Skip to content.
|Networking government in New Zealand.
You are here: Home » Resources » Research » Trust and Privacy Research Paper » Discussion

Discussion

In order to address the questions presented at the outset of this report, this research study collected information from a diverse range of New Zealanders. While the data sets and findings from each of the three projects (focus groups, survey of complainants, and interviews) are valuable independently, the comparisons that they collectively enable provide richer and more complex data than any single project. Many of the findings have been presented in the preceding section and need not be restated here. Instead, this discussion ties together the associated results from these separate projects, and relates their implications to the research questions that motivated this study.

Listening to the views expressed by those who participated in this research, we have repeatedly been reminded about the unique challenges facing government organizations based on their roles and responsibilities (e.g., they must serve a wide variety of individuals, are often monopoly service providers, and many have the responsibility associated with compulsory data collection). The diversity of reported perspectives is a reflection of the different attitudes, beliefs, feelings and experiences of the citizens served by the New Zealand Government. This range of views is also a positive indication that participants felt comfortable to voice their opinions and did not feel obligated to reach consensus on issues. While diversity makes generalizations more challenging, the findings have provided many insights related to the various areas we set out to explore.

5.1 Concerns about information privacy

One of our primary interests has been to learn about the concerns New Zealanders have about the privacy of their information. The findings of the focus groups and the interviews illustrate the various concerns expressed by the groups represented. Two main categories of concerns raised were: technology-related concerns, and concerns specifically related to government organizations. After listing some of the major concerns within these categories, the factors that individuals suggested were most influential in shaping these concerns will be discussed.

Concerns linked to technology can be divided into two sub-categories: general concerns, and concerns specifically associated with communicating information via the Internet. Participants reported that these issues were often causes of fear and considerable anxiety, and those who expressed fear were more likely to have less experience with technology and the Internet.

1. Concerns associated with technology included:

  • General technology-related concerns:
  • Belief that the widespread use of computers, databases, and the Internet have increased the potential for damaging privacy breaches
  • Lack of understanding about how information technology works, resulting in uncertainty and/or fear about how personal information is collected, processed, stored, etc.
  • Belief that "hackers can get any information they want" from databases, including government databases.
  • Belief that individuals have little control over what happens to their information
  • As a combination of the above, fear that "our increasing reliance on computers and technology" will continue to reduce individual privacy
  • Concerns about communicating personal information via the Internet:
  • Uncertainty about what happens to information submitted online (in contrast to a more familiar process, like posting a letter)
  • Belief that information submitted online may not be confidential and can be intercepted by "hackers"
  • Fear based on inexperience and lack of understanding, "I'm scared of the Internet because I don't understand it"

Participants most commonly reported that their technology-related concerns were driven by information from media sources and seldom based on their own experiences or the experiences of people close to them. The other main driver for these anxieties was a general lack of understanding about issues related to information technology and the Internet. This combination of factors, widely publicized stories about Internet-related threats and system vulnerabilities (e.g., hackers, crackers, viruses, insecurity of operating systems, etc.), along with insufficient knowledge about these issues, seem to promote widespread concerns. However, while most individuals reported that these anxieties greatly reduce their confidence, they would not necessarily prevent them from using computers and the Internet. Media stories were also said to fuel people's worries about identity theft and a sense that their personal information is increasingly available to others. The significant influence of media content on individuals' privacy-related concerns supports the assertions of other research (Raab & Bennett, 1998).

Before discussing the common types of government-related privacy concerns, it is important to note that some participants acknowledged that using technology could potentially result in enhanced individual privacy. For example, some people may be uncomfortable discussing sensitive issues (e.g., finances, relationships, health conditions, etc.) with others, including public servants. Interacting with government organizations via the Internet could allow individuals the autonomy to access government and submit information without the need to appear in person or discuss issues over the phone.

2. Concerns specifically related to government organizations involved:

  • Belief that individuals have little control over what information they provide to the government (e.g., "What choice do I have? I have to give them the information they ask for.")
  • Belief that individuals have little control over how government organizations use their personal information, including worries about their information being used for additional purposes without their informed consent
  • Uncertainty about whether employees are properly trained and competent
  • Uncertainty about government data sharing: how it is conducted, what information is involved, and what protections are in place to protect information privacy. Concerns about data sharing influence other concerns (e.g., lack of control over information)

In contrast to concerns about technology, concerns about the trustworthiness of government organizations were more often reported to be the result of personal experiences (as evidenced by several personal anecdotes) and domestic cases where parts of the New Zealand Government were believed to have breached individuals' privacy (e.g., the "dawn raids," government employees prosecuted for selling citizens' personal information, rumors about "Operation Leaf" allegedly designed to spy on Maori groups and individuals, mismanagement of medical information collected for health screening programs, etc.). As shown in the above list, these concerns reflect a distinct perception that individuals have little control over the personal information they provide to government organizations, and generally lack power in their relationships with these organizations.

While personal experiences with government organizations were more influential, media stories about the government were also reported to affect individuals' concerns and confidence. Many participants referred to programs they had watched on television [The consumer program "Fair Go" was the most frequently mentioned television show, often with reference to stories about identity theft or other misuses of personal information.] and attention-grabbing headlines that appear regularly in printed sources (e.g., "Government scheme fuels privacy concerns" (Bell 2004, April 26)). Although it is difficult to judge whether the content presented through media channels reflects healthy skepticism or cynical mistrust, information from these sources certainly affect individuals' attitudes.

back to top

5.2 Awareness of privacy protections / regulations

It is not surprising that the findings suggest the majority of individuals had very little knowledge about the Privacy Act of 1993 or any regulations that exist to protect their information privacy. On this matter, interviewees representing the various groups (who often suggested that individuals were unlikely to know about rules governing their information privacy), corroborated the views expressed in the focus group meetings. Despite their reported concerns, individuals' comments suggested that they were not sufficiently interested to learn about the provisions of the Privacy Act, and those who were aware of the Act commonly reported that their familiarity was due to their occupation. The findings also indicate that some individuals question the effectiveness of the available forms of recourse, contending that once privacy-related harm is done, this often cannot be rectified (in contrast to losses that are strictly financial).

back to top

5.3 How trustworthy are government organizations?

The vast majority of focus group participants and interviewees indicated that individuals assess the trustworthiness of each government organization separately, and therefore, they trust some more than others. However, many comments made during focus group discussions suggested that people do make generalizations about the expectations they have for government organizations in general (e.g., "Oh that's just a typical government department stuff-up"). This tendency to generalize is also supported by the data collected from focus group participants prior to group discussions, as reported in Table 5, where the majority reported that they trust all government organizations the same amount.

Findings from the focus groups and the interviews suggest that the majority of individuals consider government organizations to be more trustworthy than private organizations, with regard to information privacy, which supports the general findings of Cullen and Hernon (2004). While various justifications for this view were provided, most were related to people reporting greater confidence in the motivations and objectives of government. Other comments in support of government bodies frequently included perceptions about the greater transparency and accountability of these organizations, in comparison to private businesses. However, many participants expressed uncertainty about whether public servants in various organizations are properly trained and competent.

While individuals voiced some uncertainty about data sharing (including some who were strongly opposed to it), many people voiced qualified support for these programs. Participants most often reported that their concerns about the interchange of data between government organizations were related to their lack of knowledge about what data sharing involves and that this contributed to feelings of having their information passed around outside of their control. In addition to further corroborating the results of Cullen and Hernon (2004), these findings are consistent with those of "Privacy and Data-Sharing: Survey of public awareness and perceptions," [This report was based on a survey of individuals in Great Britain and Northern Ireland.] which identified "lack of control" over personal information and "lack of knowledge [about] what is being done with it" as key sources of concerns about government data sharing (2003).

The findings also indicate that some people believe privacy breaches that occur in the private sector are more likely to pass without media coverage, thus private businesses do not have such a strong disincentive (negative media attention) compared to government agencies.

back to top

5.4 What happens to trust when privacy is violated?

The results of the data collected through the survey of complainants and the focus groups suggest that breaches of privacy often have an adverse effect on individuals' trust in the offending organization. While this may seem intuitive, the focus group findings show that many people reported that certain breaches of privacy would not affect their trust at all, depending on the circumstances and the way the situation was handled by the organization.

The survey findings also show that a high percentage of respondents was less willing to provide personal information to organizations (to the specific organization, as well as to any other organizations) after the incident. While these attitudinal measures are noteworthy, it may be more interesting that the majority of respondents that complained against government organizations reported that they had actually refused to provide their personal information to a government organization as a result of the breach they perceived. While these results may be influenced by the bias of the sample, they provide interesting insight into the attitudes of individuals before and after a breach and indicate potentially important areas for future research.

In order to minimize the negative consequences of privacy breaches that occur, it may be useful to consider the factors that participants reported were the most influential. Members of focus groups indicated that the following variables were the most important dimensions for predicting the effect that a breach of privacy would have on their trust:

  • What was the perceived cause of the breach? (e.g., honest mistake, incompetence, deliberate wrongdoing, etc.)
  • How sensitive was the information involved? (i.e., to the specific individual, since different types of information had varying levels of sensitivity)
  • What happened to the information? (e.g., if disclosed, who was the information disclosed to?)
  • How did the organization handle the situation? (i.e., Was the organization honest and sincere, and did it take action to ensure the situation would not occur again, including punishment for those responsible?)
  • Has this type of event happened before? (i.e., Was the event consistent with, or contradictory to, the organization's reputation?)

The explanations provided by participants should help to identify why some breaches have a greater impact than others. The fact that participants said it was important that an organization punish those who are responsible for a breach of privacy was not unexpected, as Fox et al. (2000) also found that individuals were supportive of punishing wrongdoers responsible for privacy breaches. However, it was not expected that this "punishment" variable would affect individuals' trust as significantly as it was shown to.

back to top

5.5 Do the consequences of a breach propagate?

This issue was raised in the focus groups as well as through the questions in the survey of complainants. Some of the associated findings from these two projects appear to contradict each other, which may be related to the different populations involved. Focus group participants repeatedly affirmed that if one government organization breached their privacy (regardless of the degree of the breach), this would only affect their trust in that organization (e.g., "it's not fair to blame all of the government, no matter how much I would like to"). In contrast, the results of the survey of complainants support the idea that when one government organization is perceived to breach an individual's privacy, this not only erodes their trust in the specific offending organization, but is likely to have an adverse effect on their level of trust in other government organizations as well. As Table 13 shows, the decrease in participants' trust toward the offending organization was more pronounced than this generalized reduction of trust.

Among many possible reasons for this discrepancy, this may relate to the seriousness of the breach, as well as the personal and emotional dimensions of incidents related to individual privacy. Some individuals will not complain when they feel their privacy has been violated, and it seems reasonable to expect that those individuals who submit privacy-related complaints to the OPC are dissatisfied enough to seek redress through that process. It is also unlikely that hypothetical scenarios capture any emotional aspect of an incident as effectively as personal experiences. Although the explanations provided by focus group participants sounded rational and reasonable, they may not have been realistic forecasts of the actual effect a breach would have on their attitudes. Since very little research has been conducted on this important area, further investigation is needed to draw more concrete, reliable conclusions about the consequences that privacy breaches have on individuals' trust.

back to top

5.6 Confidence in channnels

Based on findings from the focus groups and interviews, individuals consistently reported having the most confidence in providing personal information in a face-to-face environment. While the post was also regarded highly, there was widespread skepticism about privacy online, and individuals expressed the least confidence in providing information by phone.

These attitudes are consistent with some of the findings from the recently published report, Channel-Surfing: How New Zealanders access government, which reports that the phone and the Internet are the two channels that the most New Zealanders have security concerns about (Curtis et al., 2004).

The most important positive characteristics of a channel (for providing personal information) were:

  • Interaction with a person (some form of relationship)
  • Ability to retain a record of the event
  • Ability to check the accuracy of information being submitted
  • Ability to understand how one's information is delivered to the destination point

5.6.1 Confidence in the Internet

Individuals' assessments of the trustworthiness of the Internet were extremely varied, including some reporting moderate levels of confidence and others who have no trust in it at all. Nearly all focus group participants and interviewees expressed concerns about the privacy of information submitted online (via websites and email). Despite their concerns, half of all focus group participants reported that they use online banking and many also use Trade Me and/or make purchases from e-commerce websites. Numerous people who said that they had fears about doing things online explained that those fears did not prevent them from using online services, implying that they were willing to accept risks in exchange for the benefits that they perceived. The most commonly reported benefit of doing things online was convenience, which is consistent with the findings of Curtis, et al. (2004).[This quantitative research found that the two most commonly reported reasons for using the Internet over other channels were the convenience and speed of doing things online (Curtis et al. 2005, 8).] These patterns also support the conclusions of Fox et al., who found that despite individuals' reported anxieties, people "behave in surprisingly trusting ways in many sensitive online areas" (2000, 12). It is also probable that the majority of individuals may be unaware of the risks associated with online activities, which would hinder their ability to accurately assess these risks when making decisions.

F. Conclusion

The New Zealand E-Government Strategy is aimed at improving the integration and efficiency of government information and services, and has the long term goal of "transforming" government [E-government vision, mission, goals and outcomes http://www.e.govt.nz/about-egovt/strategy/strategy-june-2003/] through the use of information and communications technologies ICTs). While there are significant potential benefits associated with using ICTs to improve government performance, performance is not the only objective of government. In order to promote and maintain citizens' trust, government organizations must find ways to build relationships with people within the relatively new environment of e-government. This report has shown that there is not a high level of concern among New Zealand citizens about the way government agencies collect and store their personal information. In this context, around 60 percent of participants expressed confidence (see Table 4), and only between 15 and 21 percent express distrust, or lack of confidence in how their personal information is handled by government agencies. However, there are issues raised in this report that government should take notice of. These issues focus on anxieties expressed by citizens across a range of social groups, and center around two key factors affecting citizens' perceptions about how well their personal information is managed: the increasing use of technology in collecting, processing and storing personal information; and the relationship between citizens and government. These factors impact considerably on the degree of trust that citizens are willing to place in government organizations in relation to their personal information, and must be addressed if trust is to be maintained and enhanced.

There are a number of issues that government organizations need to consider in relation to the issue of trust and privacy in the e-government environment. Firstly, citizens show limited understanding about what happens to information communicated via the Internet, what their rights are in relation to personal privacy, and how data sharing between government agencies is regulated in New Zealand. Risks associated with online transactions are not well understood, and although many people currently seem willing to accept these risks, people feel vulnerable and uncertain about communicating personal information via the Internet. In New Zealand, individuals have the right to be informed about how their personal information is collected and used by government organizations and government websites. The New Zealand Government Web Guidelines [The Guidelines are mandatory as of January 2006, retrieved from http://www.e.govt.nz/standards/web-guidelines/web-guidelines-v-2-1/ 6 January 2006.] are now mandatory for government websites and require websites to include statements about privacy and security. Often these statements are not prominently displayed, nor widely read by users. Although statements attempt to be user friendly, they routinely do not define technical terms such as 'cookies,' and do not offer any assurances about the security of data held. If citizens are unable to easily access and understand these privacy statements or policies, the potential value of this requirement will not be realized. In addition, the privacy statements on most government websites relate to the use made of names/addresses or IP addresses, and the use of cookies to gather information about site visitors, and those requesting further information from the site. Most organizations do not include any statement about data submitted by individuals for official purposes, or provide links to the Privacy Commissioner's web site, where the privacy principles are set out. General privacy principles, enshrined in New Zealand law, need to be more widely promulgated on New Zealand government websites.

The second major area where government organizations could go further towards meeting the concerns of citizens expressed in this report, is in taking a more proactive approach to the building of relationships between government and citizens in the online environment. Citizens' perceptions about the trustworthiness of government organizations are related to what they know about those organizations, especially based on their own personal experiences. If the Internet is to play the major role foreshadowed in the goals of the E-Government Strategy, [Two major goals of this strategy are:] ["By June 2007, networks and Internet technologies will be integral to the delivery of government information, services and processes.] [By June 2010, the operation of government will have been transformed through its use of the Internet."] [(E-government vision, mission, goals and outcomes http://www.e.govt.nz/about-egovt/strategy/strategy-june-2003/)] [] then ways of enabling citizens to build a relationship with an agency through its web site will be increasingly important. This must be part of the transformation of government envisaged in the E-Government Strategy, which focuses on citizens as well as government agencies. Moving interactions to the online environment changes the nature of citizens' dealings with government, and may de-personalize relationships, which can make trust more difficult to establish and retain. In order to successfully engender citizens' trust, government organizations need to adopt an appropriate communications model for promoting their relationships with individuals. This may involve increasing individuals' ability to customize and personalize government websites to foster a sense of belongingness in users. Given that citizens believe most breaches of privacy are caused by incompetence of staff (rather than malicious action) and poor information security practices, it is essential to establish sound codes of practice for organizational employees, as well as appropriate departmental policies and training to promote trustworthy behavior and respect for privacy. While these actions may be pre-conditions for building trust, these measures will not necessarily bring about this result on their own. However, with the right principles in operation and protections in place, information privacy (and citizens' perceptions of information privacy) can be enhanced rather than diminished, given that the Internet allows for the exchange of information without the citizens having to hand their information to an intermediary, or engage in face-to-face encounters.

This project has barely scraped the surface of these issues. Far more research is needed to determine what communication models will be most effective in the context of e-government, and which of these models will encourage citizens' to consider shifting their interactions with government to the web, rather than relying on face-to-face communication and postal services because of trust issues. This communication model must achieve a difficult balance - it must empower citizens in their relationship with government, while at the same time acknowledging the power imbalance that operates between government and citizens, an imbalance that the majority of participants in this study were acutely aware of. Like the balance between personal privacy and public interest, examined by many scholars in this field (Westin 1967, Etzioni 1999), a balance between the powerful role of the state and the ideal of the greater empowerment of the citizen through e-government must be attempted. If these critical balances can be achieved, then the vision of making the Internet the primary means for citizens to communicate with government may itself be achieved. If "information supplied by citizens to government is the indispensable handmaiden of the modern activist state" (BeVier, 1995), then it must be respected and used in ways that enhance democracy and the rights of citizens and not diminish them.

back to top


[ Previous | Next ]