Privacy assurance has become a ubiquitous feature of business and service websites where consumers are asked to provide personal information. How effective are these assurances? Do they in fact induce consumers to share their data?

Kai-Lung Hui of HKUST and his co-authors Hock Hai Teo and Sang-Yong Tom Lee undertook the first field experiment to test the effectiveness of privacy assurance in a real-life situation rather than a laboratory and found that while it encourages consumers to disclose more data, there are trade-offs.

"The collection of personal information from consumers is an unavoidable element of electronic commerce. Internet merchants need consumer information to deliver products, study customer profiles and offer personalized services. For consumers, this has both benefits and risks. The benefits are access to more convenient services and savings in transaction time and search costs. The risk is that the consumer can't remain anonymous and so faces a new spectrum of risks related to information misuse," the authors said.

The risks may be reduced if firms adopt fair information practices and inform consumers of them through privacy assurance measures - a privacy statement published on their website and for some, a privacy seal from an independent third party. It is to here that the authors turned their attention.

They tested the effectiveness of privacy statements and seals in an experiment involving a market research firm in Singapore, which invited university students by e-mail to participate in a survey on mobile computing products. The students did not know they were participating in an experiment.

The authors manipulated the type of privacy assurance they received and paid the students Singapore$1-$9 to disclose personal information, plus another $20 if they completed a follow-up survey. The number of personal items they were required to provide varied from 4 to 23, but all had to supply their name, e-mail address, street address and citizenship.

The results showed that a privacy statement and a monetary incentive induce greater disclosure, with the predicted probability of disclosure rising to 96.94 per cent and 98.48 per cent respectively (from 90.33 per cent with no treatment). Privacy seals have a less significant effect, adding only a couple of percentage points when included with a privacy statement.

However, asking people to disclose too much information is a distinct turn-off - the probability of disclosure drops to 34.5 per cent when participants have to respond to 13 items or more (the mean number in the survey).

"People make risk-benefit trade-offs for privacy. Firms can offer monetary incentives to increase the benefit, although doing so is obviously costly, and they can use privacy assurance or collect less consumer information to reduce the risk of a transaction. The negative effect of information request is particularly noteworthy because it implies firms should minimize data collection or else consumers may simply withdraw from online transactions," the authors said.

"Since people who read privacy statements are more likely to disclose their information to partake in online activities, there is a business incentive for firms to observe fair information practices and enhance their privacy statements, and persuade people to read online privacy notices."

However, privacy seal issuers might want to do more to raise consumer trust in their seals, such as monitoring infringements more actively, since they did not have a very significant impact on information disclosure compared with privacy statements.

The results are a departure from earlier research that found privacy statements had no impact on consumer behavior. The authors emphasized that their findings were obtained in the field and in a situation where privacy protection is largely self-regulated.