Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Harris Poll on notifications of improper disclosure

From: Dissent (Dissentpogowasright.org)
Date: Fri Nov 10 2006 - 15:04:28 CST


ROCHESTER, N.Y., Nov. 10 /PRNewswire/ -- An estimated 49 million
adults in the U.S. indicate that they have been told that their
personal information had been lost, stolen or improperly disclosed
over the past three years. Most of this notification has come from
government agencies and financial institutions. While many of these
people do not believe anything has happened to them as a result of the
lost information, a small but significant number do think that
something may have happened.

The Harris PollŽ was conducted online by Harris InteractiveŽ between
October 4 and 10, 2006 among a national sample of 2,010 U.S. adults
aged 18 or over. This survey was designed in collaboration with Dr.
Alan F. Westin, Professor of Public Law and Government Emeritus,
Columbia University, and noted authority on privacy issues.

    Specifically the survey found that:

    * Just over one in five (22%) U.S. adults claim that in the past
three years a business, government agency or other organization
notified them that the organization had lost, had stolen or
otherwise improperly
disclosed their personal information. This translates into
approximately 49 million adults.(1)

    * Among those adults who say that they have been notified, most
indicate that the notification was made by a government agency
(48%), a financial company (29%) or a commercial company (12%).
Other organizations that have made notifications include
educational institutions (6%) and health care facilities (5%).

Furthermore, eight in 10 (81%) adults who have been notified about
lost or stolen personal information perceive that nothing harmful
happened to them as a result. However, a significant 19 percent --
representing abut 9.3 million persons -- do believe that something
harmful happened to them. Among this group who indicate that something
happened to them, the following occurred:

    * Merchandise was charged in their name (43%)

    * Some kind of fraud was committed that cost them some money (35%)

    * Money was taken from their bank account (18%)

    * A credit card was taken out in their name (11%)

    * Someone posed to get government benefit or service (8%)

When analyzing the results by the types of organizations that have
notified adults about lost or stolen personal information, there are
interesting differences. For those notified by either financial
institutions or government agencies, most adults (by 81% to 19% for
financial institutions and 86% to 14% for government agencies) think
that nothing happened to them. However, for those notified by other
commercial companies such as a retail company, a telephone company or
a company used on the Internet, the percentage of U.S. adults who feel
that something happened to them is considerably higher (38%). One
should be cautious in interpreting these results as the percentage of
those who think they were notified by other commercial companies is
small (12%).

"We know from detailed studies of ID theft that many of these harms
are caused by actions of friends and family of the victims, stolen
wallets or purses, pilfering identifying information from mailboxes or
trash containers, and from insider theft of personal data by employees
of organizations," Dr. Alan Westin commented about the findings.
"However, our survey shows that almost 10 million persons out of the
almost 50 million persons notified of a data breach over the past
three years believe that direct harm to them resulted from the breach.
This documents the importance of business, government, and other types
of organizations applying stronger data security measures when
handling personal information -- if they are to retain the trust of
their customers, members, or citizens."

                                   TABLE 1

"In the past three years, has a business, government agency,
university or any other organization notified you that they had lost,
had stolen, or otherwise improperly disclosed personal information
about you?"

    Base: All adults

    Yes 22
    No 78

                                   TABLE 2


                             IMPROPERLY DISCLOSED
       "Which one of the following kinds of organization notified you?"
    Base: Adults who have been notified that data was lost or stolen

    A government agency (federal, state, or local) 48
    A financial company (a bank, credit card firm,
     investment or insurance organization) 29
    Commercial Companies (Net) 12
      A company you used on the Internet 4
      A retail company 3
      A telephone/telecommunications company 1
      Other 4
    A school, college or university 6
    A hospital or other health care facility 5

                                   TABLE 3
       "Which of the following things did someone use the lost, stolen
                 or improperly disclosed information to do?"
    Base: Adults who have been notified that data was lost or stolen

                                                   Government Commercial
                               Total Financial Agency Companies*
                                % % % %
      Happened to Me (Net)
19 19 14 38
     Charge merchandise
      in your name 8 13 6 9
     Carry out some other kind
      of fraud that cost you
      money or harmed your
      position as a consumer 7 5 5 17
     Get money from your
      bank account 3 3 1 4
     Get a credit card
      in your name 2 2 1 8
     Pose as you to get a
      government benefit
      or service 2 1 1 7
     Other 3 * 4 7
    Nothing Happened to Me 81 81 86 62

    Note: Multiple-response question
    *Small Base (n=61) - caution should be used in interpretation

                                   TABLE 4
       "Which of the following things did someone use the lost, stolen
                 or improperly disclosed information to do?"
    Base: Adults who indicate that item happened to them*

    Charge merchandise in your name 43
    Carry out some other kind of fraud
      that cost you money or harmed your
      position as a consumer 35
    Get money from your bank account 18
    Get a credit card in your name 11
    Pose as you to get a government benefit or service 8
    Other 17

    Note: Multiple-response question
    *Small Base - caution should be used in interpretation


This Harris Poll was conducted online within the United States between
October 4 and 10, 2006 among 2,010 adults (aged 18 and over),
including 425 who have been notified that data has been lost or
stolen, and 84 who believe that something happened to them as a
result. Figures for age, sex, race/ethnicity, education, region and
household income were weighted where necessary to bring them into line
with their actual proportions in the population. Propensity score
weighting was also used to adjust for respondents' propensity to be

All surveys are subject to several sources of error. These include:
sampling error (because only a sample of a population is interviewed);
measurement error due to question wording and/or question order,
deliberately or unintentionally inaccurate responses, nonresponse
(including refusals), interviewer effects (when live interviewers are
used) and weighting.

With one exception (sampling error) the magnitude of the errors that
result cannot be estimated. There is, therefore, no way to calculate a
finite "margin of error" for any survey and the use of these words
should be avoided.

With pure probability samples, with 100 percent response rates, it is
possible to calculate the probability that the sampling error (but not
other sources of error) is not greater than some number. With a pure
probability sample of 2,010 adults one could say with a 95 percent
probability that the overall results would have a sampling error of
+/-2 percentage points. Sampling error for data based on sub-samples
would be higher and would vary. However that does not take other
sources of error into account. This online survey is not based on a
probability sample and therefore no theoretical sampling error can be

These statements conform to the principles of disclosure of the
National Council on Public Polls.

    Q 1105, 1110, 1115

    The Harris Poll #81, November 10, 2006

By David Krane, Vice President, Public Affairs and Policy Research,
Harris Interactive

About Harris InteractiveŽ

Harris Interactive is the 12th largest and fastest-growing market
research firm in the world. The company provides research-driven
insights and strategic advice to help its clients make more confident
decisions which lead to measurable and enduring improvements in
performance. Harris Interactive is widely known for The Harris Poll,
one of the longest running, independent opinion polls and for
pioneering online market research methods. The company has built what
it believes to be the world's largest panel of survey respondents, the
Harris Poll Online. Harris Interactive serves clients worldwide
through its United States, Europe and Asia offices, its wholly-owned
subsidiary Novatris in France and through a global network of
independent market research firms. The service bureau, HISB, provides
its market research industry clients with mixed-mode data collection,
panel development services as well as syndicated and tracking research
consultation. More information about Harris Interactive may be
obtained at www.harrisinteractive.com .

To become a member of the Harris Poll Online and be invited to
participate in online surveys, register at
http://go.hpolsurveys.com/HarrisPoll .

(1) Based on July 2005 U.S. Census estimate released January 2006 (223
million total adults aged 18 or over)

    Press Contact:
    Michelle Soto
    Harris Interactive

Dataloss Mailing List (datalossattrition.org)
Tracking more than 141 million compromised records in 469 incidents over 6 years.