Privacy and information management research firm Ponemon Institute along with Internet privacy leader TRUSTe have named eBay the 2009 Most Trusted Company for Privacy, citing the company as proof that an e-commerce site can protect consumer privacy while handling massive volumes of sensitive data across the globe. eBay moved from #2 overall last year to #1 this year, followed by Verizon, the U.S. Postal Service, WebMD and IBM. American Express had been named #1 four years in a row before eBay took over the top spot in 2009.
“We are honored to learn that TRUSTe and the Ponemon Institute have recognized our leading practices for privacy, security and trust – all qualities we feel are synonymous with our brand,” said Scott Shipman, CPO of eBay, Inc. “At eBay, we constantly and carefully listen to customer feedback and respond with program enhancements to improve the high level of trust and satisfaction our members enjoy.”
I had tried to break down why I felt eBay was recognized so highly in privacy trust when 2008’s report came out back in December, 2008. You can see that break down HERE.
**What is Privacy Trust? (As defined by TRUSTe and Ponemon Institute):
Privacy trust is a process companies can implement to motivate trust and confidence in how its leaders, employees and contractors (vendors) protect and secure private information about people and their families. Privacy trust requires a company to ensure that actual practices are aligned with the public’s perception about how their personal information is used, shared and retained. The key components of privacy trust are:
• Notice – Companies should clearly communicate their privacy policies and data practices to customers. These policies must be updated to reflect any changes in practices and policy.
• Choice or Consent – Companies should respect customers’ personal data and will not share non-public personal data, except as permitted or required by law.
• Access and Redress – Customer and employees should have reasonable access to their personal information as required by law and have the ability to correct any inaccuracies or misinformation held about them.
• Prudent Security – Companies need to take reasonable measures to protect data and limit access by unauthorized parties.
• Data Minimization and Accuracy – Companies should avoid collecting information they never need or plan to use. While the cost of storage is nominal, the excess information creates data integrity, quality and accuracy problems.