investment Services -- which were tied for ninth place -- and Google.
From an industry group standpoint, organizations in the health care sector scored the highest for privacy. Next were consumer product companies, package and delivery firms, and banks and brokerages. Industry groups that did not fare as well included airline companies, food service and toy companies, and nonprofit organizations.