MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.

 

Privacy Policy

Ponemon Institute, LLC (Ponemon Institute) respects your privacy. Our homepage on the Web is located at www.ponemon.org. The following Privacy Statement details our online privacy practices, including the personal information we collect, how we use it, and your choices. The full text of our privacy policy is available on the Web at /privacy-policy. Registered users may opt-in or opt-out of use of their information at initial registration and then may change that designation with an e-mail to research@ponemon.org. Some Web pages are P3P-enabled, which allows you additional control over your personal information.

We invite you to contact us if you have questions about this policy. You may contact us by mail at the following address:

Ponemon Institute
2308 US 31 North
Traverse City, MI 49686

You also may contact us by e-mail at research@ponemon.org or call us at 231.938.9900.

Dispute Resolution and Privacy Seals

We have the following privacy seals and/or dispute resolution mechanisms. If you think we have not followed our privacy policy in some way, they can help you resolve your concern.

  • Questions or Complaints: Ponemon Institute: Ponemon Institute is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent organization whose mission is to build user’s trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the site www.ponemon.org. Because this Web site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe. Questions: If you have questions or concerns regarding this statement, you should first contact Ponemon Institute at 231.938.9900 or research@ponemon.org. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should contact TRUSTe at www.truste.org/consumers/watchdog_complaint.php. TRUSTe will then serve as a liaison with us to resolve your concerns.

 

 

 

 

Additional Information

This policy is valid until 1 August, 2010 12:00:00 EDT.

Our website is hosted in and personal information is processed or stored in the United States of America.

Data Collection and Uses

We collect personal information for three types of users. P3P policies declare the data they collect in groups (also referred to as "statements"). This policy contains 3 data groups. The data practices of each group will be explained separately. We do not collect sensitive personal information such as credit card or social security numbers.  We do not knowingly collect information from children under the age of 13 and do not target our Website to children under 13. 

If you choose to participate in a discussion blog on our Website, you will be asked for your title, name, email address and comment.  Participation in a blog on our Website is voluntary.  Your name, comment and email address are required fields; your title is optional.  Your email address will not be shown to the public, however you should be aware that any personal information submitted, including your name and title or any other information voluntarily provided, can be read, collected, or used by other users. As Public Forums are public and not private communications, you should have no expectation of privacy with regard to any submissions made therein. 


 

 

1. Group "Guest Group"

We collect the following information:

  • Click-stream data
  • HTTP protocol elements

At the user's option, we may also collect the following data:

  • HTTP cookies

This data will be used for the following purposes:

  • Anonymous user analysis.
  • Anonymous user profiling and decision-making.

This data will be used by us and our agents.

The following explanation is provided for why this data is collected:

Our Web server collects access logs containing this information.

2. Group "RIM Council or NewFeed Mailing List Registration Group"

We collect the following information:

  • Click-stream data
  • HTTP protocol elements

At the user's option, we also may collect the following data:

  • User's Name
  • Work e-mail address
  • HTTP cookies
  • Business mailing address
  • Work telephone numbers
  • User's Job Title
  • Organization Name
  • Contact Information for the Organization

This data will be used for the following purposes:

  • Completion and support of the current activity.
  • Website and system administration.
  • Research and development.
  • Respond to an inquiry.
  • Send a newsletter or study as requested by the user.

This data will be used by us and our agents.

The following explanation is provided for why this data is collected:

Access to the Ponemon Institute RIM Council members’ Website is only available to registered RIM Council members. In order to access this Website, a registration form must be completed. A username and password is then assigned to the registrant within 48 hours. During the registration process contact information is required, minimally a name and email address. We use this information to contact members about the information, research and services on our site in which interest has been expressed.

Members have the option to provide other contact information such as business mailing address, work telephone numbers, job title, organization name and other contact information for the organization. Members are encouraged to submit this information so we can provide a more personalized service when accessing our site. Ponemon Institute is the sole owner of the information collected on www.ponemon.org. Ponemon Institute collects personally identifiable information from our registered users only at the RIM Council Sign In/Register. Ponemon Institute does not share, sell, rent or trade information collected from our users.
If a user registers for our NewsFeed mailing list, we will collect user first and last name and email address.  This data is used by us to maintain our NewsFeed list and send the user the requested information.

3. Group "The Privacy Statement Disclosure Group"

We collect the following information:

  • Click-stream data
  • HTTP protocol elements

At the user's option, we may also collect the following data:

  • HTTP cookies

This data will be used for the following purposes:

  • Completion and support of the current activity.
  • Website and system administration.

This data will be used by us and our agents.

The data in this group has been marked as non-identifiable. This means that there is no reasonable way for the site to identify the individual person this data was collected from.

The following explanation is provided for why this data is collected:

We use Byte Productions to provide hosting and database management services on our site.  When you sign up for access to the RIM members only portion of the Website, we will share only the information you provide, minimally your contact name and email address as necessary with Byte Productions to provide that service. During the registration process there are two ways for a registrant to indicate an opt-in/opt-out choice. First, during registration the member is asked his or her preference for contact method: Email Only, Phone Only or Email and Phone, or Outlook appointment.  Second, there is a choice as to what information the registrant would like shared. These include: Company Name, Participant Name, Participant Title, Mailing Address, Work Phone, and Work Fax.

Changing your Data/Opt Out of Communications

If your personally identifiable information changes, or if you wish to opt-out of receiving any further communications from our site, or if you wish to delete your registration from our site, you may correct, update, delete or deactivate it by emailing our customer support function available at research@ponemon.org or by contacting us by telephone or postal mail at the contact information listed previously.

Security

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage is 100% secure.  Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you have any questions about security on our Website, you can send email us at research@ponemon.org.

Disclosure

We reserve the right to disclose personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our Website.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other appropriate places. This is done to make users aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our homepage. Last update of this policy occurred on April 9, 2009.

{C}


Cookies

Our site makes use of cookies. Cookies are used for the following purposes:

  • Site administration
  • Completing the user's current activity
  • Pseudononymous analysis
  • Pseudonym-based decision-making
  • User analysis
  • Research and development

Cookies are a technology that can be used to provide you with tailored information from a Website. A cookie is an element of data that a Website can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. In the members' and admin areas cookies are placed on the end users’ computers that identifies their session. Also server logs will record this identification along with the IP, browser version, and URL of pages viewed. This is necessary for the process of authentication of users and maintenance of security. These cookies are temporary and expire once the users’ sessions are over (when they close the browser window). Cookies do not contain username or password information. Ponemon Institute also subscribes to a Web statistical service, which provides a graphical analysis of the server logs (IP, browser version, URL, and other statistical information).


 

Compact Policy Summary

The compact policy which corresponds to this policy is:

 CP="IDC DSP COR CURa ADMa DEVa PSAa PSDa IVAi OUR STP LEG BUS IND PHY ONL COM NAV DEM"

The following table explains the meaning of each field in the compact policy.

Field Meaning
CP= This is the compact policy header; it indicates that what follows is a P3P compact policy.
IDC Access is available to contact information.
DSP The policy contains at least one dispute-resolution mechanism.
COR Violations of this policy will be corrected.
CURa The data is used for completion of the current activity.
ADMa The data is used for site administration.
DEVa The data is used for research and development.
PSAa The data is used for pseudononymous analysis.
PSDa The data is used for pseudononymous decision-making.
IVAi The data is used for analysis, including knowledge of the visitor's identity, if the user selects it.
OUR The data is given to ourselves and our agents.
STP The data is kept for the stated purpose only.
LEG Legal requirements specify how long the data will be kept.
BUS Our business practices specify how long the data will be kept.
IND The data will be kept indefinitely.
PHY Physical contact information is collected.
ONL Online contact information is collected.
COM Computer information is collected.
NAV Navigation and clickstream data is collected.
DEM Demographic and socioeconomic data is collected.

The compact policy is sent by the Web server along with the cookies it describes. For more information, see the P3P deployment guide at http://www.w3.org/TR/p3pdeployment.


Policy Evaluation

Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie. The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium. In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context. This section will attempt to evaluate this policy's compact policy against Microsoft's stated behavior for IE6.

Note: this evaluation is currently experimental and should not be considered a substitute for testing with a real Web browser.

Satisfactory policy: this compact policy is considered satisfactory according to the rules defined by Internet Explorer 6. IE6 will accept cookies accompanied by this policy under the High, Medium High, Medium, Low, and Accept All Cookies settings.