Publication date: 05/25/2022
Author’s note: Product teams at Meta rely on research along with other external factors to design and build products. This article discusses research conducted by Meta's Research Team to better understand people’s privacy needs.
Abstract
Identifying privacy needs for enterprise tools* could help developers create more useful tools for businesses.
Using a combination of interview and survey research, we identified key privacy concerns and expectations that enterprise tool decision makers have when considering which tools to adopt for their companies.
Interestingly, decision makers tended to have the same concerns and expectations for enterprise tools from different brands, suggesting that enterprise developers may benefit from focusing on a core list of privacy needs when creating enterprise tools.
*”Enterprise tools” refers to software and hardware built for the needs of a business or organization, in contrast with software and hardware built for the needs of individual consumers.
Report
Privacy is a key driver of trust and adoption when businesses consider enterprise tools (software and hardware built for the needs of a business or organization). Yet, little research exists about the privacy needs that decision makers keep in mind when they’re evaluating enterprise software or hardware. Because identifying and understanding these needs could help enterprise developers create more useful tools for businesses, we conducted research to advance this topic.
As a first step, we interviewed employees at businesses that use enterprise tools across the United States, United Kingdom, Fance, Brazil, and India. During the interviews, we asked participants to describe their privacy and data concerns and needs for enterprise tools. For additional method details including information about the sample of participants and the specific questions asked, see the Appendix below.
Similar to consumer privacy (see Hepler & Blasiola, 2021), “privacy” in the enterprise space is an umbrella term that can mean a range of different things. Our research participants articulated 15 privacy concerns that we grouped into four high-level themes: Data access, data storage, data control, and data misuse. In addition to concerns, our participants also articulated 11 privacy expectations they had for enterprise tools that we grouped into the three high-level themes: Expectations pre sign-up, post sign-up, and related to data management. For the specific concerns and expectations, see Figure 1.
Figure 1. Core privacy concerns and expectations for enterprise products.
Figure caption. “Customer” = an organization that purchases or subscribes to an enterprise tool provided by another company. “Provider” = a company that creates and then sells or licenses an enterprise tool to another organization. “Competitors or third parties” = organizations other than the enterprise tool provider and customer being discussed. “SaaS” = Software as a service, a form of enterprise tool.
Next, we wanted to quantify these privacy concerns and expectations for enterprise tool users to discover how common they are. To do this, we surveyed 1,193 employees who make decisions about adopting enterprise tools at their businesses along with 301 employees who use enterprise tools where they work. The decision-maker sample was from the United States, Fance, Brazil, and India, and the employee sample was from the United States. The sample was evenly split across three company size buckets: 50-500, 501-5000, and over 5000 and was recruited from a wide range of industries (34% technology and software, 9% finance and insurance, 7% retail, 7% construction, 7% medicine and health, and the remaining 36% were spread across a wide range of other industries that each comprised < 5% of the sample). We developed survey items to measure the concerns and expectations shown in Figure 1. We performed cognitive testing on the initial survey draft, which led us to modify the initial list of questions slightly relative to the list of items in Figure 1. For the full survey instrument, see the Appendix.
Survey respondents were asked to rate how worried they were about each privacy concern in general. We also asked them to rate how worried they were about those topics for four specific business tool providers: Facebook (now Meta), Microsoft, Google, and Apple. Similarly, we then asked respondents to rate how important each privacy expectation was in general as well as how well these were currently met by Facebook, Microsoft, Google, and Apple.
Across topics, worry was relatively high, with 57% - 62% of survey respondents stating they worry ‘quite a bit’ or ‘a lot’ about each privacy concern when they consider purchasing or using enterprise tools for their organization. Similarly, privacy expectations were high with 75% - 85% of respondents stating that each expectation was ‘quite important’ or ‘very important’. Moreover, all privacy concerns were moderately to highly correlated with each other (correlations for privacy concerns were all r > .53; range = .53 - .69). So if someone worries about one privacy concern, they’re more likely to also worry about most other privacy concerns. Similarly, all privacy expectations were also moderately to highly correlated with each other (correlations for privacy expectations were all r > .40; range = .40 - .61). So if someone has high expectations in one area related to privacy, they more likely have high expectations in most other areas we measured.
Interestingly, enterprise privacy concerns and expectations appear to be driven more by the topic than by the brand, which mirrors privacy concerns for consumer apps (Hepler & Rutherford, 2021). So for example, the privacy topics that caused the most (least) concern for one app also tended to cause the most (least) concern for the other brands we asked about; although there were a few exceptions to this pattern, they were exceptions rather than the norm.
Figure 2. Percent of respondents who worry ‘quite a bit’ or ‘a lot’ about each topic.
Figure 3. Percent of respondents who rate each topic as 'quite' or 'very' important
Implications
The fact that privacy concerns and expectations are similar across brands in our research suggests that enterprise tool decision makers and users may tend to look for the same privacy features and assurances across the market. As a result, companies developing enterprise tools could use the list of concerns and expectations we identified in this research as a useful starting point when considering where to invest in privacy features for their products, regardless of their specific enterprise product space or brand perceptions.
However, we did observe a brand reputation effect, in which some brands were consistently rated higher or lower than other brands for most concerns and most expectations (with a few exceptions). This suggests that there may be something of a brand halo for certain brands (perhaps based on their reputation) that can increase or decrease privacy concerns and expectations in general for that brand, but which ultimately results in a similar rank order for prioritizing which privacy topics to address with features or other assurances.
It was particularly interesting to observe this topic-level pattern of results among enterprise decision makers who are experts in their domain and should have a good understanding of key privacy differences across major enterprise brands. Ultimately, this result suggests that topic-level beliefs may play an outsized role in driving enterprise tool decisions relative to brand-specific beliefs.
Appendix: Research Methods
Study 1: Identifying Privacy Concerns and Expectations
We interviewed 69 enterprise tool decision makers for SaaS products and end-users across five markets between May - July 2021: United States, United Kingdom, France, Brazil, and India. To identify privacy concerns and expectations, we asked the following questions, which were adapted from previous research that identified privacy concerns about consumer apps (Hepler & Blasiola, 2021).
Please describe any concerns you have about privacy when using SaaS tools, and briefly explain why you're concerned about those things. [Open ended]
In your opinion, what could be done to address your concerns about privacy when using SaaS tools? [Open ended]
In addition, participants were randomly assigned to be asked one of the following two question sets:
Set 1
Please describe any concerns you have about the data SaaS tools collect, and briefly explain why you're concerned about those things. [Open ended]
In your opinion, what could be done to address your concerns about the data SaaS tools collect? [Open ended]
Set 2
Please describe any concerns you have about the way SaaS tools use the data they collect, and briefly explain why you're concerned about those things. [Open ended]
In your opinion, what could be done to address your concerns about the way SaaS tools use the data they collect? [Open ended]
Responses were thematically analyzed. A subset of 20% of responses were double coded to ensure objectivity of coding. Emerging themes were collapsed into broader super-themes by an independent researcher and in discussion with the lead researcher. Super-themes were finally bucketed into groups under ‘Privacy concerns’ and ‘Privacy expectations’ headings.
Study 2: Enterprise Privacy Scale
In Study 1, we identified 15 privacy concerns and 11 privacy expectations. We created survey questions for each concern and expectation. We then conducted cognitive testing through 10 expert interviews to assess whether these questions were (a) understood as intended, (b) seen as differentiated from one another, and (c ) seen as single constructs. Following the interviews, we re-phrased several items and pulled apart some that appeared double-barrelled ending with a list of 15 privacy concern questions and 14 privacy expectation questions.
We administered our survey between October - November 2021 to a sample of 1,193 enterprise tool decision makers from four markets: United States, Fance, Brazil, and India. We supplemented this with a sample of 301 end users of SaaS software from the United States. The sample was evenly split across three company size buckets: 50-500, 501-5000, and over 5000 and was recruited from a wide range of industries (34% technology and software, 9% finance and insurance, 7% retail, 7% construction, 7% medicine and health, and the remaining 36% were spread across a wide range of other industries that each comprised < 5% of the sample).
In addition to asking about the privacy concerns and expectations at a general level, we also included survey items to evaluate these concerns and expectations for specific enterprise brands Facebook, Microsoft, Google, and Apple. We collected the survey prior to Facebook’s rebranding to Meta.
Survey item wording for privacy concern questions.
Note that the table below lists the question wording for the “general” version of these questions. The brand-specific versions swapped in a specific brand name (ex: “Facebook”) in place of the term “a software provider”.
Response options for each question: Not at all, Only a little, Somewhat, Quite a bit, A lot
How much if at all does it worry you that a software provider …
Survey item wording for privacy expectation questions.
Note that the table below lists the question wording for the “general” version of these questions. The brand-specific versions swapped in a specific brand name (ex: “Facebook”) in place of the term “a software provider”.
Response options for each question: Not at all important, A little important, Somewhat important, Quite important, Very important
How important if at all is it for you that a software provider …
