This paper reports on the second major phase of an ongoing research project into the practical measures taken by organisations to publish their online privacy policies. The research began, fortuitously, just before the September 11 World Trade Centre attack and the implementation of the EU Privacy Directive, and these have provided the authors with an unparalleled opportunity to examine some aspects of the dynamic nature of trust in online commerce.
This second phase of the study is based on a survey of the same sites that was undertaken late in 2002. A number of analyses have been carried out based on the two datasets now available for investigation. Firstly, a comparative analysis has been undertaken using the same techniques to determine what changes have taken place in the intervening two years. Further conclusions are drawn from this comparison, including (but not limited to) some of the possible effects on online privacy policies of intervening world events.
In addition to the straightforward comparisons enabled by the collection of similar data about the same organisations over a two year sampling interval, some further analysis has also been undertaken of both datasets. Reflection on the interim results of the first phase of the survey has prompted several further research questions. In particular, an effort has been made to determine the interaction between organisation characteristics (such as sector, size, nationality, etc) and privacy policies. This sheds further light on the significance of privacy policies for online commerce.
The work is ongoing. It is anticipated that the findings presented here, and the reactions of colleagues at conference and elsewhere, will, in turn, prompt further questions that may be asked of the existing data. It is also anticipated that further research directions will be identified, prompting still further research that is yet to be designed in any detail. A further survey is already planned for 2004, and other spin-off projects are currently under consideration.