Privacy in E-Commerce: Development of Reporting Standards, Disclosure, and Assurance Services in an Unregulated Market

Government regulation of financial reporting by publicly listed firms, coupled with a punitive regime for violation of generally accepted accounting principles (GAAP), has been in place in the United States for seven decades. Whether this regime is effective or useful is an open question, especially in the absence of data on the behavior of unregulated economies. Privacy disclosure in e‐commerce is essentially an unregulated environment with some parallels to financial disclosure. A study of privacy standards, disclosures practices, and demand for audits can help accountants and security regulators project the consequences of a competitive regime sans regulation for accounting standards, disclosure and audit practices. In this article we set up a framework for such a study, gather data from the field, and analyze privacy standards, privacy disclosure practices, and the effectiveness of opt‐out practices of 100 high‐traffic e‐commerce Web sites. We observe four diverse sets of privacy standards (TRUSTe, BBB Online, WebTrust, and PWC Privacy) competing in this market, attracting clienteles of their own as reflected in privacy policies and the disclosure of such policies. With a few exceptions, actual disclosure and opt‐out practices correspond reasonably well to stated policies in e‐commerce. There is little evidence that the prevailing competitive regime induces a race to the bottom with respect to privacy standards and disclosures. We explore the implications of these results for the consequences of a competitive regime for regulation of financial reporting.