Banks fare well in consumer views on data protection

While most U.S. adults do see the risks involved with companies having access to their personal information, six in ten (58%) feel that generally speaking, companies in the United States do a good job of protecting their customers’ personal information and privacy, including one in ten (11%) who feel that they do a very good job, according to a new poll of over 1,000 adults conducted by Ipsos Public Affairs on behalf of the American Bankers Association.

Just over one-third (35%) view companies as doing a bad job, including 8% who view it as very bad, while 6% are not sure.

There is a wide range of opinions in terms of how specific types of companies do in protecting their customers. Local banks (89%), online retailers like Amazon, Zappos, and Buy.com (76%), credit card companies (74%), and online e-commerce companies like PayPal and eBay (71%) are most likely to be seen as doing a good job of protecting their customers’ personal information and privacy.

To a slightly lesser extent, department stores (65%), small businesses (64%), and big box retailers (62%) are seen as doing a good job. However, fewer than four in ten (37%) say that social networks like Facebook, Twitter, and Instagram are doing a good job of protecting their customers.

When it comes to how responsive companies would be in helping customers resolve any problems they experience in the event their customers’ personal information and privacy has been compromised, a similar pattern emerges. One’s local bank (89%), credit card companies (83%), and online retailers (78%) are most likely to be seen as being somewhat/very responsive. Three quarters also feel that online e-commerce companies (76%), department stores (76%), and big box stores (76%) would be responsive to their customers’ needs following a breach, while fewer feel this way about small businesses (67%) and social networks (48%).

About half of American adults (47%) say that they have been notified by a company or organization (such as a retailer, their bank, their credit card company, or a credit card monitoring service) that their personal information may have been compromised through some sort of data breach. The same proportion (47%) say that they have never been so notified, while 6% are not sure.

While close to half have been notified of a breach, one in five (20%) have experienced negative consequences as the result of a data breach. This includes one in eight (13%) who lost money but were reimbursed, and one in twenty who lost money and were never reimbursed (5%), or had their identity stolen (5%).

Respondents are evenly split on their perception that their personal information will be compromised through some sort of data breach in the coming year, with 50% believing that this is likely (including 11% who believe that it is very likely). Among the 50% who believe that this is unlikely, just one in seven (14%) believe that it is very unlikely.

The vast majority of U.S. adults (81%) feel that consumers are more susceptible to violations of their privacy today than they were five years ago, including 44% who feel that consumers are much more susceptible. Just one in ten (11%) believe that consumers are less susceptible these days, while 8% are unsure.

Majorities have taken some action in the past year to help protect their personal information and privacy from being compromised, including changing their PIN or password information (68%), checking their bank and credit card statements more frequently (68%), and only shopping on websites certified as secure (60%). Respondents also report that, in the past year, they have stopped visiting a particular website (33%) or retailer (25%) that they viewed as untrustworthy, or that they reduced or stopped using their credit and/or debit cards (23%) or making online purchases (24%). About one in five (19%) signed up for a credit monitoring service.

When asked what additional tools would be most useful in helping customers better protect their data, respondents offered suggestions of what consumers might do to protect themselves, including limiting the amount of information you provide (5%); only using secure credit or debit cards with chip or encryption (4%); changing PIN or password information, or doing so more frequently (4%); checking bank and credit card statements more frequently and double-checking all transactions (3%); and better customer awareness or being more alert (3%).

Other responses relate to what companies or organizations could do in this regard, including more or easier credit monitoring, or a free credit monitoring service (5%); better encryption for internet sites/online protection (4%); more credit alerts and immediate notification of problems (4%); requiring identification, such as photo ID of fingerprints (3%); and improved security procedures by companies (3%).

A range of suggestions were offered by 2% or fewer respondents, while one in ten or fewer offered some other response (7%), or nothing (9%). Just over one-third (36%) say they do not know what additional tools would be helpful.

Generally, most acknowledge that there are risks involved with companies having access to their personal information. While one-third (34%) take these risks because of the benefits, over four in ten (43%) say that they don’t feel they have any choice with regard to these risks with so much commerce taking place electronically. About one in five (19%) say that they are uncomfortable with the risks of companies having access to their personal information to the point where they avoid most forms of electronic commerce. Conversely, just 4% say that they are completely comfortable with companies having access to their personal information.

While a majority believes that various companies do a good job in protecting their customers’ privacy, and would be responsive in helping customers resolve any problems they experience, there is also widespread support for strict guidelines and regulations around how companies should handle consumers’ personal and financial information.

Nine in ten (92%) adults agree that any company that handles consumers’ personal and financial information should have rigorous internal procedures in place to protect that information, including 80% who strongly agree. Just 5% disagree, while 3% are unsure.

An equally high proportion (92%) also feel that any company that has a data breach that could be harmful to consumers should be required to publicly notify customers in a timely and effective manner, including 81% who strongly agree. Again just 5% disagree and 3% are unsure. While nine in ten (90%) also agree that any company that has a data breach should be financially responsible for any losses that arise from the breach, fewer (68%) strongly agree with this sentiment. At the same time, very few respondents (6%) would not want to see the company held financially responsible, while 4% are unsure.