Over one in three people -- 35% -- would not be at all comfortable with their online actions being profiled, but four in five -- 82% -- are not at all comfortable with online activities being merged with personally identifiable information, such as "your income, driver's license, credit data, and medical status."

"Concern is rising over privacy on the Net, with a clear majority -- 57% -- now favoring some sort of laws regulating how personal information is collected and used. Regulation may become essential to continued growth in e-commerce, since 41% of online shoppers say they are very concerned over the use of personal information, up from 31% two years ago. Perhaps more telling, among people who go online but have not shopped there, 63% are very concerned."

• The sample consisted of 364 .com Web sites visited by consumers at home drawn from a sampling of 7500 URL's based on unduplicated visits during January 1999. The estimated reach of these sites is 98.8%, meaning that almost all of the Internet commercial traffic runs through these sites. This methodology is quite different than the FTC study so extreme care must be exercised in making direct comparisons.

• Only 9.5% of Web sites had an adequate privacy policy that addressed the important issues of notice, choice, access, security and had contact information for the site. The survey was not judging quality of the notice only the mention of the practice. The 1998 FTC study showed that only 2% of sites had good notice so, while there has been an increase in sites with policies, the vast majority of sites still do not have policies.

• 92.9% of the sites were collecting personally identifiable information. Of these sites 65.7% (237) of the sites had at least one type of privacy disclosure (a privacy policy notice or an information practice statement). This disclosure ranged from a simple notice telling consumers that there information was securely transmitted to detailed privacy notice.

• Of those 237 sites , 14.8% had adequate notice. 87% contained at least some requirement of consumer notice, 77% contained one element of consumer choice, 40% contained some information on how consumers can access or at least correct inaccurate information, 46% had some mention.

• Internet users are more likely to provide information when they are not identified. When presented with scenarios involving the provision of personal data to Web sites, respondents were much less willing to provide information when personally identifiable information was requested.

• Some types of data are more sensitive than others. Respondents were generally comfortable providing preference information to Web sites. However, they were often very uncomfortable providing credit card numbers and social security numbers.

• Many factors are important in decisions about information disclosure. When deciding whether to provide information to Web sites, respondents reported that the most important factor is whether or not information will be shared with other companies and organizations.

• Acceptance of the use of persistent identifiers varies according to their purpose. Fifty-two percent of respondents indicated they were concerned about Web cookies, and another 12% said they were uncertain about what a cookie is. Of those who knew what cookies were, 56% said they had changed their cookie settings to something other than accepting all cookies without warning. However, 78% of respondents said they would definitely or probably agree to Web sites using persistent identifiers (possibly implemented using cookies) to provide a customized service. Fewer (60%) would agree to the use of such an identifier to provide customized advertising, and fewer still (44%) would agree to using the identifier to provide customized advertising across many Web sites.

• Internet users dislike automatic data transfer. While respondents said they are interested in tools that make using the Web more convenient, most do not want these tools to transfer information about them to Web sites automatically.

• Internet users dislike unsolicited communications. Respondents indicated a strong desire to avoid unsolicited communications resulting from providing information to Web sites. For example, 61% of respondents who said they would be willing to provide their name and postal mail address to a site in order to receive free pamphlets and coupons said they would be less likely to provide the information if it would be shared with other companies and used to send them additional marketing materials.

• A joint program of privacy policies and privacy seals seemingly provides a comparable level of user confidence as that provided by privacy laws. Respondents were given a scenario in which a Web site with interesting information related to a favorite hobby asks for a visitor's name and postal address in order to provide free pamphlets and coupons. Of the respondents who were unsure or said they would not provide the requested information:
  • 48% said they would be more likely to provide it if there was a law that prevented the site from using the information for any purpose other than processing the request,

  • 28% said they would be more likely to provide it if the site had a privacy policy,

  • and 58% said they would be more likely to provide it if the site had both a privacy policy and a seal of approval from a well-known organization such as the Better Business Bureau or the AAA.

  On the other hand, when asked about online privacy seal programs without mentioning any specific brand names, respondents showed that they do not yet understand how Internet seal programs work.

• Like the CDT survey, the Westin study found that although the number of people who report actual violations is small (8%), concern about privacy violations in general is much higher (50%). The small number of people reporting violations may well result from users limiting their Internet use out of fear of privacy violations. It may also reflect the common difficulty in determining whether one's privacy has been violated.

• Of those Web users responding to the survey, very few reported having seen sites with open and prominent statements of information practices.

• Like the CDT survey, the Westin study revealed that few people are aware of software controls which could improve their online privacy protection.

• Upon visiting a Web site and seeing a request for information, consumers want to know what that information will be used for, and want the ability to control or limit those uses.

• Particularly in the case of children's use of online resources, respondents felt strongly (97%) that information should not be used for company or third party use; in addition, 96% of Internet parents believe companies should be legally liable for failure to comply with privacy standards.

• Almost two-thirds of non-Internet users would be more likely to start using the Net if the privacy of their personal information and communications were protected.

• Privacy was the number one reason individuals are choosing to stay off the Internet, coming in well ahead of cost, concerns with complicated technology, and concerns with unsolicited commercial email.

• Over half of the respondents believe government should regulate the collection of personal information the Internet; and,

• 80% are "very" or "somewhat" concerned with using a credit card to make an online purchase.

The full results will be released in the September issue.

• Privacy now overshadows censorship as the number one most important issue facing the Internet;

• Users consistently dislike cookies, as well as any other method of identifier that labeled users through multiple sessions at a site -- though much of the population is unaware of what cookies are and what they do.

• In order to protect their privacy, significant numbers of people falsify information online.

• Users regularly falsify information provided for online registrations, and seriously value their anonymity. The most common reason for not registering is the lack of s statement about how the information will be used. In addition, the GVU study showed that users would rather not access a site than reveal information;.

• Almost all of the respondents thought private Internet communication should be possible, and think new privacy protection laws for the Internet should be developed.

• Users have a "measurable degree of anger" about online privacy issues and consider junk e-mail intrusive.

• A trust relationship must be enhanced in the online world in order to realize the commercial potential of the technology.

• The study concluded that the Internet heightens people's privacy concerns.

• Users perceive that online businesses can correlate data more quickly and completely than "real world" businesses can.

• Respondents reported that they are sometimes asked to give more detailed information online than they would in a normal off-line situation.

• This concern has caused users to limit their engagement in electronic commerce. When they do engage in electronic commerce, consumers tend either to opt out or submit false information.

• As in the CDT study, respondents to the Boston study reported significant concern about sites monitoring their browsing, and responded that they would pay a higher price for goods and services online if given privacy assurance.

• Not surprisingly, the survey showed that if sites disclosed uses for collected information, people would be more willing to provide that information.

• revealed that in 70% of instances where users were asked to provide information in order to access an online informational resource, those users did not pursue the resource because they thought their privacy would be compromised; and

• underscored users' tendency to refrain from visiting sites in order to preserve their anonymity. Users appear to consider that anonymity the most certain way to protect their online privacy, and restrict their online activities in order to maintain that anonymity.

  The study also concluded that consumers favor anonymous of one-to-one transactions on the Internet, and that consumers would like to see third-party confirmation of privacy practices.

• An overwhelming majority of respondents avoid registering at web sites and giving out personal information for fear of the privacy implications.

• While over half of the respondents did not inquire about the information practices of their online service providers, 95% said they were interested in the privacy policies of Web sites.

• Although less than a quarter of the respondents reported experiencing a violation of their online privacy, a majority were concerned about others collecting information about them, as well as the potential for harm from the misuse of that information.

• Of those respondents actively taking steps to protect their online privacy , relatively few use solutions such as the "Anonymizer" or an anonymous remailer. Slightly more reported encrypting their e-mail, disabling the cookie function in their Web browser, or providing false information when asked to register at a Web site. Using multiple e-mail addresses and turning on the "cookie prompt" were the technical solutions most commonly employed.

• Among the few respondents who reported using the "Anonymizer," only two use it regularly -- most use the program only occasionally. This may reflect the users' desire for added privacy protection depending on the access point, the information sought, or the Web site visited.

• When faced with protecting their children's privacy online, most parents who responded use "low-tech" approaches -- similar to those used in the "real world" -- such as instructing kids not to give out personal information, or limiting their children's access to the Internet or the Web.

• Tracking people's use of the Web, and the sale of personal information, were cited as the most pressing privacy issue on the Internet. While junk e-mail rated third in terms of overall privacy concern, it generated the largest number of anecdotal complaints.