We legislate, mandate and regulate a lot of online behaviors.  Perhaps one of our “favorites” (judging by the amount of discussion and reference it generates) is online privacy rights.  In the U.S., state after state has followed California’s lead for a breach notification law.  As of December 12, 2007 at least 39 states in the U.S. have enacted legislation requiring notification of security breaches involving personal information.  Proposed national legislation has already been introduced in Congress (but not yet passed).

And, the U.S. is not alone.  For example, Canada has two federal privacy laws, plus every province and territory (except Newfoundland) also contributes guidelines and regulations covering the protection of personal information.  Likewise, the now-famous European Privacy Directive 95/46/EC is reflected in legislation and regulation in member countries throughout Europe.  Similar circumstances can be found around the world.

Breaches Create Headlines and Collective Outrage
With so much data being submitted and used in digital form, it’s no wonder that breaches occur.  And, with so much legislation and regulation requiring notification and response, it’s also no wonder that such breaches create headlines and outrage.  From the spectacular TJX breach to much smaller events involving just a few hundred accounts, the list goes on and on.  Most occurrences get a headline and a hearing, but some get official investigations and discussions even in Congress and Parliament.  Each event diminishes public trust in the handling of digital data.

But Companies and Individuals Still Choose to Provide Personal Data for the Right Payoff
Notwithstanding all the alarm bells and personal data breach episodes that seem to occur nearly every day, new online businesses continue to offer services that depend on the voluntary submission of sensitive personal data.  And, WE DO IT!  Companies do it and individuals do it.  In fact, on the corporate front, Nicholas Carr observes in Wired that “the two most popular Web-based business applications right now are for managing payroll and customer accounts – some of the most sensitive information companies have.”

Individual users also are willing to opt for value, even at the risk of privacy.  For example, The Wall Street Journal reports on two online services that help individuals manage their cash, share investment stories, track spending and trade tips: Wesabe and Geezeo.  The Baltimore Sun adds Mint to the conversation.  All three are a combination of financial advisor and social networking.  And, two of the three require users to provide some personal data, including the information needed to log in to online bank and financial accounts.  Now, that’s real (digital) trust!

In spite of privacy data breach after privacy data breach, these three online businesses (among others) have started a service that depends exclusively on the “deposit” of sensitive personal information!  How can this be?

Digital Trust Up Front
All of these companies confront the issue of (digital) trust right up front.  All claim to have “bank-level data security,” highlighting extensive use of SSL 128-bit encryption.  Most describe some sort of anonymous style of login and a minimalist approach to data storage.  All claim to avoid sharing of information unless it’s through a banking-approved third party.

Some take even more steps to claim digital trust.  For example, some promote trustmarks as further proof for digital trust.  Mint displays “VerSign Secured,” “TRUSTe” and “HACKER SAFE” on its home page, and Geezeo displays “VeriSign Secured.” On the other hand, Wesabe shows no trustmarks but does reassure users that using Wesabe is “just as secure” as using your bank’s site.  Wesabe’s technology places an agent on the user’s PC to perform the account logins and information transfer, but the need for digital trust remains.

These social-financial services sites will succeed or fail based on their ability to deliver digital trust to their users.  Despite the continuing saga of personal data breaches and identity theft, digital trust can make a difference even in the most sensitive of services if the payoff is real.

The ability to create, grow, convey and claim digital trust is the topic of Volume 7 of the Digital Trust report series, “Transparency and Assurance: Putting a Measure on Digital Trust.” Sites like Mint, Geezeo and Wesabe are operating on the realities of digital trust.  You can create it.  You can grow it.  You can convey it to users.  And, it does create value.  But it doesn’t happen automatically.  These sites are “banking” on having enough digital trust to persuade users to claim the benefits of interactive personal finance management.