11th Pacific-Asia Conference on Information Systems 51. Evaluating Banking Websites Privacy Statements – A New Zealand Perspective on Ensuring Business Confidence Hooper, A S C Bunker, B Rapson, A Reynolds, A Vos, M School of Information Management Victoria University of Wellington Tony.Hooper@vuw.ac.nz Abstract Because banks deal with highly personal detailed and sensitive information, they need to establish and maintain the confidence of their customers more assiduously than most other businesses. The rise of internet banking and the advantages to be gained from the garnering of personal data from websites places banks in a position to exploit customer data in a way that might infringe ethical considerations. This investigation analyses the website privacy statements of New Zealand banks in terms of the provisions of the New Zealand Privacy Act. The intention was to find an objective basis for the assessment of business integrity, to explore how confidence in electronic commerce can be assured. The investigation finds that the use of privacy legislation principles as a means of evaluating website privacy statements is revealing and convincing. It is considered that customer confidence will increasingly impact on Internet businesses, and business integrity as demonstrated by comprehensive and relevant privacy statements will go a long way to provide those assurances. Keywords: Banking websites, customer confidence, privacy statements, business integrity Introduction It is a reasonable assumption that Internet websites are intended to reflect the values of the institutions that sponsor them. Banks, more than other businesses, deal with highly personal, detailed and sensitive information about their customers’ purchasing patterns, size of wallet, brand and vendor choices, and other data critical to market intelligence. Banks also make heavy use of the technological advantages of electronic commerce, giving them an opportunity to gather, analyze and possibly sell customer data to affiliated businesses. One could argue, therefore, that banks should be particularly diligent about ensuring that their websites reflect the values they wish to convey to their clients. While usually happy to exploit the advantages of internet banking, customers are often not aware of the personal information that their banks gather about them and their commercial activities. By publishing a privacy statement on their website, indicating how customer information will be gathered and managed, banks can establish and maintain the confidence of their customers, assuring them of their concern for protecting the integrity of the personal information they handle. Accordingly, one could argue that the primary criteria for evaluating website privacy statements would be the provisions of the privacy legislation relevant to the country concerned. Most countries operate under different privacy legislation, although there are internationally agreed principles on which most countries legislation is based. The New Zealand Privacy Act of 1993 is technology neutral and based on principles developed in 1981 by the Organization for Economic Cooperation and Development (OECD, 1981). Because of the commonality of the principles of the New Zealand Privacy Act, it was considered that investigating privacy statements on the websites of seven New Zealand banks would give preliminary insights into the integrity of Internet banking. The intention was to explore