IBM: A Pioneering Advocate of Online Privacy
But, then again, we're talking about IBM.
The venerable computer giant has not only made online privacy a company-wide priority, it has also taken a leadership role in encouraging everyone doing business on the Web to follow their example. And for good reason. A huge majority of Americans have concerns about Internet privacy. If left unaddressed, these concerns have the potential to stymie the explosive growth of e-commerce. Federal online privacy legislation also looms on the horizon, not to mention the fact that IBM's own fiercely protected brand name and image is on the line.
A recent IBM survey of consumer perceptions toward online privacy drives home the importance of this issue. Conducted by Louis Harris & Associates, the survey showed that of the more than 3,000 respondents in the United states, the United Kingdom and Germany, only 10 to 12 percent were confident that Internet businesses were handling their information securely. Forty percent of those polled have, at some point, decided not to purchase something online due to privacy concerns. Clearly, there's a gap in confidence that needs to be filled.
IBM's own online privacy strategy was developed in accordance with the five principles outlined by the Alliance. These five principles are described in detail on the Alliance's Web site at www.privacyalliance.org and are summarized below:
2. Notice and disclosure of information collection and use practices.
3. Choice and consent to give users the opportunity to exercise control over their information.
4. Data security measures to help protect the security of personally identifiable information.
5. Quality and access assurances that the data is accurate, complete and timely for the purposes for which it is to be used.
Like many companies interested in furthering trust on the Web, IBM is also a
member of a "seal" program. A seal program consists of an independent third
party-like TRUste and BBBOnLine-which monitors a company's compliance with
TRUste monitors IBM and all of its licensees for compliance through a variety of means:
1. Initial and periodic reviews of the site by TRUste.
2. "Seeding," whereby TRUste tests its licensees by submitting personal information online to verify that a site is following its stated privacy policies.
3. Compliance reviews by a CPA firm.
4. Feedback and complaints from the online community.
5. Use of a click-to-verify seal to deter piracy of the TRUste seal. (Clicking on the seal takes the user to TRUste's secure server and verifies that the site is indeed a legal licensee of TRUste.)
"We do ongoing maintenance to make sure the policy is followed," says Pearson. "All of our webmasters have to monitor it." In fact, IBM's digital space has become so important and complex that there is a person within the company's corporate marketing department whose sole function is to formulate customer information policy.
If consumers perceive that a site may not be in compliance, they are required to contact the Web site first to resolve the issue, and TRUste provides them with a Watchdog Report for communicating their complaints or concerns. If they don't receive satisfaction, TRUste will serve as liaison between the consumer and the site, working with both parties for resolution.
Compliance Between Partners
Of course, privacy is more of an issue in the context of a business-to-consumer relationship because, in a business-to-business context, partners can agree in advance what information they are going to share. Since IBM markets its products through business partners, its Web site is not consumer-oriented. "You can't go on ibm.com and shop for Thinkpads," notes Pearson. What a consumer can do is register to receive mailings--either hard copies or e-mail. IBM uses the information gathered for traditional direct marketing purposes and to target ads. In a business-to-business context, that type of information is used to have people sign up for marketing programs.