Privacy, Security, and the Mind of the Consumer

on February 6, 2017

A few weeks ago, we decided to launch a US-based consumer study, focused on understanding how non-techie consumers think about both privacy and security. Our goal was to learn what consumers understand both these terms to mean, what core behavior changes do they make (if any) with products and services based on their privacy or security concerns, and which companies they trust more than others in both cases. Prior to launching the study, I looked at many different studies done by consulting companies, banks, and financial institutions, as well as government studies, to see what kind of questions had been asked before. I also spent some time interviewing consumers to hear how they talk about privacy and security when it came to different products and services. Even with all the prior work put in, this was still one of the hardest studies to get consumer participation. The difficulty of the subject matter itself, along with the high initial abandonment rate we suffered on the study, was a lesson in and of itself. We left comment boxes in certain places of the study and, quite frequently, consumers felt they weren’t adequately informed enough to participate, didn’t have strong opinions, didn’t want to think about it or just didn’t care. The open comments sections were some of the places we received the keenest insights into how consumers view these subjects. With with a few wording changes and adaptions to the study, we finally got enough people to complete it for it to be statistically representative.

Privacy and Security, Same or Different?
We broke the study out into two sections: one on privacy and the other on security. We asked consumers what they felt each term meant and left the same answer options for both questions. Below is the merged chart for both the privacy definition question and the security definition question.

As you can see, consumers felt the strongest definition of privacy was “Not selling personal data, or letting third parties access personal data.” When it came to security, consumers felt the strongest definition was “Secure and encrypt my data so no one can hack or steal it”. But, as our gut sense suggested, there is a fair amount of overlap in how consumers think about privacy and security with the same two answers being quite high in both questions. A core conclusion was, while privacy and security are two separate things, consumers tend to blend their understanding of them into the same definition. In the mind of the consumer, what is private is secure and what is secure is private.

Who Do You Trust With Your Privacy and Security?
Thanks to some other studies, I read quite a bit about how consumers trust things like government and financial institutions. We wanted to look at some of the bigger names in tech and social media as a start.

Apple and Microsoft were nearly neck and neck for the top spot of consumer trust when it came to privacy. Apple squeezed out the top spot overall and, not surprisingly, the top spot among iPhone owners. Microsoft was the most trusted company with privacy by Android owners followed by Apple. Google was in a solid third place regardless of age and smartphone owned, followed closely by Amazon and then Samsung. We asked consumers to rank these companies with a “1” being the most trusted and “8” being the least trusted. Facebook came in at 5.7 followed by Twitter at 6.2 and lastly, Snapchat at 6.7. Interestingly, the ranking did not change much even when we looked at younger consumers 18-25, who are within the Snapchat demographic. Snapchat moved up to the 7th place with this demographic and Twitter was last. Snapchat falling into last place overall is not surprising since a good portion of our respondents did not have a Snapchat account or use the service.

Here is the top line results on company rankings on privacy. The results for rankings with security were not much different.

Reading the comments about why consumers made some of the choices they did proved insightful. It is clear there is a understandable trade off consumers make when they use things which they know are more public, like Facebook. Consumers know what they post is open for anyone to see. Therefore, their feelings around privacy for these services are somewhat less strict. With companies where their actions and behavior are not public like Apple, Microsoft, and Google, they seem to embrace a higher degree of trust since what they do on their phones, PCs, and even what they search for, is not publicly tied back to them as an individual the same way what they do on social media can be tied directly back to who they are. This became clear when we examined behavioral changes they make on social media. The top answer was to be more intentional and careful about what they share/post on social media.

Google was an interesting one for us to explore. We created a few questions just around Google and what consumers believe Google knows about them and what they don’t. While most consumers use Google’s search, they acknowledge the creepiness factor of when you are on a different website seeing ads for things you searched for on Google. Interestingly, while Google was the third most trusted company in both privacy and security rankings, 52% of consumers said they really have no idea how much Google knows about them.

Privacy and Security Fanatics
We know there are some hard core consumers with very strong feelings about their privacy and security and, until now, we didn’t know what percent of the market these consumers made up. We asked some specific questions to help us narrow the field to those who are the most privacy and security conscious. For example, 20.3% of our respondents said they cover their device’s camera with a piece of tape. 13% said they have installed privacy enhancing plug-ins in their devices browser. 15% installed some kind of security software on their smartphone. 11% specifically switched their text/messaging service to one they consider more private and secure. We asked many more to narrow this down but, in each instance, we did not see responses go above the 20% mark. Which leads me to believe the percent of US-based consumers who are the most privacy and security conscious make up around 15-20% of the market, approximately. This demographic tends to skew older — 50+ and heavily female.

While not a large group, it is helpful to get an idea of the size of the market for more privacy and security conscious consumers, especially as more companies are looking to sell products and services with a heavy emphasis on these issues.

As I mentioned at the start, the most interesting takeaway was the difficulty of the subject matter and that it is a difficult topic, one where there is more uncertainty than certainty. I am convinced that any company’s message that over-indexes on the privacy or security angle will only resonate with a portion of the market. Still, I encourage companies to keep pushing both privacy and security forward on behalf of the consumer simply because it is the right thing to do. Consumers will appreciate it, even if they don’t fully understand, or care, about all that is involved.