By Frank Spillers


"We are all in the privacy business".

This was my general conclusion when working on next generation usability for the popular directory look-up portal website (used by 200 million adults in the US). It doesn't matter what your website does online, if it involves giving consumers information, you are in the privacy business first and foremost. What does this mean?

Privacy is one of the biggest concerns users bring to the Web experience. It doesn't help that companies like Google have been rated worst privacy of all global companies for "comprehensive consumer surveillance and entrenched hostility to privacy" (Privacy International 2007). Worse popular sites like Facebook continue to struggle with privacy, as evidenced by the leak of sensitive information by the Face-booking spouse of the next head of the British Secret Service (MI6) this week.

As long as privacy continues to be a concern, you will have to address it in a way that makes sense to your consumer. "See our privacy policy" does not count. Users are not legal sleuths and since privacy is a concern the majority of users have, we are talking about perception of privacy as much as actual privacy itself. 

In this post I will cover the importance of privacy in online user experience and give you three proven usability guidelines for privacy user experience on your site.

Privacy cited as the #1 blocker to ecommerce conversions

Privacy continues to be the most dominant concern of users online dominating empirical and industry studies in the past decade (Cavoukian and Crompton, 2000; Burst Media 2009). In this 2003 empirical study (Ahuja; Gupta; Raman) of online consumer purchasing behavior, privacy and security concerns ranked #1 as the reason for preventing user from purchasing online.

The big search engines are not helping the privacy problem. Only Yahoo this year demonstrated leadership in the privacy area stating they will only retain personally identifiable information for 90 days. To appease privacy groups, Google reduced its cookie that expires in 2038 to a two year expiration period. 

Privacy and Security: What's the difference??

When I mention privacy as a user experience issue, a lot of technical folks look at me and say, "privacy and security are not the same thing!". Yes, that is true, but to a user-- privacy and security are intertwined and technical distinctions are non-existent.

Worse when sites carrying the Hacker Safe logo were shown to be hack-able, user fears not only become warranted but justified.  Note: Marketing Sherpa case studies and our own clients told us they lifted conversions on ecommerce sites using the old Hacker Safe logo, so it did work to ease perception of privacy/security. Sorry I don't have any data on how it's performing with the new MacAfee acquisition of Hacker Safe.

Privacy settings mandatory for Social Networking site

Facebook has struggled with privacy usability and garnered a lot of negative attention this year from it. Since European privacy laws are much more protective of users, regulators are now looking for better privacy protection from Facebook and
Twitter announced in late June 2009.

Facebook continues to violate the first privacy pitfall identified by Lederer (2004)

"To whatever degree is reasonable, systems should make clear the nature and
extent of their potential for disclosure. Users will have difficulty appropriating a system
into their privacy practice if the scope of its privacy implications is unclear".

It was only with the recent 3/09 redesign that the Settings link was made more apparent on Facebook's top navigation. Still, how many users even know privacy controls are there? I didn't and I was looking for it. In February I had to have a colleague guide me through to the area where privacy is managed inside the Settings section. Once inside the Settings area, the task of managing your privacy settings falls into what I call Configuration Hell (see previous post). Incidentally this is also the third privacy pitfall in the Lederer Emphasizing configuration over action.

Over the next few weeks (July 2009), Facebook will unveil a new set of privacy features that will according to Computerworld alleviate "the need to tamper with the site's privacy controls as frequently" without needing a handbook to get all your Facebook privacy settings under control. I'll circle back and do a follow up Privacy Scorecard for Facebook in a future post.

LinkedIn the other popular business social networking site offers better privacy usability. LinkedIn allows you to View your Profile as Others See it. They also state whether an item of content is visible or hidden. These two strategies have kept LinkedIn out of the privacy public relations spotlight, while offering a transparent privacy user experience. This 'contextual privacy' is simply the best and easiest way for users to be aware, in control and able to manage privacy inside of their user experience.

3 Privacy Usability Guidelines for your site:

1. Provide a feel-good abbreviation of your long-winded privacy legal statement. Put your lawyers creativity to work, or better yet have them approve content you create. Users do not go looking for privacy statements, nor do they translate legal parlance in quick glances if they do happen to scroll that huge page you keep your privacy policy on. Guarantees in layperson's terms such as "Peace of Mind: we'll do everything we can to protect your personal information". Here's a great example from top online retailer Lands End (they had a better example for 8 years, here's the latest one from their recent redesign):

Lands end privacy

2. Justify and reassure every form capture with privacy reassurance. Anytime you ask for an email address, you need to reassure users that you care about their privacy. It does not matter how loyal or interested they are, if you are committed to privacy- show it. Here's an example from the Experience Dynamics research newsletter:

Privacy- ED

3. Show users what is being shared and provide contextual privacy controls. Goecks (2009) developed prototypes to demonstrate that it is not necessary for users to understand low level technical details to make informed decisions about their privacy. Giving users clues such as (Everyone can see this) or (Showing to All/ Hide...) or' See this How Others see it', without requiring users to log in under a different account to see that 200 million users can also see your high-profile spouse in his Speedo alongside his personal address.

Here's an example from

Whitepages- privacy

For privacy features such as editable personal
details of your directory listing (called 'Is this you? Edit') give
users control of data that might be publicly available without their
knowledge. Creating an account also lets users own their level of
privacy control, with various levels of hide/show.

Privacy- the Story Continues...

This week, it was announced that the US government (FTC) is seeking stricter privacy controls, triggering an early response draft of Privacy Principles
from the largest marketing trade industries. The guidelines are aimed
at educating users as to how their data is being tracked online, with a
"privacy dashboard". If you have ever worked with users, educating them
(providing training or help-see my prior post) about privacy online seems to be a lame-duck approach. The New York Times pointed out (July 6th 2009) four things that the privacy principles left out,
putting the onus on the technology and the design (user experience) not
on the user's understanding or managing their own privacy.

Best Wishes,

Frank Spillers, MS