ABSTRACT
While companies’ privacy policies inform consumers about their privacy practices, their adherence to regulations and Fair Information Practices (FIP) may vary widely. We develop and apply an extended checklist to examine the privacy practices of companies with a higher privacy and data security risk. We find that industry sector has a significant effect on companies’ privacy practice. Specifically, companies in the non-regulated communication services sector complied to FIP better than those in the regulated financial sector, indicating that the FTC’ self-regulation approach works, at least for the examined sector. While 67% of companies fully complied to the Security principle, they were not doing enough in full specification of Enforcement in their privacy policies, indicating that regulators need to strengthen enforcement provision in regulations and develop and enlist various enforcement mechanisms. Overall, this research informs legislation and the public on the effectiveness of self-regulation and government regulation.
Acknowledgment
We thank undergraduate students Kiley Gosselin and Madison Granados for their contributions to data collection. This research was supported through a Professional Development Fund Grant awarded by the Florida Gulf Coast University.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes
a Source: MSCI ESG Research LLC. Average Key Issue weights calculated as of Nov 9, 2020.