ArticlePDF Available

Abstract and Figures

Since the late 1970's Dr. Alan Westin has conducted over 30 privacy surveys. For each of his surveys, Westin has created one or more Privacy Indexes to summarize his results and to show trends in privacy concerns. Many privacy researchers are interested in using these privacy indexes as benchmarks to which they can compare their own survey results. However, the details of how the indexes were calculated have not been reported except in the original survey reports. These reports were originally distributed in paper form, and many are no longer readily available. We obtained paper copies of five of these survey reports and found a sixth report online. We also found summaries of eight additional reports online. Here we report on the methodology used each year to calculate the privacy indexes and draw some conclusions about which indexes can be used to infer privacy trends.
Content may be subject to copyright.
________________________________________________________________________
- 1 -
Privacy Indexes:
A Survey of Westin’s Studies
Ponnurangam Kumaraguru, Lorrie Faith Cranor
CMU-ISRI-5-138
December 2005
Institute for Software Research International
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Abstract
Since the late 1970’s Dr. Alan Westin has conducted over 30 privacy surveys. For each of his
surveys, Westin has created one or more Privacy Indexes to summarize his results and to show
trends in privacy concerns. Many privacy researchers are interested in using these privacy indexes
as benchmarks to which they can compare their own survey results. However, the details of how
the indexes were calculated have not been reported except in the original survey reports. These
reports were originally distributed in paper form, and many are no longer readily available. We
obtained paper copies of five of these survey reports and found a sixth report online. We also
found summaries of eight additional reports online. Here we report on the methodology used each
year to calculate the privacy indexes and draw some conclusions about which indexes can be used
to infer privacy trends.
This research was supported in part by the Institute for Software Research International, Carnegie
Mellon University and by the Carnegie Mellon CyLab.
________________________________________________________________________
- 2 -
Keywords: privacy survey, privacy index, privacy attitudes, medical privacy, consumer
privacy, e-commerce, privacy fundamentalist, privacy pragmatist, privacy unconcerned.
________________________________________________________________________
- 3 -
1. Introduction
Dr. Alan Westin conducted over 30 privacy-related surveys between 1978 and 2004 [21]. These
surveys cover general privacy, consumer privacy, medical privacy, and other privacy-related
areas. For most of these surveys Westin created a “Privacy Index” to summarize his results and to
show trends in privacy concerns. Unfortunately, the details of how Westin calculated these
privacy indexes have not been reported except in the original survey reports. These reports were
originally distributed in paper form, and the early ones are no longer readily available. Some of
the more recent survey reports are currently available for purchase from Privacy & American
Business.1 We were able to obtain paper copies of five of these survey reports [10], [12], [13],
[15], [17] and were able to find a sixth report online [4]. We were also able to obtain the
executive summary of eight additional reports online [5], [6], [7], [11], [14], [16], [18], [19].
Table 1 provides the information regarding reports discussed in this paper.
Table 1: Details of the studies discussed in this paper
Year Name of study Report / Summary
found
Source type
1990 Equifax Executive Summary Summary Online
1991
Harris-Equifax Consumer Privacy
Survey
Report Hard copy
1992 Equifax Executive Summary Summary Online
1993 Health Information Privacy Survey Report Hard copy
1994 Equifax-Harris Consumer Privacy
Survey
Report Hard copy
1995 1995 Equifax / Harris Consumer
Privacy Survey
Summary Online
1996 Equifax-Harris Consumer Privacy
Survey
Report Hard copy
1997 The results of Commerce,
Communication, and Privacy Online
for Privacy & American Business
Summary Online
1998 E-Commerce & Privacy: What Net
Users Want
Report Hard copy
1998 The Privacy Concerns and Consumer
Choice
Summary Online
1999 DoubleClick, Inc. and Privacy & Summary Online
1 Privacy & American Business, Report Order form, http://www.pandab.org/RptOrderForm.pdf , visited on
10 Aug 04.
________________________________________________________________________
- 4 -
American Business
1999 Freebies and Privacy:What Net Users
Think
Summary Online
2001 Privacy On & Off the Internet: What
Consumers Want
Report Hard copy
2003 Most People Are “Privacy
Pragmatists” Who, While Concerned
about Privacy, Will Sometimes Trade
it Off for Other Benefits
Summary Online
Westin’s surveys measure attitudes and concerns about privacy and provide data on how
these attitudes and concerns change over time. Westin has surveyed the general level of privacy
concern of the public and has also studied the attitudes about specific privacy-related topics, for
example, confidence in organizations that handle personal information, acceptance of a national
identification system, and use of medical records for research. He has also investigated changes in
privacy attitudes after September 11, 2001 [4]. Some of Westin’s surveys were commissioned by
companies or organizations that were interested in privacy issues relevant to their particular line
of business. In each survey report, Westin provides insights designed to help organizations
respond to privacy concerns with appropriate policies, products, and services. All of these surveys
were conducted via telephone and surveyed randomly-selected statistical samples of the United
States adult population. Because they are random-sample surveys and are statistically
representative, they serve as useful benchmarks for comparisons with surveys conducted in other
countries or surveys conducted with convenience samples.
Westin created several privacy indexes to summarize his survey results and show privacy
trends over time. While creating the indexes, Westin classified the public into three categories.
Westin has interchangeably used the following categories to refer to the groups of people that he
created: (1) High and Fundamentalist, (2) Medium and Pragmatist, (3) Low and Unconcerned.2
Of the 14 survey reports (complete or summaries) that we examined, six specified the values for
all the three categories while one report provided the value for the High category only. The rest of
the reports did not discuss about the privacy indexes.
We also found other studies where the researchers have directly or indirectly compared
the indexes described by Westin to the results obtained by them in their own studies [1], [2].
Many privacy researchers around the globe are interested in using these privacy indexes as
benchmarks to which they can compare their own survey results and also use these indexes to
classify people in other countries. In this paper, we report the methodology used by Westin to
calculate the privacy indexes and draw some conclusions about which indexes can be used to
infer privacy trends.
The remainder of this paper is organized as follows: In the following section, we present
Westin’s methodology for creating privacy indexes. We include the text of the questions from
which the privacy indexes were obtained.3 In the discussion section, we present some conclusions
about these privacy indexes and present some criticism that has been raised about these surveys.
2 To be consistent with the reports written by Westin, we have also used the terms as presented in Westin’s
reports.
3 When reproducing survey questions in this report, we have omitted those parts of the question that are not
relevant to the privacy indexes under discussion. We have included the actual question and question
numbers from the original surveys, displaying them in bold, italic font.
________________________________________________________________________
- 5 -
2. Creation of Privacy Indexes
In this section, we present the methodology used by Westin for creating the indexes for each of
the reports that we obtained. We present the methodology in chronological order of the study. We
provide the actual questions from the reports, options provided to the samples, results for these
specific questions and definitions given by Westin for the categories of people.
2.1. Harris – Equifax Consumer Privacy Survey – 1990 and 1991
The earliest privacy index we studied was Westin’s “General Privacy Concern Index,” developed
as part of the 1990 study. In order to gain a better understanding of privacy concerns, Westin used
a series of four questions to divide respondents into three groups, representing levels of privacy
concern. As reported in Westin’s 1991 survey report [10], respondents were asked:4
1. Whether they are very concerned about threats to their personal privacy today.
2. Whether they agree strongly that business organizations seek excessively personal
information from consumers.
3. Whether they agree strongly that the Federal government since Watergate is still invading
the citizen’s privacy.
4. Whether they agree that consumers have lost all control over circulation of their
information.
The answers to these questions were used to assign each respondent to a privacy concern group as
follows:
High 3 or 4 privacy-concerned answers
Moderate 2 privacy-concerned answers
Low 1 or no privacy-concerned answers
Westin then examined respondents’ responses to all the other privacy-related questions in the
1990 study and found that the general privacy concern index was a good predictor for relating
general concern level and privacy concern level.
Using the classification mentioned above, Westin divided the respondents into the following
categories :
The privacy Fundamentalists: Fundamentalists are generally distrustful of organizations
that ask for their personal information, worried about the accuracy of computerized
information and additional uses made of it, and are in favor of new laws and regulatory
actions to spell out privacy rights and provide enforceable remedies. They generally
choose privacy controls over consumer-service benefits when these compete with each
other. About 25% of the public are privacy Fundamentalists.
The Pragmatic: They weigh the benefits to them of various consumer opportunities and
services, protections of public safety or enforcement of personal morality against the
degree of intrusiveness of personal information sought and the increase in government
power involved. They look to see what practical procedures for accuracy, challenge and
correction of errors the business organization or government agency follows when
consumer or citizen evaluations are involved. They believe that business organizations or
government should “earn” the public’s trust rather than assume automatically that they
have it. And, where consumer matters are involved, they want the opportunity to decide
whether to opt out of even non-evaluative uses of their personal information as in
compilations of mailing lists. About 57% of public fall into this category.
The Unconcerned: The Unconcerned are generally trustful of organizations collecting
their personal information, comfortable with existing organizational procedures and uses
are ready to forego privacy claims to secure consumer-service benefits or public-order
values and not in favor of the enactment of new privacy laws or regulations. About 18% of
public fall into this category.
4 We were unable to obtain the complete report of the 1990 study. The privacy index that we have provided
here for the year 1990 is from the 1991 report [10].
________________________________________________________________________
- 6 -
In the 1991 study, Westin created the “Consumer Privacy Concern Index.” He used questions
about business use of personal information as the basis for creation of the index. He used the
response of the following question to create the index [10]:
4 a. Do you agree or disagree with the following statement (READ EACH ITEM)? Do you agree /
disagree very strongly or somewhat strongly?
1. Consumers have lost all control over how personal information about them is circulated
and used by companies.
Agree very strongly 1 ( 37 ) 5
Agree somewhat strongly 2 ( 34 )
Disagree somewhat strongly 3 ( 20 )
Disagree very strongly 4 ( 3 )
Neither / Not sure 5 ( 4 )
2. My privacy rights as a consumer in credit reporting are adequately protected today by law
and business practices
Agree very strongly 1 ( 10 )
Agree somewhat strongly 2 ( 27 )
Disagree somewhat strongly 3 ( 29 )
Disagree very strongly 4 ( 20 )
Neither / Not sure 5 ( 4 )
For creating the index, Westin considered the privacy-oriented position to be “agree” 6 for the
first question (4 a 1) and for the second question (4 a 2), he regarded the privacy-oriented
position to be “disagree.” The 1991 report describes how these responses were used to create the
Consumer Privacy Concern Index [10]:
If a person did not take the privacy-oriented position on either of the two statements, we
scored them as a Low in Consumer Privacy Concern. If they took one of the two pro-
privacy views, we considered them to have Moderate concern. And if they took the
strongest privacy-oriented position on both of the statements, we considered them to have
High concern. We tested the power of the index by looking whether those who scored
highest on this index were the most privacy-oriented in answering most of the other
attitude and policy questions on the 1991 survey, whether those scoring lowest on the
index were the least concerned with privacy on those questions, and moderates were in
the middle.
Westin in the 1991 report provided the comparison of the index values for 1990 and 1991 studies
[10]:
Consumer privacy concerns for 1991 and 1990 is as follows
1990 1991
High concern 46 % 41%
Moderate concern 36 % 39%
Low concern 17 % 20%
2.2. Harris-Equifax Health Information Privacy Survey – 1993
Westin created the “Medical Privacy Concern Index” and “Computer Fear Index” as part of his
1993 survey. Westin used “Medical Sensitivity Index” (described below) and an additional two
5 The numbers in parenthesis are the exact values from the reports.
6 Westin has used “agree” to be sum of “agree very strongly” and “agree somewhat;” this was not clearly
mentioned in the reports. Similar aspects were seen in few other reports also [15], [17].
________________________________________________________________________
- 7 -
questions to create the Medical Privacy Concern Index. The additional two questions to create the
index were [12]:
A 2. (Have/do) you or (has/does) a member of your immediate family (READ ITEM), or not?
1. Ever used the services of a psychologist, psychiatrist, or other mental-health professional.
Yes (22 ) 7
No (77 )
Not Sure (1 )
D1. Do you believe that (READ EACH ITEM) has ever disclosed your personal medical information
in a way that you felt was improper, or not?
Health insurance companies ( 15 – 82 – 3 ) 8
A clinic or hospital that treated you or a family member ( 11 – 87 – 2 )
Public health agencies (10 – 86 – 4 )
Your employer or a family member’s employer ( 9 – 89 – 1 )
A doctor who has treated you or a family member ( 7 – 92 – 1 )
A pharmacy or druggist who filled a prescription
for you or a family member ( 3 – 95 - 1 )
The Medical Sensitivity Index was based on two questions measuring computer fear and two
questions measuring concern over the circulation of medical information among various
organizations. The two questions measuring concern for circulation of medical information were:
C2. Please tell me for each of the following statements whether you agree strongly, agree
somewhat, disagree somewhat, or disagree strongly?
1. It concerns me that my medical information is being seen today by many organizations
beyond those that I go to for health care services.
Agree Strongly ( 32 )
Agree somewhat ( 29 )
Disagree somewhat ( 22 )
Disagree strongly ( 14 )
Not sure ( 4 )
L 4. Under national health-care reform, each person might be assigned an identification number for
health insurance purposes. How concerned would you be to have such a health information
number assigned to you – very concerned, somewhat concerned, not very concerned or not
concerned at all?
Very concerned ( 28 )
Somewhat concerned ( 29 )
Not very concerned ( 22 )
Not concerned at all ( 20 )
Not sure ( 1 )
The two questions measuring computer fear were:
K1. How concerned are you that many health care providers you use today employ computers in
some of their operations, such as patient billing and accounting, laboratory work, and keeping
some medical records – are you concerned, some what concerned, not too concerned, not
concerned at all?
Very concerned ( 8 )
Somewhat concerned ( 21 )
Not too concerned ( 31 )
7 During this year Westin also conducted the study among leaders of organizations, but these values are not
discussed in this report. In this report, we provide the values for the “Total Public” as mentioned in
Westin’s report.
8 The values are presented in the order of “Yes,” “No” and “Not sure.”
________________________________________________________________________
- 8 -
Not concerned at all ( 40 )
Not sure ( ** ) 9
L1. Under national health care reform, computers are expected to be used extensively to manage
and monitor operations. Some of these uses will involve individual medical records. In general,
would such use of computers worry you – a great deal, a little or not at all?
A great deal ( 23 )
A little ( 47 )
Not at all ( 29 )
Not sure ( 1 )
Responses to questions C2, K1, L1, and L4 were first combined to form a Medical Sensitivity
Index. If a respondent answered 3 or 4 questions with the strongest privacy position, he or she
was placed in the High category; if a respondent answered 1 or 2 questions with the strongest
privacy position, he or she was placed in the Medium category. Respondents with no strong
privacy answers were placed in the Low category of Medical Sensitivity Index. Dividing the
public into these three groups produced the following distribution:
High - 13%
Medium - 45%
Low - 42%
Westin specified that Medical Sensitivity Index proved to be strongly correlated with privacy
orientations of a large majority of the respondents. Respondents scoring highest in the Medical
Sensitivity Index took the most privacy-oriented position on the majority of the questions;
respondents with Medium Medical Sensitivity Index occupy middle positions; and respondents
with Low Medical Sensitivity Index were the least privacy oriented. Using the results from the
above questions A2 and D1, along with the Medical Sensitivity Index, Westin created the Medical
Privacy Concern Index. Westin found 48% of the public fell into the category of High Medical
Privacy Concern Index. Westin in his report (referring to the results for the above questions)
mentioned [12]:
Each of these measures as we have already discussed produced strong correlation
between these respondents and strong privacy-oriented positions on a majority of the 39-
question data set. After eliminating duplications among the three sets of respondents, we
found 48% of public – representing 89 million Americans - fall into the High Medical
Concern.
As mentioned earlier, in the 1993 study, Westin also created the Computer Fear Index. He asked
the following questions for creating the index:
X3. Do you agree strongly, agree somewhat, disagree somewhat or disagree strongly?
1. If privacy is to be preserved, the use of computers must be sharply restricted in the future.
Agree strongly ( 40 )
Agree somewhat ( 31 )
Disagree somewhat ( 17 )
Disagree strongly ( 10 )
Not sure ( 2 )
9 The value for this option was less than 0.5%, so no specific values were provided in Westin’s report.
Values provided with ( ** ) hereafter in this report specifies percentages less than 0.5%. We also suspect
that all the values presented in the Westin’s reports were rounded off to the nearest integer values.
________________________________________________________________________
- 9 -
K1. How concerned are you that many health care providers you use today employ computers in
some of their operations, such as patient billing and accounting, laboratory work, and keeping
some medical records – are you very concerned, somewhat concerned, not too concerned, not
concerned at all?
Very concerned (8%)
Somewhat concerned (21%)
Not too concerned at all (31%)
Not concerned at all (40%)
Not sure ( ** )
18% of public are very concerned that their health care provides are using computer
today.
L1. Under national health care reform, computers are expected to be used extensively to manage
and monitor operations. Some of these uses will involve individual medical records. In general,
would such use of computers worry your – a great deal, a little or not at all?
A great deal ( 23 )
A little ( 47 )
Not at all ( 29)
Not sure ( 1 )
Westin used the above questions (X3.1, K1, L1) to create the Computer Fear Index. Westin
proposed [12]:
People with 2 or 3 of above answers were rated as high in computer fear; 1 answer as
medium and no answer as Low. The public divided into three groupings as follows:10
High Computer Fear - 22%
Medium Computer Fear - 32%
Low Computer Fear - 47%
2.3. Equifax-Harris Consumer Privacy Report – 1994
In the 1994 study [13], Westin created the “Distrust Index”. Westin used the following questions
to derive the index.
H1. For each of the following statements, please tell me whether you tend to agree or disagree? Do
you agree strongly, agree somewhat, disagree somewhat or disagree strongly?
Technology has almost gotten out of control ( 23 – 28 – 25 – 21 – 1 ) 11
Government can generally be trusted to look after our interests ( 5 – 15 – 28 – 52 - ** )
The way one votes has no effect on what the government does ( 24 – 22 – 26 – 27 – 1 )
In general business helps us more than harm us ( 34 – 42 – 14 – 8 – 1 )
Westin specified [13]:
To create the Distrust Index, we examined each respondent’s answers to the four
questions.12 If a respondent gave 3-4 distrustful answers (e.g., agrees that voting has no
effect; disagrees that government can generally be trusted; disagrees that business helps
more than harms; and agrees that technology is almost out of control), we classify that
respondent as High in distrust; two distrustful answers are scored as Medium distrust; one
as Low distrust; and no distrustful answers are called No distrust.
The values for the classification were:
10 Here Westin mentions the privacy orientation as the answers to the questions asked to the respondents.
11 Values specified are in the order of “Agree strongly,” “Agree somewhat,” “Disagree somewhat,”
“Disagree strongly” and “Not sure.”
12 Here Westin refers to the four parts of the question mentioned above in H1.
________________________________________________________________________
- 10 -
High Distrust - 31%
Medium Distrust - 38%
Low Distrust - 26%
No Distrust - 5%
Westin showed a direct correlation between the respondent’s distrust level and respondent’s
position for a majority of the privacy issues. Westin showed this correlation in the 1990, 1993 and
1994 studies. In one of his remarks regarding this correlation, Westin argued the following [13]:
The degree of pro-privacy orientation on each issue goes up in a step-by-step rise as the
level of distrust increases. For example, 51% of public is very concerned about threats to
personal privacy, but 61% of those High in distrust are very concerned; 53% of those with
Medium distrust; 42% of those Low in distrust; and only 24% of respondents who are Not
Distrustful say they are very concerned about threats to their personal privacy today.
2.4. Equifax-Harris Consumer Privacy Report – 1996
In the 1996 study [15], Westin created the “Privacy Concern Index”. The following questions
were used for creating the index:
A1. How would you rate each of the following consumer issues in terms of their importance to you?
Is this very important to you, somewhat important, not very, or not at all important?
5. Protecting the privacy of consumer information
Very Important ( 65 )
Somewhat important ( 23 )
Not very important ( *** ) 13
Not at all important ( *** )
Don’t know ( @@ ) 14
Refused ( @@ )
A 2a. Have you personally ever been the victim of what you felt was an improper invasion of
privacy, or not?
Yes, has been victim ( 24 )
No, have not been victim ( @@ )
Don’t know ( @@ )
Refused ( @@ )
A 3. The present system in the U.S. for protecting the confidentiality of consumer information used
by business combines THREE main controls; voluntary privacy practices adopted by companies,
individual lawsuits and court decisions, and federal and state laws in specific industries.
Some experts feel that congress should create a permanent federal government Privacy
Commission, as some European countries have done. This Commission would examine new
technology development and could issue and enforce privacy regulations governing ALL business
in the U.S.
Other experts believe the present system is flexible enough to apply those consumer privacy rights
that the American public wants to have protected, and that creating a federal Commission gives too
much authority to the federal government.
Which of these choices do you think is best for the U.S.?
Creating a federal government Privacy Commission ( 28 )
Using the present system to protect consumer privacy rights ( 67 )
Neither ( *** )
15
13 ( *** ) together they were specified to be 10%
14 ( @@ ) hereafter in this report specifies when the values were not addressed in Westin’s reports.
________________________________________________________________________
- 11 -
Don’t know ( ***)
Refused ( @@ )
A 5. Here are some predictions about how well the privacy of information about consumers will be protected
in the year 2000. Which of the following comes closest to the way you feel – consumer privacy protection will
get better, will get worse, or will remain about the same as it is today?
Consumer privacy will get better ( 17 )
Consumer privacy will get worse ( 44 )
Consumer privacy will remain about the same ( 39 )
Dont know ( @@ )
Refused ( @@ )
E 3. Here are some statements about the internet. (READ EACH ITEM) Do you agree strongly, agree
somewhat, disagree somewhat, or disagree strongly?
1. The providers of on-line services should be able to track the places users go on the
Internet in order to send these users targeted marketing offers
Agree strongly ( 7 )
Agree somewhat ( 25 )
Disagree somewhat ( 32 )
Disagree strongly ( 32 )
Don’t know ( @@ )
Refused ( @@ )
G 2. Health care system researchers sometimes use patient records to study the value and costs of specific
medications and treatments in order to improve programs for handling diseases. These researchers do not
release any information that would identify specific patients. If your identity were kept strictly confidential,
AND obtaining your permission in advance was NOT feasible, how acceptable would it be for your medical
information to be used as part of that type of general research project – very, somewhat, not very, or not at
all acceptable?
Very acceptable ( 18 )
Somewhat acceptable ( 39 )
Not very acceptable ( 12 )
Not at all acceptable ( 31 )
Don’t know ( @@ )
Refused ( @@ )
Westin used the following six options for each of the questions mentioned above for creating the
index respectively (e.g. the response “very important” to the question A1.5 is modified as a
statement “Privacy of consumer information is very important”) [15]:
Privacy of consumer information is very important
Personally a victim of privacy invasion
Favor a general federal regulatory privacy commission
Believe consumer privacy will get worse by year 2000
Disagree that online services can track users for marketing to them
Not acceptable to use medical records of health-system research without advance
consent.
Westin divided the total public into High privacy concern (taking the samples whose response
matched with 4, 5, or 6 of the above options), Medium privacy concern (taking the samples
whose response matched with 2 or 3 of the above options), and Low privacy concern (taking the
samples whose response matched with 1 or none of the above options) groups. Using this division
Westin categorized the respondents into the following groups:
15 ( *** ) together they were specified as 5%
________________________________________________________________________
- 12 -
Privacy Fundamentalists: The respondents in this group were from the High privacy concern
group as classified before. 25% 16 of the respondents belonged to privacy Fundamentalists.
To this segment, consumer privacy is very important, they feel that they have been victims
of privacy invasions, they are pessimistic about the future of privacy protection and about
a third of them favor creating a general federal regulatory agency on consumer privacy.
Privacy Pragmatists: The respondents in this group were from the Medium privacy concern group
as classified before. 59 % of the respondents were privacy Pragmatists.
They are concerned about consumer privacy; they look at promised consumer-service
benefits before they willingly give personal information to businesses. They seek
safeguards and fair information practices when their personal information is sought to be
used by business; and most of them favor using the present system of sectoral regulation
by government and voluntary policies by business rather than creating a general federal
privacy agency with regulatory powers.
Privacy Unconcerned: The respondents in this group were from the Low privacy concern group
as classified before. 16 % of the respondents were classified as privacy Unconcerned.
They are not concerned about consumer privacy, do not feel victimized are ready to give
their information for consumer benefits, and a large majority of them are not supportive of
a general federal regulatory agency for consumer privacy.
2.5. E-commerce & Privacy: What Net Users want, 1998
In the 1998 study [17], Westin did not create any privacy index; instead Westin asked a question
regarding personal privacy. This question was also asked in some of the other studies [10], [12],
[13]:
Q1017. How concerned are you about threats to your personal privacy in America today - very
concerned, somewhat concerned, not very concerned, or not concerned at all?17
Very concerned
Somewhat concerned
Not very concerned
Not concerned at all
Don’t know
Refused
Westin found that 87% of computer users say they are concerned, with 56% “very concerned”
and 31% “somewhat concerned”.
2.6. Privacy On and Off the Internet: What Consumers Want, 2001
Westin in his 2001 report [4] provides the definition of the “Privacy Segmentation Index” created
for the studies conducted between 1995 and 1999 [9], [14], [15], [20] Westin used the following
question to derive the index in these studies:
Q206. For each of the following statements, how strongly do you agree or disagree?
16 In the report [15], the values for the individual groups were specified as: privacy fundamentalists – 24%,
privacy pragmatists – 60% and privacy unconcerned – 16%. But the values provided in one of the foot
notes of the report were: Privacy Unconcerned – 16%, Privacy Pragmatists – 59% and Privacy
Fundamentalists – 25%. We have used the later value as the results in this paper, as the values of the groups
sum up to 100%.
17 We report this question here, as we use this information in later analysis. In this report we refer to this
question as the “common question.”
________________________________________________________________________
- 13 -
1. Consumers have lost all control over how personal information is collected and used by
companies.
2. Most businesses handle the personal information they collect about consumers in a
proper and confidential way.
3. Existing laws and organizational practices provide a reasonable level of protection for
consumer privacy today.
For each of the above statements the following options were provided:
Strongly Disagree
Somewhat Disagree
Somewhat Agree
Strongly Agree
We were able to obtain the values for 1990 and 2000 only [9], [20]; the values were:18
Table 2: Percentage of responses for the questions during 1990 and 200019
1999 [9]
2000 [20]
Strongly /
Somewhat
Agree
Strongly /
Somewhat
Disagree
Strongly/
Somewhat
Agree
Strongly/
Somewhat
Disagree
Consumers have lost all control
over how personal information is
collected and used by
companies.
80 20 77 20
Most businesses handle the
personal information they collect
about consumers in a proper and
confidential way.
64 34 54 43
Existing laws and organizational
practices provide a reasonable
level of protection for consumer
privacy today
59 38 51 47
In these studies (1995 – 1999), Westin used the following definitions for classifying the public
into three categories:
Privacy Fundamentalists are respondents who agreed (strongly or somewhat) with the first
statement (Q206 - 1) and disagreed (strongly or somewhat) with the second (Q206 - 2)
and third statements (Q206 – 3).
Privacy Unconcerned are those respondents who disagreed with the first statement (Q206
- 1) and agreed with the second (Q206 - 2) and third statements (Q206 – 3).
All other respondents were categorized into Privacy Pragmatists. For studies conducted between
1995 and 1999, Westin has provided the values in the 2001 report as follows (we provide the
values for the above groups):
18 Westin in his 2001 report specifies that he has derived the privacy segmentation index for the studies
conducted between 1995 and 1999; but we did not find any mention of the privacy segmentation index in
the 1996 report [15].
19 The total of the values obtained for all the categories except for the first category in 1999 did not total to
100; since we did not have the reports for 1999 and 2000, we were not able to check these values.
________________________________________________________________________
- 14 -
The values for fundamentalist, unconcerned and pragmatists were found to be:
Privacy Fundamentalists: This group sees privacy as an especially high value, rejects the
claims of many organizations to need or be entitled to get personal information for their
business or governmental programs, thinks more individuals should simply refuse to give
out information they are asked for, and favors enactment of strong federal and state laws
to secure privacy rights and control organizational discretion.
This group consists of about 25% of the American public.
Privacy Unconcerned: This group doesn’t know what the “privacy fuss” is all about,
supports the benefits of most organizational programs over warnings about privacy abuse,
has little problem with supplying their personal information to government authorities or
businesses, and sees no need for creating another government bureaucracy (a “Federal
Big Brother) to protect someone’s privacy.
This group consists of about 20% of the American public.
Privacy Pragmatists: This group weighs the value to them and society of various business
or government programs calling for personal information, examines the relevance and
social propriety of the information sought, wants to know the potential risks to privacy or
security of their information, looks to see whether fair information practices are being
widely enough observed, and then decides whether they will agree or disagree with
specific information activities – with their trust in the particular industry or company
involved being a critical decisional factor. The pragmatists favor voluntary standards and
consumer choice over legislation and government enforcement. But they will back
legislation when they think not enough is being done - or meaningfully done - by voluntary
means.
This group consists of about 55% of the American public.
Westin in his 2001 report also presents the value and procedure for obtaining the “Core Privacy
Orientation Index.” Westin created this index for the studies conducted in mid - 2000 and 2001.
For deriving the index, Westin used the same questions, options and the categories as in the above
study (1995 – 1999). Using the same definitions provided above, Westin derived the following
results for the mid – 2000 study:
Privacy Fundamentalists 25 %
Privacy Unconcerned 12 %
Privacy Pragmatists 63 %
Westin provided the following comments for the change in behavior of people in this
study (mid – 2000) compared to earlier studies:
What this documents is something that makes good sense in terms of what we
see happening all around us - that unconcern about privacy among the public
has dropped, and 88% of the public now registers Medium to High consumer
privacy concerns. But it also suggests that Privacy Fundamentalism is NOT
increasing. Instead, an even larger segment of the public than in the mid to late
1990’s, almost two-thirds, is adopting the Privacy Pragmatist - show me and let
me decide - position.
To obtain the core privacy orientation index for 2001 study, Westin used the same question as in
the above studies (1995 – 1999):
Q206. For each of the following statements, how strongly do you agree or disagree?
1. Consumers have lost all control over how personal information is collected and used by
companies. ( 32 – 47 – 16 – 5 ) 20
2. Most businesses handle the personal information they collect about consumers in a
proper and confidential way. ( 3 – 41 – 19 – 18 )
20 Specified in the order of “strongly disagree,” “somewhat disagree,” “somewhat agree,” “strongly agree.”
________________________________________________________________________
- 15 -
3. Existing laws and organizational practices provide a reasonable level of protection for
consumer privacy today. ( 4 – 34 – 45 – 18 )
The following options were provided to the respondents to select from:
Strongly Disagree
Somewhat Disagree
Somewhat Agree
Strongly Agree
In this 2001 study, Westin used the following definitions for classifying the public into three
categories:
Privacy Fundamentalists are respondents who agreed (strongly or somewhat) with the first
statement (Q.206 - 1) and disagreed (strongly or somewhat) with the second (Q.206 - 2)
and third statements (Q.206 – 3).
Privacy Unconcerned are those respondents who disagreed with the first statement
(Q.206 - 1) and agreed with the second (Q.206 - 2) and third statements (Q.206 – 3).
Privacy Pragmatists are all other respondents.
The values for fundamentalist, unconcerned and pragmatists were found to be:
Privacy Fundamentalists: At the maximum extreme of privacy concern, Privacy
Fundamentalists are the most protective of their privacy. These consumers feel
companies should not be able to acquire personal information for their organizational
needs and think that individuals should be proactive in refusing to provide information.
Privacy Fundamentalists also support stronger laws to safeguard an individual’s privacy.
This group consists of 34% of the American public.
Privacy Unconcerned: These consumers are the least protective of their privacy - they feel
that the benefits they may receive from companies after providing information far outweigh
the potential abuses of this information. Further, they do not favor expanded regulation to
protect privacy.
This group consists of 8% of the American public.
Privacy Pragmatists: Privacy Pragmatists weigh the potential pros and cons of sharing
information; evaluate the protections that are in place and their trust in the company or
organization. After this, they decide whether it makes sense for them to share their
personal information.
Majority of the American public (58%) belong to this group.
2.7. Harris Privacy Survey - 2003
In the 2003 study [6], to obtain the privacy index, Westin asked the following question:
For each of the following statements, how strongly do you agree or disagree?21
1. Consumers have lost all control over how personal information is collected and used by
companies. ( 69% agreeing )
2. Most businesses handle the personal information they collect about consumers in a
proper and confidential way. ( 54% disagreeing )
3. Existing laws and organizational practices provide a reasonable level of protection for
consumer privacy today. (53% disagreeing )
Following options were provided to the respondents to choose from:
Strongly Disagree
Somewhat Disagree
Somewhat Agree
21 As we took this information from the summary this does not have a question number; also we were not
able to obtain the complete breakup percentage for each options. So we provide the values that we obtained
from the summary.
________________________________________________________________________
- 16 -
Strongly Agree
Replies to these three questions have the following results:
1. 69% of adults agree,22 “Consumers have lost all control over how personal information is
collected and used by companies." This is a decline of eleven points from 80% who felt
this way in 1999.
2. 54% of the public disagree that "most businesses handle the personal information they
collect about consumers in a proper and confidential way." This is an increase of nineteen
points from only 35% who felt this way in 1999.
3. 53% of all adults disagree that "existing laws and organizational practices provide a
reasonable level of protection for consumer privacy today." This is an increase of fifteen
points from 38% in 1999.
Using above values Westin classified the public into three categories:
Privacy Fundamentalists: Some people feel very strongly about privacy matters. They
tend to feel that they have lost a lot of their privacy and are strongly resistant to any further
erosion of it.
This group consists of 26% of the American public.
Privacy Unconcerned: At the other extreme there are people who have no real concerns
about privacy and who have far less anxiety about how other people and organizations
are using information about them.
This group consists of 10% of the American public.
Privacy Pragmatists: who have strong feelings about privacy and are very concerned to
protect themselves from the abuse or misuse of their personal information by companies
or government agencies.
This group consists of 64% of the American public.
3. Discussion
This study was conducted to provide an understanding of the methodology, questions and results
used by Westin to create the privacy indexes. Westin in his surveys, created several privacy
indexes to summarize his results and to show trends in privacy concerns among the public. As
mentioned earlier Westin used these indexes to classify people into three groups. He has
interchangeably used the following to describe these three groups: (1) High and Fundamentalist,
(2) Medium and Pragmatist, (3) Low and Unconcerned. We showed that Westin has used
different questions to derive the same index (e.g. 1990 study [10] and 1996 study [11]). Also
Westin did not create or provide the same indexes for all the studies which could have aided
direct comparison.
22 Westin has considered “strongly agree” and “somewhat agree” together for “agree” and “strongly
disagree” and “somewhat disagree” together for “disagree”.
________________________________________________________________________
- 17 -
Table 3 : Values and names for various privacy indexes. We were not able to obtain the index name for the
2004 study. 23
Year of Study Index Category name with % of population in
the study
Privacy Fundamentalists – 25%
Privacy Unconcerned – 18%
1990 [10] General Privacy Concern Index
Privacy Pragmatists – 57%
High Concern – 41%
Medium Concern – 39%
1990 [10] Consumer Privacy Concern Index
Low Concern – 20%
High Concern – 46%
Medium Concern – 36%
1991 [10] Consumer Privacy Concern Index
Low Concern – 17%
High – 13%
Medium – 45%
1993 [12] Medical Sensitivity Index
Low – 42%
1993 [12] Medical Privacy Concern Index High – 48%
High – 22 %
Medium – 32 %
1993 [12] Consumer Fear Index
Low – 47 %
High Distrust - 31%
Medium Distrust - 38%
Low Distrust - 26%
1994 [13] Distrust Index
No Distrust - 5%
Privacy Fundamentalists – 25%
Privacy Unconcerned – 16%
1996 [15] Privacy Concern Index
Privacy Pragmatists – 59%
Privacy Fundamentalists – about 25%
Privacy Unconcerned – about 20%
1995 – 1999 [4] Privacy Segmentation Index
Privacy Pragmatists – about 55%
Privacy Fundamentalists – 25%
Privacy Unconcerned – 12%
Mid – 2000 [4] Core Privacy Orientation Index
Privacy Pragmatists – 63%
Privacy Fundamentalists – 34%
Privacy Unconcerned – 8%
Late – 2001 [4]
Core Privacy Orientation Index
Privacy Pragmatists – 58%
2003 [6] Core Privacy Orientation Index Privacy Fundamentalists – 26%
23 Information provided in the summary of 2001 survey gives the details for 1995 – 1999. Since we had the
complete report for 1996, we have provided the exact values from the 1996 survey report. Also we have
provided the values only from the summary and reports which we were able to find.
________________________________________________________________________
- 18 -
Privacy Unconcerned – 10%
Privacy Pragmatists – 64%
2004 [3] High - 35%
Table 4 : Values for each option from the common question; the column “Total” provides the sum of the
column “Very concerned” and the column “somewhat concerned.”24
Year
Very
concerned
Somewhat
concerned
Not very
concerned
Not
concerned
at all
Not
sure Total
1978 [13] 31% 33% 17% 19% 1% 64%
1983 [13] 48% 29% 15% 7% 0% 77%
1990 [13] 46% 33% 14% 6% 1% 79%
1991 [13] 48% 31% 12% 7% 1% 79%
1992 [13] 47% 31% 13% 8% 2% 78%
1993 [13] 49% 30% 11% 6% 3% 79%
1994 [13] 51% 33% 10% 5% 1% 84%
1995 [14] 47% 35% DNA DNA DNA 82%
1996 [15] DNTAQ DNTAQ DNTAQ DNTAQ DNTAQ DNTAQ
1998 [17] 55% 33% DNA DNA DNA 88%
1998 [18] 56% 31% DNA DNA DNA 87%
2001 [4] DNTAQ DNTAQ DNTAQ DNTAQ DNTAQ DNTAQ
2003 [6] DNA DNA DNA DNA DNA DNA
2004 [3] DNA DNA DNA DNA DNA DNA
DNA – Data Not Available, DNTAQ – Did Not Ask The Question
Table 3 provides the values for each privacy indexe created by Westin; Table 4 provides
the percentage of personal privacy concern level for the common question mentioned in Section
2.5. From Table 3, we can see that during 1994 – 2000 the percentage of Fundamentalists in the
public have remained almost the same, around 25% but the number of Unconcerned had
decreased from 42 % in 1993 to 12 % in 2000 and reduced further to 10 % in 2003. However
Pragmatist group was varying between 30% and 64%, 64% in 2003 being the highest to date of
all the surveys. From Table 4 we can see that the percentage of personal privacy concern (“very
concerned” or “somewhat concerned”) was around 80 % in almost all the studies, except for 88%
during 1998. Using the results from his studies, Westin showed a strong correlation between the
index values and the responses for the “common question” (e.g. higher the concern for personal
privacy, higher the possibility of being in the category of “High or Fundamentalist.”)
In his reports Westin specifies that in recent years the position of – “Show me and let me
decide” – [4] which is the Pragmatist (around 60%) view is prevailing among the public. This is
consistent with the data in Table 3. The percentage of “Unconcerned” has been steadily
decreasing for the last few years. In his reports Westin mentions that this might be due to more
people getting to know more about technology and also becoming aware of various means to
protect their privacy.
Westin stated, “Surveys show that consumer privacy concerns have not been lessened by 9/11”
[8]. This can be seen in Table 3 for mid-2000 and late-2001. An increase of 9% (due to a decrease
of 4% in Unconcerned and 5% in Pragmatist) in Fundamentalist shows that Americans are more
worried about privacy post 9/11.
24 We have presented all the values from the reports and the summaries that we have discussed in this
report.
________________________________________________________________________
- 19 -
3.1. Closer look at the questions used for creating the indexes:
From Table 5 we can see that the criteria used for deriving the indexes have been different for
different studies and also the indexes’ names have been different.
Table 5 summarizes the different aspects that Westin used for deriving the privacy indexes (For the
purpose of comparison we have provided only necessary details and all details provided are taken exactly
from Westin reports).
Year of study Criteria used for deriving the privacy index
1990
(General Privacy
Concern Index)
Whether they are very concerned about threats to their personal privacy
today.
Whether they agree strongly that business organizations seek
excessively personal information from consumers.
Whether they agree strongly that the Federal government since
Watergate is still invading the citizen’s privacy.
Whether they agree that consumers have lost all control over circulation
of their information.
1991
(Consumer Privacy
Concern Index)
Agreement for the statements :
Consumers have lost all control over how personal information about
them is circulated and used by companies
My privacy rights as a consumer in credit reporting are adequately
protected today by law and business practices
1993
(Medical Privacy
Concern Index)
Ever used the services of a psychologist, psychiatrist, or other mental-
health professional.
Do you believe your personal information has been disclosed? And
there were other 4 questions which were all related to medical
information.
1993
(Computer Fear Index)
If privacy is to be preserved, the use of computers must be sharply
restricted in the future.
Concern level in usage of computers in medical services (patient
billing, accounting)
1994
(Distrust Index)
Technology has almost gotten out of control
Government can generally be trusted to look after our interests
The way one votes has no effect on what the government does
In general business helps us more than harm us
1995 – 2003
(Privacy Segmentation
&
Core Privacy
Orientation Index)
Consumers have lost all control over how personal information is
collected and used by companies.
Most businesses handle the personal information they collect about
consumers in a proper and confidential way.
Existing laws and organizational practices provide a reasonable level of
protection for consumer privacy today.
________________________________________________________________________
- 20 -
From this analysis we can say that the results produced by these different surveys conducted by
Westin cannot be directly compared because of the following reasons:
The indexes derived in the different studies did not use the same criteria
(questions) for deriving them.
The options (answers) used for obtaining the indexes were different for different
studies.
These indexes could be directly compared to any similar study if and only if:
The same questions are analyzed as asked by Westin
The options for the questions provided are the same as those provided by Westin.
The criteria used for deriving the indexes should be the same as the criteria used
by Westin in deriving the particular index.
We see that the criteria for deriving the indexes have been consistent since 1995 and also the
names given to the privacy indexes have been consistent. This helps us in understanding the
privacy trend from 1995.
Apart from questions related to privacy index and general privacy concern, Westin’s
privacy studies also include many other questions that may be of use to privacy researchers.
However, it is important to keep in mind that these questions were usually asked in the context of
studies commissioned by corporations that intended to use the results as part of their efforts to
influence the public policy process. Thus, privacy activists have been critical of the design of
some of these questions and the ways the results have been reported [3].
Other groups and organizations have shown concern towards Westin’s categorization. Electronic
Privacy Information Center (EPIC), in their criticism, say that Westin has chosen “Pejorative”
terms to describe those who care a great deal about privacy – “Fundamentalists.” EPIC mentions
that the behavior of the samples who are classified as “Fundamentalists” by Westin are not
unreasonable and so they must not be referred and seen as people who are paranoid about privacy
issues. Also, Professor Oscar Gandy in “The Role of Theory in the Policy Process” comments on
the Equifax report of 1990. He mentions that the extent to which people had read or heard about
“the potential use or misuse of computerized information about consumers” influences their level
of privacy concerns. The more the people heard or read, the more they were concerned about
threats to their privacy and the more concerned they were about the sale of personal information
by industry [3].
We expect this report to help researchers in gaining an understanding of the questions,
results and criteria for analysis of the privacy indexes created by Westin. We hope this study will
help privacy researchers by giving a perspective of various privacy indexes created by Westin. In
this report we only provide the results obtained by Westin; we did not perform any survey or
study to evaluate the values presented in this report. As shown earlier, most of the indexes created
by Westin cannot be directly compared.
In this study, we analyzed only the reports that we were able to obtain [Table 1]. Westin
has conducted more than 30 survey studies and we analyzed only 14 of them. But we suspect the
reports that we have analyzed are a good sample of the studies. Also the studies mentioned in this
report were the studies mostly referenced in other reports and publications. A report based on all
the 30 studies would help to generalize the findings further. One of the future research questions
is to study time or the situation (political, legal and social) in which the study was conducted and
to correlate it with the responses by the samples. We suspect these could have had an impact on
the responses obtained by Westin.
________________________________________________________________________
- 21 -
Acknowledgements
The authors would like to thank Dr. Alessandro Acquisti, Heinz School, Carnegie Mellon
University, for his suggestions on the initial draft of this report. The authors also wish to thank
Edward Barr and Sarah Jameson of Carnegie Mellon University for their feedback on the
presentation and language of the paper. This research was partially supported by Institute for
Software Research International, Carnegie Mellon University. This research was also partially
funded by Carnegie Mellon CyLab.
References
[1]. ACQUISTI, A., AND GROSSKLAGS, J. Privacy and Rationality: Preliminary
Evidence from Survey Data. In Proceedings. In Third Workshop on Economics and
Information Security, 2004. (May 2004).
[2]. CRANOR, L. F., REAGLE, J., AND ACKERMAN, M. S. Beyond Concern:
Understanding Net Users' Attitudes About Online Privacy. Tech. rep., Retrieved
June 18, 2004,
http://www.research.att.com/resources/trs/TRs/99/99.4/99.4.3/report.htm.,
September 25-27, 1999.
[3]. ENTERPRISE PRIVACY INFORMATION CENTRE. Public Opinion on Privacy.
2005. Retrieved June 18, 2005, http://www.epic.org/privacy/survey/default.html.
[4]. HARRIS INTERACTIVE. Privacy On & Off the internet: What Consumers Want.
Tech. rep., Retrieved Aug 27, 2004,
http://www.aicpa.org/download/webtrust/priv_rpt_21mar02.pdf., November 2001.
Conducted for Privacy & American Business, 1,529 interviewees.
[5]. PRIVACY & AMERICAN BUSINESS. Executive Summary. 1999. Retrieved Aug
20, 2004, http://www.pandab.org/doubleclicksummary.html
[6]. TAYLOR, H. Most People Are "Privacy Pragmatists" Who, While Concerned about
Privacy, Will Sometimes Trade It Off for Other Benefits. 2003. Conducted among
1,010 respondents. Retrieved Aug 18 2004,
http://www.harrisinteractive.com/harris_poll/index.asp?PID=365.
[7]. WESTIN, A. Freebies and Privacy:What Net Users Think. 1999. Retrieved Aug 20,
2004, http://www.pandab.org/sr990714.html.
[8]. WESTIN, A. Consumer, Privacy and Survey Research. 2003. Retrieved Aug 17,
2004,
http://www.harrisinteractive.com/advantages/pubs/DNC_AlanWestinConsumersPri
vacyandSurveyResearch.pdf
[9]. WESTIN, A., AND HARRIS INTERACTIVE. IBM-Harris Multi-National
Consumer Privacy Survey. Tech. rep., 1999. Approximately 5,000 adults of the
U.S., Britain and Germany.
[10]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Harris-Equifax Consumer
Privacy Survey. Tech. rep., 1991. Conducted for Equifax Inc. 1,255 adults of the
U.S. public.
[11]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Equifax Executive
Summary. 1992. Conducted among 1,254 adults of the U.S. public. Retrieved Aug
20, 2004, http://www.privacyexchange.org/iss/surveys/eqfx.execsum.1992.html.
[12]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Health Information Privacy
Survey. Tech. rep., 1993. Conducted for Equifax Inc. 1,000 adults of the U.S.
public.
________________________________________________________________________
- 22 -
[13]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Equifax-Harris Consumer
Privacy Survey. Tech. rep., 1994. Conducted for Equifax Inc. 1,005 adults of the
U.S. public.
[14]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. 1995 Equifax/Harris
Consumer Privacy Survey- Executive Summary. Conducted for Equifax Inc. 1,006
adults of the national public. Retrieved Aug 20, 2004,
http://www.mindspring.com/~mdeeb/equifax/cc/parchive/svry95/docs/summary.htm
l.
[15]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Equifax-Harris Consumer
Privacy Survey. Tech. rep., 1996. Conducted for Equifax Inc. 1,005 adults of the
U.S. public.
[16]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Executive Summary. 1997.
The results of Commerce, Communication, and Privacy Online for Privacy &
American Business. 1,009 computer using adults. Retrieved Aug 20, 2004,
http://www.privacyexchange.org/iss/surveys/computersurvey97.html.
[17]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. E-Commerce & Privacy:
What Net Users Want. Tech. rep., 1998. Conducted for Privacy & American
Business and PricewaterhouseCoopers. 1,011 adults of the national public.
[18]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Executive Summary. 1998.
Findings from the survey - The Privacy Concerns and Consumer Choice. Retrieved
Aug 18, 2004, http://www.privacyexchange.org/iss/surveys/1298execsum.html.
[19]. WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Equifax Executive
Summary. 1990. Findings from the Survey - Consumers in the Information Age for
Equifax Inc. 2,254 adults of the national public. Retrieved Aug 20, 2004,
http://www.privacyexchange.org/iss/surveys/eqfx.execsum.1990.html.
[20]. WESTIN, A., AND OPINION RESEARCH CORPORATION. Public Records and
the Responsible Use of Information. Tech. rep., 2000. Conducted for the Center for
Social and Legal Research and sponsored by ChoicePoint, Inc.
[21]. WESTIN, A., AND THE STAFF OF THE CENTER FOR SOCIAL & LEGAL
RESEARCH. Bibliography of Surveys of the U.S. Public, 1970-2003. 2003.
Retrieved June 19, 2004,
http://www.privacyexchange.org/iss/surveys/surveybibliography603.pdf.
... The section examines Westin's significant contribution to the topic of privacy, including a summary of his biography, a look at his foundational writings and a discussion of the creation of his unique segmentation and privacy indices. In addition, the study of Kumaraguru and Cranor (2005), which deeply reviewed Westin's approach, is decribed. ...
... Despite the fact that Westin was a prominent historian and professor of privacy legislation, his survey research grew out of his work as a consultant to information-intensive companies [44], and he did not publish it in academic publications. As a result, it has only been subjected to a few in-depth examinations [24]. ...
... Westin created and used multiple privacy indices, which evolved over the years. We report some key milestones in the following [53,54,24]. ...
Preprint
In the modern digital world users need to make privacy and security choices that have far-reaching consequences. Researchers are increasingly studying people's decisions when facing with privacy and security trade-offs, the pressing and time consuming disincentives that influence those decisions, and methods to mitigate them. This work aims to present a systematic review of the literature on privacy categorization, which has been defined in terms of profile, profiling, segmentation, clustering and personae. Privacy categorization involves the possibility to classify users according to specific prerequisites, such as their ability to manage privacy issues, or in terms of which type of and how many personal information they decide or do not decide to disclose. Privacy categorization has been defined and used for different purposes. The systematic review focuses on three main research questions that investigate the study contexts, i.e. the motivations and research questions, that propose privacy categorisations; the methodologies and results of privacy categorisations; the evolution of privacy categorisations over time. Ultimately it tries to provide an answer whether privacy categorization as a research attempt is still meaningful and may have a future.
... Understanding the differences in smartphone users' perceived information sensitivity requires the characterisation of users along privacy attributes (Mekovec et al., 2017;Wisniewski et al., 2017). Including privacy concerns into the analysis that provides insight for tailoring privacy support to users ensures that privacy sensitivities are taking into account (Kumaraguru and Cranor, 2005;Zhuo et al., 2017). This is important because the decision to share personal information is connected to how users perceive privacy risks (Acquisti et al., 2017;Kulyk et al., 2019). ...
... Alan Westin conducted several privacy-related surveys covering general privacy, consumer privacy, medical privacy, and other privacy-related areas between 1978 and 2004 to characterise people according to their privacy concern level (Kumaraguru and Cranor, 2005). Westin characterised people into, privacy fundamentalists, privacy pragmatists and privacy unconcerned. ...
... Conversely, privacy unconcerned usually trust organisations, have no problem with disclosing personal information. Privacy pragmatists normally weigh the benefits of disclosure and of the various opportunities involved against the level of intrusiveness of the personal information sought (Kumaraguru and Cranor, 2005). However, it is unclear how context influences these categories. ...
Thesis
Full-text available
The level of sensitivity with which smartphone users perceive information influences their privacy decisions. Information sensitivity is complex to understand due to the multiple factors influencing it. Adding to this complexity is the intimate nature of smartphone usage that produces personal information about various aspects of users’ lives. Users perceive information differently and this plays an important role in determining responses to privacy risks. The different levels of perceived sensitivity in turn point out how users could be uniquely supported through information cues that will enhance their privacy. However, several studies have tried to explain information sensitivity and privacy decisions by focusing on single-factor analysis. The current research adopts a different approach by exploring the influences of the disclosure context (smartphone ecosystem), three critical factors (economic status, location tracking, apps permission requests) and privacy attributes (privacy guardian, pragmatist, and privacy unconcerned) for a more encompassing understanding of how smartphone user categories in the UK perceive information. The analysis of multiple factors unearth deep complexities and provide a nuanced understanding of how information sensitivity varies across categories of smartphone users. Understanding how user categories perceive information enables tailored�privacy. Tailored privacy moves from “one-size-fits-all” to tailoring support to users and their context. The present research applied the Struassian grounded theory to analyse the qualitative interview data collected from 47 UK university graduates who are smartphone users. The empirical research findings show that smartphone users can be characterised into eight categories. However, the category a user belongs depends on the influencing factor or the information (identity or financial) involved and the privacy concern category of the user. This study proposes a middle-range theory for understanding smartphone users’ perception of information sensitivity. Middle-range theories are testable propositions resulting from an in-depth focus on a specific subject matter by looking at the attributes of individuals. The propositions show that an effective privacy support model for smartphone users should consider the varying levels of information sensitivity. Therefore, the study argues that users who perceive information as highly sensitive require privacy assurance to strengthen privacy, whereas users who perceive information as less sensitive require appropriate risk awareness to mitigate privacy risks. The proposition provides insight that could support tailored privacy for smartphone users.
... Usable privacy research already includes privacy persona approaches [5,14,24,48]. However, these differ from our approach in two respects. ...
... However, these differ from our approach in two respects. On the one hand, existing concepts are not concerned with the abstract representation of users but rather with the classification of users, e. g., according to their privacy concerns, as by Westin [24,48]. Furthermore, existing approaches focus on end users and their privacy motivation, knowledge, or concerns [5,14,24,48]. ...
... On the one hand, existing concepts are not concerned with the abstract representation of users but rather with the classification of users, e. g., according to their privacy concerns, as by Westin [24,48]. Furthermore, existing approaches focus on end users and their privacy motivation, knowledge, or concerns [5,14,24,48]. However, end users differ from WOs, who are responsible for privacy measures deployed on a website. ...
Article
Full-text available
Many websites contain services from third parties. Misconfigurations of these services can lead to missing compliance with legal obligations and privacy risks for website users. Previous research indicates that one cause for such privacy issues is missing awareness. However, reasons for the missing awareness and other reasons for the prevalence of privacy issues are not widely researched; that includes website owners’ dealing with those issues. To shed light on the issue, we analyze 1043 responses from website owners to a notification about a privacy issue on their website using thematic analysis, following an exploratory and qualitative approach. Our analysis shows that, next to unawareness of the issue, incorrect technical implementation and ambiguous responsibilities are among the reasons for privacy issues. Also, website owners face different challenges, such as a lack of knowledge or slow organizational coordination and processes. In addition, our results show that the circumstances in which they operate their website influences how they act and what challenges they face. To illustrate these differences in website owners, we derive three personas from our thematic analysis: (1) the Ignorant Hobbyist, (2) the Busy Self-Employed, and (3) the Informed Multi-Stakeholder. These personas cover the majority of the aspects of the analyzed responses and represent the diversity of website owners and their backgrounds. Given the challenges and backgrounds of website owners, we discuss which prerequisites must be fulfilled to remediate privacy issues on websites. Finally, we present measures that support website owners in remediating privacy issues and show how to adapt these measures to the needs of different website owners. We hope that better support for website owners will also lead to better privacy for website visitors.
... Westin examined the public's general level of concern about privacy and also examined attitudes toward specific privacy-related issues, such as trust in organizations that handle personal information, acceptance of a national identification system, and even the use of medical records for research [23]. ...
... By Westin this group estimate various consumer opportunities and services, protections of public safety or enforcement of personal morality against the degree of intrusiveness of personal information sought and the increase in government power involved, ie. risks [23]. ...
Conference Paper
Full-text available
As technology advances daily, so are the challenges in preserving one's privacy. Being the generation that has been born in such a highly technological environment, members of Generation Z, born between mid-to-late 1990s and the early-to-mid 2000s, have been engaging in privacy related transactions more than any generation before. The issue of privacy is becoming more pronounced, along the possibilities of individuals controlling their data, that can lead to the discrepancy between attitudes about privacy preservation and actual behavior, that has become known as the "privacy paradox". By looking at this paradox through generational attitudes toward privacy, organizational practices and related legal frameworks, as well as the contemporary context of the sharing economy, the research aims to give insight whether members of the affected generation can be classified as fundamentalists, pragmatists, or unconcerned about privacy as a classification used by Alan Westin.
... In previous studies, Privacy Calculus Theory has mainly been applied in the context of individuals' self-disclosure on social networks or on websites. However, Privacy Calculus Theory as the theoretical basis in the context of IoT applications has been limited [28]. A conceptual model that applies the Privacy Calculus Theory to the context of crowdsensing systems is presented in Figure 1. ...
... This potentially influences the described benefit-cost tradeoff. Kumaraguru & Cranor [28], reviewing works on privacy indexes by Westin between 1978 and 2004, mention three categories referring to different groups regarding privacy concerns: 1) Privacy Fundamentalist, 2) Privacy Pragmatist, and 3) Privacy Unconcerned. In order to derive this Privacy Index, the statements as displayed in Table 2 are used [36]. ...
Article
Full-text available
With rising numbers of people living in cities leading to increasing congestion and pollution, mobile crowdsensing applications form a potential solution to make transport systems smarter and more efficient. However, sharing data comes with the risk of private information being disclosed. Therefore, a clear incentive is necessary to motivate smart device users to share data about their activities and their environment. Taking a choice modelling approach, this study aims to identify factors related to incentives and privacy that explain choice behavior of users in crowdsensing applications. We find that the effort required by users is a main factor influencing the willingness to share data. 47% of respondents (n=125) indicated to be highly concerned about their privacy. However, the risk of re-identification was found to be the least important factor to respondents, a finding which could be explained by the Privacy Paradox. Our findings imply that a trade-off has to be made by developers of crowdsensing applications between the richness of information on one hand, and the privacy risks and participation rate of users on the other hand. We propose three practical principles for designing effective and value-sensitive crowdsensing applications for smart mobility, which are 1) Tailor-made applications, 2) Transparency by design, and 3) Ensuring attractiveness of applications. Furthermore, our study provides a basis for further research on user preferences in smart mobility applications, which will become increasingly important in the light of current challenges in the field of mobility.
... In our case, we hypothesize that the value of information is determined by the price offered for this information; we plan to investigate this phenomenon in further research. Overall, the results reported in our work are surprising and contradict the Westin Privacy Segmentation Index [58,59]. The Westin Privacy Segmentation Index categorizes individuals' privacy concerns and attitudes toward personal information. ...
Article
Full-text available
This research studied people’s responses to requests that ask for accessing their personal information when using augmented reality (AR) technology. AR is a new technology that superimposes digital information onto the real world, creating a unique user experience. As such, AR is often associated with the collection and use of personal information, which may lead to significant privacy concerns. To investigate these potential concerns, we adopted an experimental approach and examined people’s actual responses to real-world requests for various types of personal information while using a designated AR application on their personal smartphones. Our results indicate that the majority (57%) of people are willing to share sensitive personal information with an unknown third party without any compensation other than using the application. Moreover, there is variability in the individuals’ willingness to allow access to various kinds of personal information. For example, while 75% of participants were open to granting access to their microphone, only 35% of participants agreed to allow access to their contacts. Lastly, monetary compensation is linked with an increased willingness to share personal information. When no compensation was offered, only 35% of the participants agreed to grant access to their contacts, but when a low compensation was offered, 57.5% of the participants agreed. These findings combine to suggest several practical implications for the development and distribution of AR technologies.
... The pragmatists make their decisions based on the privacy risk and the value of their information in different scenarios. Though there are a number of critiques of Westin's segmentation, it is widely adopted when evaluating users' privacy attitudes 34,35 . Since surveys from different years yield different distributions of Westin's categories 33,36 , In the above simulations, we assume players' valuations for finding a relative are always b i . ...
Article
Full-text available
As recreational genomics continues to grow in its popularity, many people are afforded the opportunity to share their genomes in exchange for various services, including third-party interpretation (TPI) tools, to understand their predisposition to health problems and, based on genome similarity, to find extended family members. At the same time, these services have increasingly been reused by law enforcement to track down potential criminals through family members who disclose their genomic information. While it has been observed that many potential users shy away from such data sharing when they learn that their privacy cannot be assured, it remains unclear how potential users’ valuations of the service will affect a population’s behavior. In this paper, we present a game theoretic framework to model interdependent privacy challenges in genomic data sharing online. Through simulations, we find that in addition to the boundary cases when (1) no player and (2) every player joins, there exist pure-strategy Nash equilibria when a relatively small portion of players choose to join the genomic database. The result is consistent under different parametric settings. We further examine the stability of Nash equilibria and illustrate that the only equilibrium that is resistant to a random dropping of players is when all players join the genomic database. Finally, we show that when players consider the impact that their data sharing may have on their relatives, the only pure strategy Nash equilibria are when either no player or every player shares their genomic data.
Chapter
Differential privacy has been proposed as a rigorous privacy guarantee for computation mechanisms. However, it is still unclear how data collectors can correctly and intuitively configure the value of the privacy budget parameter \(\varepsilon \) for differential privacy, such that the privacy of involved individuals is protected. In this work, we seek to investigate the trade-offs between differential privacy valuation, scenario properties, and preferred differential privacy level of individuals in a data trade. Using a choice-based conjoint analysis (\(N = 139)\), we mimic the decision-making process of individuals under different data-sharing scenarios. We found that, as hypothesized, individuals required lower payments from a data collector for sharing their data, as more substantial perturbation was applied as part of a differentially private data analysis. Furthermore, respondents selected scenarios with lower \(\varepsilon \) values (requiring more privacy) for indefinitely-retained data for profit generation than for temporarily-retained data with a non-commercial purpose. Our findings may help data processors better tune the differential privacy budget for their data analysis based on individual privacy valuation and contextual properties.KeywordsDifferential PrivacyPrivacy BudgetUser PreferencesWillingness-to-AcceptConjoint Analysis
Article
We study monopolistic screening when some consumers are data sensitive and incur a privacy cost if their purchase reveals information to the monopolist. The monopolist discriminates between data-sensitive and classical consumers using privacy mechanisms that consist of a direct mechanism and a privacy option. A privacy mechanism is optimal for large privacy costs and leaves classical consumers better off than data-sensitive consumers with the same valuation. When privacy preferences become public information, data-sensitive consumers and the monopolist gain, whereas classical consumers lose. Our results are relevant for policies targeting consumers’ data awareness, such as the European General Data Protection Regulation. (JEL D11, D42, D82, D83, L12)
Article
When it comes to feelings about privacy, we are not all the same. In our work on this topic with privacy expert, Dr. Alan Westin, president and publisher, Privacy & American Business, we find three very different groups. Some people feel very strongly about privacy matters. They tend to feel that they have lost a lot of their privacy and are strongly resistant to any further erosion of it. We call them privacy fundamentalists, and they are currently about a quarter (26%) of all adults. At the other extreme there are people who have no real concerns about privacy and who have far less anxiety about how other people and organizations are using information about them. We call them privacy unconcerned and they are about ten percent of all adults. The third, and by far the largest group, now almost two-thirds of all adults (64%) are what we call privacy pragmatists, who have strong feelings about privacy and are very concerned to protect themselves from the abuse or misuse of their personal information by companies or government agencies. However, they are – to a far greater degree than the privacy fundamentalists – often willing to allow people to have access to, and to use, their personal information where they understand the reasons for its use, where they see tangible benefits for so doing and when they believe care is taken to prevent the misuse of this information. Since 1999 the numbers in each segment have varied somewhat. Compared to nine years ago, privacy pragmatists have increased from 54% to 64%, while the privacy unconcerned have declined from 22% to 10% of all adults. This analysis is based on replies to three questions included in a recent Harris Poll conducted by telephone by Harris Interactive ® with a nationwide cross section of 1,010 adults. The survey was fielded between February 12 and 16, 2003.
Article
People are concerned about privacy, particularly on the Internet. While many studies have provided evidence of this concern, few have explored the nature of the concern in detail, especially for the online environment. With this study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand how they are concerned. We hope our results will help inform both policy decisions as well as the development of technology tools that can assist Internet users in protecting their privacy. We present results here from the analysis of 381 questionnaires completed between November 6 and November 13, 1998 by American Internet users. The sample was drawn from the FamilyPC magazine/Digital Research, Inc. Family Panel. While this is not a statistically representative sample of US Internet users, our respondents are heavy Internet users, and quite possibly lead innovators. As such, we believe that this sample is important for understanding the future Internet user population.
Harris Consumer Privacy Survey-Executive Summary. Conducted for Equifax Inc. 1,006 adults of the national public
  • A And
  • Harris Louis
  • Associates
WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. 1995 Equifax/Harris Consumer Privacy Survey-Executive Summary. Conducted for Equifax Inc. 1,006 adults of the national public. Retrieved Aug 20, 2004, http://www.mindspring.com/~mdeeb/equifax/cc/parchive/svry95/docs/summary.htm l.
Executive Summary The results of Commerce, Communication, and Privacy Online for Privacy & American Business. 1,009 computer using adults
  • A And
  • Harris Louis
  • Associates
WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Executive Summary. 1997. The results of Commerce, Communication, and Privacy Online for Privacy & American Business. 1,009 computer using adults. Retrieved Aug 20, 2004, http://www.privacyexchange.org/iss/surveys/computersurvey97.html.
IBM-Harris Multi-National Consumer Privacy Survey
  • A Consumer
  • Survey Privacy
  • Research
  • A Westin
  • Harris And
  • Interactive
WESTIN, A. Consumer, Privacy and Survey Research. 2003. Retrieved Aug 17, 2004, http://www.harrisinteractive.com/advantages/pubs/DNC_AlanWestinConsumersPri vacyandSurveyResearch.pdf [9]. WESTIN, A., AND HARRIS INTERACTIVE. IBM-Harris Multi-National Consumer Privacy Survey. Tech. rep., 1999. Approximately 5,000 adults of the U.S., Britain and Germany.
Public Records and the Responsible Use of Information
  • A And
  • Opinion
  • Corporation
WESTIN, A., AND OPINION RESEARCH CORPORATION. Public Records and the Responsible Use of Information. Tech. rep., 2000. Conducted for the Center for Social and Legal Research and sponsored by ChoicePoint, Inc.
Equifax Executive Summary Findings from the Survey -Consumers in the Information Age for Equifax Inc. 2,254 adults of the national public
  • A And
  • Harris Louis
  • Associates
WESTIN, A., AND HARRIS LOUIS & ASSOCIATES. Equifax Executive Summary. 1990. Findings from the Survey -Consumers in the Information Age for Equifax Inc. 2,254 adults of the national public. Retrieved Aug 20, 2004, http://www.privacyexchange.org/iss/surveys/eqfx.execsum.1990.html.
Privacy On & Off the internet: What Consumers Want
  • Harris Interactive
HARRIS INTERACTIVE. Privacy On & Off the internet: What Consumers Want. Tech. rep., Retrieved Aug 27, 2004, http://www.aicpa.org/download/webtrust/priv_rpt_21mar02.pdf., November 2001. Conducted for Privacy & American Business, 1,529 interviewees.