A preliminary investigation of Web retailers' online privacy practices.

Kunz, Michelle B. ; Cheek, Ron G.

ABSTRACT

This study will analyze the Web sites of online retailers identified as The 50 Best Web Retailers by Internet Retailer.com. The study examines the privacy policies and third-party seals of endorsement found on these sites. Preliminary results indicate as with previous surveys, only a small portion of the Web retailers belong to any third party seal program. Additionally, a large percentage collect personal information from consumers, and the vast majority share that information with business affiliates. Furthermore, the majority of sites require consumers to opt-out of such programs, while far fewer take the opt-in approach for sharing collected information. The paper concludes with suggestions for future research, detailing specific methodologies for data collection and analysis, along with additional sampling procedures for comparative analysis.

BACKGROUND

While the US economy has struggled, with traditional brick and mortar retailers experiencing less-than-expected in-store holiday sales, online retail sales have been steadily increasing. Forrester Research predicted U.S. e-commerce sales will reach $230 billion by 2008 (Cantwell, 2003), indicating that online retail sales will steadily increase at a 19% year-over-year growth. The U.S. Census Bureau predicted third quarter 2003 online sales would be 27% greater that third quarter 2002 online sales (Scheleur & King, 2003). Not only is the dollar amount of online sales growing, this channel's portion of overall retail sales continues to increase, and the online portion is predicted to reach 10% by 2008 (Cantwell, 2003).

In spite of continued growth in online sales, consumer concerns relating to online security and privacy issues still plague the online retail venue. Research and consumer surveys indicate privacy concerns can be attributed to non-purchases online, as well as online shopping "drop-outs" from previous years. Personal privacy and security issues are major barriers to utilizing the Web for retail purchases. Consumers indicate that questions about privacy affect their purchasing decisions (Caudill & Murphy, 2000). Well over three-fourths (81%) of consumers express concern about threats to online privacy, and 79% of online purchasers confirm this concern (Oberndorf, 1998). Moreover a University of Pennsylvania Wharton School survey (Hemphill, 2002) determined online shopping dropouts, those individuals who made online purchases one year but did not return to purchase the following year, were primarily attributed to concerns about third-party monitoring-a proxy for privacy. This study found concern about privacy was the highest predictor for non-purchasing online. One of the most frequently cited reasons consumers don't make purchases online is lack of trust. A Business Week/Harris survey in 1999 (Benassi, 1999), found 78% of online users would increase their use of the Internet if privacy practices were disclosed; and an even more compelling, 61% of non-users would be more likely to begin using the Internet if privacy practices were disclosed. A 1998 Greenfield Online study (Yoon, 2002) investigated why respondents had never purchased online. The results found consumers had concerns regarding payment security (75%), payment-clearing structure (46%), company credibility and product return (36%), and the absence of a privacy (33%). Early online shopping research by Kunz (1997, 1998) found slightly more than half of consumers indicated concerns about insecure online transactions as a deterrent to purchasing online. A recent survey conducted by NFO WorldGroup and sponsored by TRUSTe revealed that fears related to privacy were projected to have a significant negative impact on online shopping during the 2003 holiday season (Hodge, 2003). Forty-nine percent of respondents indicated a lack of trust regarding the use of personal information would limit their online shopping activity. About 5.6% indicated they would not shop online at all due to concerns about privacy. The three leading reasons reported by the respondents to this survey for reducing or stopping online shopping included concerns about receiving spam after purchasing a product, fear of identity theft, and the potential for credit card information being stolen.

TRUST AND PRIVACY

As early as 1996, Lori Fena, Director of the Electronic Frontier Foundation cited that lack of trust as a significant impediment to electronic commerce (Luo, 2002). People were hesitant to purchase online or even left the electronic market because of a lack of trust, and most specifically concerns about privacy. There are differing opinions regarding online trust. Some say the public may be too trusting (Friedman, Kahn, & Howe, 2000), downloading software, participating in online chats and e-auctions, while others continue to refrain from engaging in online purchases, citing fears that financial transactions are insecure. Thus establishing trust is imperative for online retailers. According to Hemphill (2002), electronic commerce will not attain its full potential in the U.S. economy unless consumers feel confident that their privacy and confidentiality have been protected. Trust has been cited as the most significant long-term barrier for realizing the potential of e-commerce to consumers (Grabner-Kraeuter, 2002). A 2002 survey conducted by Yonkers, NY based Consumers Union of the US, only 29% of 1500 US Internet users polled said they trust Web merchants-far fewer than those who trust brick and mortar retailers (Brannigan & Jager, 2003). A significant factor contributing to this lack of trust is that consumers simply are unwilling to provide personal information to Web retailers. Electronic commerce and online retailing will not attain its full potential in the U.S. economy unless consumers feel confident that their privacy and confidentiality are secure and protected. Urban Sultan and Qualls, (2000) posit that trust will become the currency of the Internet. Companies on the Web have to communicate and sell their products and services by providing a trusted environment. Furthermore, Alan Web, found of the new economy business magazine Fast Company states that the new economy begins with technology and ends with trust (Kelly, 1998), and the forefront of developing trust is the hurdle of privacy.

Several well-known Web retailers have announced changes in the treatment of personal information collection and dissemination/sharing policies recently that have increased the concerns of consumers as well as respective customers. Most noted of these are Amazon.com's change in the sharing of their customer database information, and Toysmart.com intention to auction off its customer database to the highest bidder (Friedman, Kahn, & Howe, 2000; Turban, King, Lee, Warkentin, & Chung, 2002). Hemphill (2002) indicated consumers are justified in their concerns regarding online privacy, given these notorious incidents such as Amazon.com, Doubleclick, Inc., and Toysmart.com all improper and perhaps illegal handling of consumer information to third parties. Consumers must be willing to share personal identifying and financial information in order to e-commerce to occur. However, the bottom line is that customers won't give the online retailer that information if they don't trust the retailer (Brondmo, 2000). Fraley (2002) makes an important point, that the privacy issue must be managed as a critical strategic issue in every company.

Online consumers feel a lack control over the access that Web merchants have to their personal information during the online navigation process (Hoffman, Novak, & Peralta, 1999). Concern about privacy include perceptions relate to consumers' control of their personal information, as well as what the company will do with their personal data once it has been collected. Hoffman et al. indicate consumer perceptions regarding trust are media-relative. Thus, with more traditional forms of data collection such as phone ordering, or catalog shopping, consumers have come to be more accepting. While 21% of Web users surveyed like receiving direct mail solicitation, only 6% wanted to receive junk email. Almost two-thirds (63%) of Web consumers declined to provide personal information because they didn't trust the site collecting the data, 65% indicate that providing information is not worth the risk of revealing information, and 69% will not provide personal information, if they do not know how it will be used. Finally, the researchers found that an overwhelming number of online consumers, 95%, had declined to provide personal information to Web sites at one time or another, and slightly less than half, 40%, had taken the trouble of fabricating information when providing it. Hoffman et al. conclude that most effective way for Web providers to develop consumer trust online is to allow that balance of power to shift toward the consumers by moving toward opt-in, informed-consent policies in computer-mediated environments.

FAIR INFORMATION PRACTICES

It is obvious that a major concern for consumers in developing trust is privacy of personally identifying information. As described by Luo (2000), in the area of Internet marketing, invasion of privacy is interpreted as the unauthorized collection, disclosure, or other use of personal information. Sheehan and Hoy (2000) suggest that two expressions of control, awareness of information collection and usage of this information beyond the original transaction are the predominant influences on the degree to which consumers experience concerns about privacy. The Privacy Working Group of the U.S. Information Infrastructure Task Force addressed privacy principles as early as 1995 (Hemphill, 2002). Recommendations set forth by this group at that time indicated that online businesses gathering data should inform consumer of 1) what information they were collecting and how they intended to use the data; 2) whether or not personal information was collected from children; 3) the consequences of providing or withhold information; 4) what steps would be taken to protect the information; 5) a meaningful way to limit use and re-use of personal information; and 6) any rights of redress for harmful or improper disclosure of personal information.

Because of the high priority consumers place on privacy, the Federal Trade Commission (FTC) has been actively involved in establishing guidelines for online marketers in providing and meeting privacy needs. The FTC has relied on fair information principles to guide privacy regulation and industry practice in the U.S. These principles include notice/awareness, choice/consent, access/participation, security/integrity, and endorsement/redress. There is agreement on what comprises the basic premise of each of these principles (Caudill & Murphy, 2000; Commission, 1998, 1999, 2000; Hemphill, 2002; Sheehan & Hoy, 2000). The principle of notice/awareness is considered fundamental: the consumer should be given notice of a business's information practices of collecting personal, identifiable information. Furthermore, this notice should be given before such information is collected. The second principle, choice/consent, gives consumers the option, or choice, on how any information that is collected from them may be used, after the current transaction is completed. Thus, consumers should be able to choose how, or if, their personal information may be disseminated to other, third-party, sources. The third principle of access/participation posits that consumers should be given access to the information that a company has collected about them, as well as contest the accuracy and completeness of the information. The principle of security or integrity, fourth in the list of fair practice principles, needs no more detailed definition other than to say that all data collected as well as transactions must be secured and confidential. Finally, the fifth principle of enforcement/redress provides consumers assurance of compliance. Without this enforcement/redress mechanism, these fair practice principles are merely suggested guidelines, and there can be no assurance that companies will be in compliance.

Although the industry has relied on self-regulation, Milne and Boza (Milne, 2000; Milne & Boza, 1998) found that in a study of 365 organizations, only 38% of the organizations notified consumers about the gathering of personal information, 33% indicate the use of the information, and 26% ask for permission to use the information. Several sweeping research studies conducted in recent years have indicated the large majority of Web sites surveyed do collect personal information, while much smaller percentages post disclosures of such practices. In addition the surveys indicate that in many instances, less than half of these sites implemented four elements of fair information practices established by the FTC. Protection of privacy has become a central issue of the Federal Trade commission, as well as Web retailers. A series of "sweeping" online surveys of fair practice compliance reveal less than exemplary practices on the part of Web sites (Commission, 1998, 1999, 2000; Culnan, 2000; Hemphill, 2002; Milne & Culnan, 2002; Project, 2000) in March of 1998, March 1998, spring of 2000 and December of 2001. The first study conducted in 1998 found that 92% of sites collected personal information, but only 14% posted a notice regarding their information practices, and an astonishingly low 2% posted a comprehensive privacy polity. One year later the numbers improved somewhat, with almost two-thirds of the sites that collected personal information posting some form of privacy disclosure, either a privacy policy or an information practice statement. Thirty-six percent posted both types of disclosures. By 2000, 88% of the sites in a random sample posted at least one privacy disclosure, but only 20% implemented four elements of fair information practices. By late 2001, slightly more than half, 55%, of web sites in a random sample implemented notice, choice and security practices to some extents. This last survey found that 77% of the sites survey posted a privacy policy, and 74% provided notice about what personal information collected. In addition, 90% of top sites provided notification about the use of cookies-automated information collection programs on the Web sites. Milne and Culnam (2002) also note that almost three-fourths of consumers have noticed Web privacy policies, and 69% report having read at least one online privacy policy. Many organizations use the Internet to gather information through the use of cookies or other forms of tracking software without the consumer's knowledge. This data collection adds to the consumer's concern regarding privacy issues. Building trust may be a solution to consumers' privacy concerns.

SEALS OF ENDORSEMENT

Third-party seals of approval have been developed to assist both Web retailers in gaining consumer trust, and to aid consumers in identifying companies that have developed their Web sites and company procedures in accordance with good practices. Miyazaki and Krishnamurthy (2002) indicate that a seal of approval can be thought of as a co-branding strategy. Thus consumers who see one of the seals can feel a sense of assurance that a certain standard of privacy will be met. These researchers believe that seals raise consumer confidence, citing the Good Housekeeping Seal of Approval or the Underwriters Laboratories Listing Mark as predecessors to the online environment, and current privacy seals. Jamal, Maier and Sunder (2003) note that as of December 2001, four major privacy assurance providers competed by developing standards and offering privacy seals: TRUSTe, the first in the market, PriceWaterhouseCoopers (PWC), WebTrust offered by a consortium of accounting firms, and BBBOnline. Hemphill (2002) notes that by 2002 there were five online privacy seal programs available to Web site operators: BBBOnline, CPA Web Trust On-line Privacy, the Direct Marketing Association's Privacy Promise, Secure Trust, and TRUSTe. While there are several seals of approval, two dominate the online environment: TRUSTe and BBBOnline. A review of the top Media Metrix 500 consumer web sties in 2000 found 24% of the sites had some form of endorsement.

The TRUSTe program addresses the fair information principles, as its licensees agree to provide notice, choice, security, data quality and access. Sites with the TRUSTe seal are monitored through an initial inspections, seeding, and outside audits (Benassi, 1999). The TRUSTe standard requires a Web site to disclose the use of cookies, indicate whether cookies are linked to personally identifiable information, explain what data are collected with the cookies, explain the choice and consequences of not accepting cookies, disclose if the data collected by the Web site are aggregated with the data obtained from other third parties, and disclose third parties who collect data on the Web site. This is the most demanding standard on cookie disclosure (Hemphill, 2002). A BBBonline seal affirms to consumers that their personal information will be safeguarded in cyberspace by the companies that participate in this privacy seal program (Luo, 2002). BBBOnline is the next most stringent seal program. This seal requires disclosure of cookie usage, aggregation of data collected on the Web site with data obtained from third parties and disclosure of third parties collecting data on the Web site (Hemphill, 2002). Both TRUSTe and BBBOnline base fees on client revenue. TRUSTe's maximum fee is $12999 for companies with sales greater than $2billion, while BBBOnline's fee is $7000 for companies with sales greater than $2 billion. Cline (2003) notes that fees for smaller firms are significantly less; TRUSTe charges $599 for firms with sales less than $5 million, while BBBOnline charges $200 for firms smaller firms. WebTrust provides a full audit at an annual cost greater than $100,000 per client. PWE offers a proprietary BetterWeb service prices at a flat fee of $15,000 (Jamal et al., 2003). So, is one seal better than another? Does one seal provide better assurance, or promote a higher level of consumer confidence, and thus trust? According to Cline (2003) the answer is, "no." Either the TRUSTe or BBBOnline seal will do. TRUSTe has the highest market share, 1374, compared to BBBOnline's 700+. However BBBOnline has a 91-year history with the Better Business Bureau's name recognition. This gives BBBOnline a 93% recognition rate, compared to TRUSTe's six-year old seal a 69% recognition rate.

Jamal et al. (2003) analyzed 100 top Web sites in 2001. Thirty-four of the sites displayed a privacy assurance seal, either TRUSTe or BBBOnline. Seals can affect consumer perception of favorableness toward web site privacy policies (Commission, 2000). This study determined that the mere display of an Internet seal of approval logo enhanced consumer perceptions regarding privacy policies. The presence of seals increased anticipated disclosure and patronage for consumers with relatively high online shopping risk, but did not have the same influence for consumers with low shopping risk. However, the study also found that there was no real support to indicate that the presence of a seal program logo was an accurate indicator of actual privacy practice standards at the Web site. Mayazaki and Fernandez (2000) surveyed over 1600 firms licensed with BBBOnline, 330 firms, and TRUSTe, 1253 firms. Seventy-four displayed both seals. Compliance with the required display of a hyperlinked logo was low-37% for TRUSTe and 48% for BBBOnline. Twelve percent of the TRUSTe and nine percent of the BBBOnline firms did not display any log at all. In addition, 5% of the TRUSTe and 8% of the BBBOnline licensed firms did not have an active web site. Of the active sites surveyed, 54% display the privacy seal on both the home page as well as privacy page of the Web site. One-fifth displayed the privacy seal information only on the privacy policy page, and 9% displayed the logo only on the Web site's home page. Jamal et al. collected data from 100 high-traffic Web sites using a Web crawler. This study found that 34 sites displayed a privacy assurance seal, TRUSTe comprising a significantly higher percentage-30 sites. Two sites displayed the BBBOnline seal, while another two sites displayed both. Of these 34 sites displaying a seal, 97% also posted a privacy policy, and 92% were described as "easy to find," with only a few mouse clicks. All of the sites displaying a privacy seal disclosed their cookie usage, but only 30 explained what cookies are, and the kind of data that was collected using these cookies. For the sites not displaying privacy seals, 97% used cookies, but only 86% disclosed their use of this technology. Approximately two-thirds of the sites explained what cookies are, but only 35% explained how to monitor or disable cookies. Overall, the Web sites with the privacy seals had a superior record of disclosure compared with the sites not displaying third party seals of endorsement.

Web retailers need to make it easy for consumers to trust their site. Posting privacy and security policies, and making them easy for consumers to read and understand can ensure such trust. In addition, employing certifications from trust and e-commerce auditors will encourage consumer trust (Smith, 2000). Sindell (2000) also encourages the posting of an explicit privacy policy statement, along with a privacy audit to reduce consumers perceptions of risk, and increase trust of the Web site. Despite low participation and compliance rates, there is much support for participation in a third-party seal of endorsement programs (Cline, 2003; Mohammed, Fisher, Jaworski, & Cahil, 2002; Urban et al., 2000). While third-party trust seals such as TRUSTe, BBBOnline or Web Assurance Bureau may be useful in building trust, security-related seals such as VeriSign and CPA WebTrust may resolve concern with security issues (Miyazaki & Krishnamurthy, 2002). The VeriSign SecureSite seal indicates that the site adopts up-to-date security technology and is registered with either the bank or the Internet company collecting payment from the consumer based on digital certificate technology (Urban et al., 2000).

A recent study by Earp and Baumer (2003) found that consumers have more confidence in a retail Web site that possessed a Web seal. Young consumers were more inclined to provide name, age and gender information, as well as read the privacy policy on the site. In addition, they were also more like to provide their information in exchange for cash or a gift offered by the site. Older consumers were more concerned about identity theft and losing control of their information, along with unauthorized redistribution of their information. While the support was not particularly strong, Web sites that provided a privacy statement, opt-out features and third-party seals can allay some consumer concerns.

Finally, there is another assurance program currently under consideration for Web retailers selling goods and services internationally, the Safe Harbor Agreement. The Commission of European Communities issued a document in July 2000, outlining the main features of what has become known as the Safe-Harbor Agreement (Brown & Blevins, 2002), to ensure the protection of personal data collected by U.S. based companies about residents of the European Union. It is not European privacy laws that raised concerns in the EU, rather the absence of such privacy laws in the U.S. Personal data privacy has been seen as a human rights issue in Europe, but is a consumer rights issue in the U.S. In Europe, privacy is seen as a right, and the European Union stops the transfer of data to countries outside the EU where "adequate" protection does not exist. Most U.S. Web sites are unlikely to meet the "adequate" level of the EU. Safe Harbor has seven basic principles: 1) notice, 2) choice, 3) onward transfer, 4) security, 5) data integrity, 6) access and 7) enforcement. While on the face of these principles it would appear these principles are basically parallel to the Fair Information Principles endorsed by the FTC. However, the Safe Harbor Principles include follow-up procedures to verify the business's assertion about the privacy practices, as well as obligations to remedy any consequences for organizations that fail to comply. While the Safe Harbor agreement has not been fully endorsed by U.S. Web retailers, it is an impediment to continue true e-commerce for U.S. firms with European Union consumers.

PURPOSE OF STUDY

The purpose of this study is to analyze the Web sites of online retailers identified as The 50 Best Web Retailers by Internet Retailer. Internet Retailer identifies its Top 50 Best Web Retailers every December (Peters, Wagner, & Demery, 2002). An editorial board determines these Web retailers, based upon Web site design and effectiveness. Neither online retail sales revenues, nor consumer ratings have any influence on list inclusion. The study examines the privacy policies and third-party seals of endorsement found on these sites. The specific research questions to be addressed by the study are:

1) Does the Web retailer have a privacy policy posted, and how easily can consumers access it?

2) Does the company indicate that it shares personal information with affiliates or third parties?

3) What choice do consumers have in the control of sharing their personal information?

4) What third-party seals of endorsement and certification programs are present on the Web site?

METHODOLOGY

A content analysis of the 50 Best of the Web retailers listed in the December 2002 Internet Retailer was conducted in the fall of 2003. Forty-eight of the 50 companies still have operational web sites. Each site was examined for the presence of a privacy policy and presence of third-party seals, including BBBOnline, TRUSTe and VeriSign. In addition, a trained data collector determined how may mouse clicks were required to access the privacy policy from the home page. Content of the privacy policy was examined to determine if the company shared personal information with business partners and affiliates, as well as with third parties; if consumer had the choice to opt-in to data sharing, or if the site offered only opt-out procedures. Finally each site was examined for support or compliance with Safe Harbor practices.

RESULTS

A large percentage of the Web sites examined collect personal information from consumers, and the vast majority of them share that information with business affiliates. Specifically, 83% of the sites share personal information of customers with business partners or affiliates. A much smaller portion, 23%, shares this information with third parties. A significant portion, 90% of the sites have a privacy policy only one mouse-click away from the home page. The remaining 10% place their privacy policy only two clicks from the home page. It should be noted that all of the sites reviewed had a privacy policy posted. Furthermore, the majority of sites, 73%, require consumers to opt-out of such programs, while far fewer, 19%, take the opt-in approach for sharing collected information. Four of the sites (8%) did not indicate either approach to consumer choice. As with previous surveys, these results indicate, only a small portion of the Web retailers belong to any third party seal program. Contrary to industry statistics, more of the sites reviewed displayed the BBBOnline logo than the TRUSTe logo, 21% and 10% respectively. The VeriSign security assurance seal was present on one-third of the sites reviewed. Finally, only three (6%) of the sites were in compliance with Safe Harbor practices. A graphic comparison of these results is presented below in Table 1. A chi-square test of independence was conducted to examine differences in information practices between the sites based upon the assurance seals. Results were significant for all four seals/endorsements and only two variables regarding information practices: sharing of personal information with third parties, and opt-in/opt-out policies. See Table 2 for specific results. These results indicate that the sharing of personal information with third parties and the approach taken toward opt-in or opt-out consumer actions are influenced by the presence of third-party endorsement seals.

Based upon these findings, it would seem that for this group of Web retailers, only a small percentage participates in a third-party privacy seal program, as well as a security assurance program, VeriSign. These results are similar to, but better than those found by Kunz and Henderson (2003) of U.S. retailers. A significantly small number of these Web retailers comply with Safe Harbor practices. In addition, the large majority of the sites reviewed require consumers to take a pro-active approach to personal information. The majority requires consumers to opt-out of information sharing, rather than letting them opt-in, if they so choose. These results are disappointing for this group of Web retailers. While the sites were not selected for their popularity with consumers, or based upon sales volume, they are never the less considered to be top-rated online retailers. Since these sites were identified as top Web retailers based upon site design and effectiveness, one would hope that these sites would exhibit much higher percentages of compliance and seal endorsement. However, the results here are similar, and in some instances better, than the findings of Milne and Culnan 2002 and Jamal et al. in 2003.

LIMITATIONS AND FUTURE IMPLICATIONS

This study is only a small sample of Web retailers, and preliminary in nature. In addition, the analysis is quite simple and relies on frequency and content analysis. However, following this annual list of Best 50 Web Retailers on an annual basis using a longitudinal study could track improvements in compliance. Comparing this group of Web retailers with other sources identifying top-rated, most popular or most visited sites would provide better means of comparison. Suggestions for future research address three major areas for consideration. The first is sampling methods of the sites to be analyzed. The 1998 FTC survey analyzed Web sites from six different target populations (Commission, 1998; Milne & Culnan, 2002) termed "likely to be of interest to consumers." It included sites that belonged to Dun & Bradstreet's Electronic Commerce Registry database, Media Metrix, RelevantKnowledge and Web 21's "100-Hotcom" sites. The Georgetown Internet Privacy Policy Survey conducted in March 1999 sampled from Web sites likely to be of interest to consumers, sampling from URLs identified by Media Metrix (Commission, 1999; Culnan, 2000; Milne & Culnan, 2002). The 2000 FTC survey (Commission, 2000; Milne & Culnan, 2002) sampled from dot com domains from Nielsen//NetRatings in January 2000. Finally a 2001 survey replicated the 2000 FTC survey, selecting the 100 busiest sites from data again obtained from Nielsen//NetRatings rankings of domains (Milne & Culnan, 2002). It is suggested that samples across various sources that are reported as top-rated Web sites, such as Media Metrix, Nielsen//NetRatings, and Internet Retailer should be sampled, and these results compared across the samples. Furthermore, sites that are duplicated within these samples could be analyzed against single-listing sites. It would also be insightful to analyze sites based upon sales revenue generated. Perhaps a sampling of Web retailer sites, gleaned from the Stores Top 100 U.S. Retailers list published annually could also be analyzed. Previous research by Kunz and Henderson (Kunz & Henderson, 2003)found privacy and security policies present on about half of these Web retailers' sites, but less than 10% displayed third-party seals of endorsement. Additionally, BizRate.com has been surveying consumer satisfaction and perceptions of their respective Web purchase. This site promotes that it is the "world's best shopping search engine (About BizRate.com, 2004; Ratings and Research, 2004). BizRate's Customer Certified Ratings Program is used by thousands of retailers every day to promote, track and improve their customer satisfaction performance (Ratings and Research, 2004). Identifying a sample of sites endorsed by this online Web vendor review source could also be a sample source.

The second area to be considered for future research is actual analysis of data gleaned from these various samples. Replication of research conducted by Miyazaki and Krishnamurthy (2002) that would analyze the content of the privacy policy information, as well as the readability and disclosure statements made in the policy, similar to the analysis by Milne and Culnan (2002) could provide significant insights into compliance of privacy policies with seal endorsements, as well as the overall effectiveness of the privacy policies. Since previous sweeping surveys have used similar samples of Web sites, continuity across sampling, while using more in-depth analysis of actual content could provide more detailed information.

A final recommendation of future research is to survey online shoppers regarding their awareness of the presence of privacy policies, actual cognizance of privacy policy content, as well recognition of and reliance on third-party seals of endorsement for privacy assurance. Previous research (Earp & Baumer, 2003; Milne, 2000; Milne & Boza, 1998; Miyazaki & Krishnamurthy, 2002; Sheehan & Hoy, 2000) have found levels of trusts are significantly influenced by privacy concerns and the presence of assurance seals. Thus, determining how consumers use privacy policies, how accurately consumers interpret the information, what specific information in the policies, as well as third-party endorsement seals they use would provide further insights into the effectiveness of such information. Another aspect of consumer surveys should also include determination of what sources consumers actually use to find top-rated, reliable Web retail sites.

REFERENCES

About BizRate.com. (2004). Retrieved February 15, 2004, from http://shop.bizrate.com/content/about.html

Benassi, P. (1999). TRUSTe: An Online Privacy Seal Program. Communications of the ACM, 42(2), 56-59.

Brannigan, C., & Jager, P. d. (2003, September 8, 2003). Building E-Trust. Retrieved September 19, 2003, from http://www.computerworld.com/printthis/2003/0,4814,84599,00.html

Brondmo, H. P. (2000). The Eng@ged Customer: The New Rules of Internet Direct Marketing. New York: Harper Collins.

Brown, D. H., & Blevins, J. L. (2002). The Safe-Harbor Agreement Between the United States and Europe: A Missed Opportunity to Balance the Interests of E-Commerce and Privacy Online? Journal of Broadcasting & Electronic Media, 46(4), 565-585.

Cantwell, E. (2003, August 5). Forrester Research Projects US eCommerce to Hit $230 Billion In 2008. Retrieved September 6, 2003, from http://www.forrester.com/ER/Press/Release/0,1769,823,00.html

Caudill, E. M., & Murphy, P. E. (2000). Consumer Online Privacy: Legal and Ethical Issues. Journal of Public Policy & Marketing, 19(1), 7-19.

Cline, J. (2003, May 8, 2003). Web Site Privacy Seals: Are They Worth It? Retrieved January 3, 2004, from http://www.computerworld.com/printthis/2003/0,481481941,00.html

Commission, F. T. (1998). Privacy Online: A Report to Congress. Washington, DC: Federal Trade Commission.

Commission, F. T. (1999). Self Regulation and Privacy Online: A Report to Congress. Washington, DC: Federal Trade Commission.

Commission, F. T. (2000). Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress. Washington, DC.

Culnan, M. J. (2000). Protecting Privacy Online: Is Self-regulation Working? Journal of Public Policy & Marketing, 19(1), 20-26.

Earp, J. B., & Baumer, D. (2003). Innovative Web Use to Learn About Consumer Behavior and Online Privacy. Communications of the ACM, 46(4), 81-83.

Fraley, P. (2002). Privacy & Consumer Trust [Presentation at Marketing Management Association Annual Conference]: Direct Marketing Association.

Friedman, B., Peter H. Kahn, J., & Howe, D. C. (2000). Trust Online. Communications of the ACM, 43(12), 34-40.

Grabner-Kraeuter, S. (2002). The Role of Consumers' Trust in Online-shopping. Journal of Business Ethics, 39(1/2), 43-50.

Hemphill, T. A. (2002). Electronic Commerce and Consumer Privacy: Establishing Online Trust in the U.S. Digital Economy. Business and Society Review, 107(2), 221-239.

Hodge, C. (2003). Identity Theft and Spam will Deter Online Shopping this Holiday Season. Retrieved January 6, 2004, from http://www.truste.org/about/HoidayShoppingandPrivacySurvey.htm

Hoffman, D. L., Novak, T. P., & Peralta, M. (1999). Building Consumer Trust Online. Communications of the ACM, 42(4), 80-85.

Jamal, K., Maier, M., & Sunder, S. (2003). Privacy in E-commerce: Development of Reporting Standards, Disclosure, and Assurance Services in an Unregulated Market. Journal of Accounting Research, 41(2), 285-309.

Kelly, K. (1998). New Rules for the New Economy: 10 Radical Steps for a Connected World. New York: Penguin Putnam Inc.

Kunz, M. B. (1997). On-Line Customers: Identifying Store, Product and Consumer Attributes which Influence Shopping on the Internet. Unpublished Ph.D. dissertation, University of Tennessee, Knoxville, TN.

Kunz, M. B. (1998). Store Attributes and Consumer Characteristics Which Influence Patronage Across Four Retail Sources. Paper presented at the International Textile and Apparel Association Annual Conference, Dallas, TX.

Kunz, M. B., & Henderson, K. V. (2003). Trust Cues of Top 100 US Retailers' Web Sites. Paper presented at the 4th World Congress on the Management of Electronic Commerce, Hamilton, Ontario.

Luo, X. (2002). Trust Production and Privacy Concerns on the Internet: A Framework Based on Relationship Marketing and Social Exchange Theory. Industrial Marketing Management, 31, 111-118.

Milne, G. R. (2000). Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework and Overview of the Special Issue. Journal of Public Policy & Marketing, 19(1), 1-6.

Milne, G. R., & Boza, M. E. (1998). A Business Perspective on Database Marketing and Consumer Privacy Practices (Working Paper No. 98110). Cambridge, MA: Marketing Science Institute.

Milne, G. R., & Culnan, M. J. (2002). Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal analysis of the 1998-2001 U.S. Web Surveys. The Information Society, 18, 345-359.

Miyazaki, A. D., & Fernandez, A. (2000). Internet Privacy and Security: An Examination of Online Retailer Disclosures. Journal of Public Policy & Marketing, 19(1), 54-61.

Miyazaki, A. D., & Krishnamurthy, S. (2002). Internet Seals of Approval: Effects on Online Privacy and Policies and Consumer Perceptions. The Journal of Consumer Affairs, 36(1), 25-49.

Mohammed, R. A., Fisher, R. J., Jaworski, B. J., & Cahil, A. M. (2002). Internet Marketing: Building Advantage in the Networked Economy. New York: McGraw-Hill Higher Education.

Oberndorf, S. (1998, August 1). Users Remain Wary. Retrieved January 6, 2004, from http://www.catalogagemag.com/content/monthly/1998/1998080103.html

Peters, K., Wagner, M., & Demery, P. (2002, December). Internet Retailer Best of the Web: The Top 50 Retailing Sites. Internet Retailer, 6-56.

Project, T. P. I. A. L. (2000, August 20). Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Retrieved December 15, 2001, from http://www.pewinternet.org

Ratings and Research. (2004). Retrieved February 15 , 2004, from http://merchant02.bizrate.com/oa/ratings_and_research/

Scheleur, S., & King, C. (2003). Retail E-Commerce Sales in Third Quarter 2003 Were $13.1 Billion, up 27.0 Percent from Third Quarter 2002, Census Bureau Reports. Retrieved January 4, 2004, from http://www.census.gov/mrts/www/current.html

Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of Privacy Concern Among Online Consumers. Journal of Public Policy & Marketing, 19(1), 62-73.

Sindell, K. (2000). Loyalty Marketing for the Internet Age. Chicago: Dearborn Financial Publishing, Inc.

Smith, E. R. (2000). e-Loyalty: How to Keep Customers Coming Back to Your Website. New York: HarperCollins.

Turban, E., King, D., Lee, J., Warkentin, M., & Chung, H. M. (2002). Electronic Commerce: a Managerial Perspective. Upper Saddle River: Prentice Hall.

Urban, G. L., Sultan, F., & Qualls, W. J. (2000). Placing Trust at the Center of Your Internet Strategy. Sloan Management Review, Fall, 39-48.

Yoon, S.J. (2002). The Antecedents and Consequences of Trust in Online-Purchase Decisions. Journal of Interactive Marketing, 16(2), 47-63.

Michelle B. Kunz, Morehead State University Ron G. Cheek, University of Louisiana, Lafayette

Michael R. Luthy, Bellarmine University Mike H. Ryan, Bellarmine University Table 1: Frequency Results Variable Number of sites Percent Number of clicks to privacy policy 1 click=43 90 2 clicks=5 10 Shares information with partners/affiliates Yes=40 83 No=8 17 Shares information with third parties Yes=11 23 No=36 75 Not indicated=1 8 Consumer choice options Opt-in= 9 19 Opt-out=35 73 Not indicated=4 8 BBBOnline logo present Yes=10 21 No=36 75 Not indicated=2 4 TRUSTe logo present Yes=5 10 No=43 90 VeriSign logo present Yes=16 33 No=32 67 Safe Harbor compliance Yes=3 6 No=45 94 Table 2: Chi-square results Seal Policy [chi square] df p BBBonline share w/ 3rd 27.82 4 .000 BBBonline opt-in/out 26.55 4 .000 TRUSTe share w/ 3rd 9.90 2 .007 TRUSTe opt-in/out 10.20 2 .006 VeriSign share w/ 3rd party 48.04 2 .000 VeriSign opt-in/out 13.95 4 .007 Safe Harbor share w/ 3rd party 24.70 4 .000 Safe Harbor opt-in/out 27.63 4 .000