Exploring privacy concerns and expectations for enterprise products

Publication date: 05/25/2022

Author’s note: Product teams at Meta rely on research along with other external factors to design and build products. This article discusses research conducted by Meta's Research Team to better understand people’s privacy needs.

Abstract

Identifying privacy needs for enterprise tools* could help developers create more useful tools for businesses.

Using a combination of interview and survey research, we identified key privacy concerns and expectations that enterprise tool decision makers have when considering which tools to adopt for their companies.

Interestingly, decision makers tended to have the same concerns and expectations for enterprise tools from different brands, suggesting that enterprise developers may benefit from focusing on a core list of privacy needs when creating enterprise tools.

*”Enterprise tools” refers to software and hardware built for the needs of a business or organization, in contrast with software and hardware built for the needs of individual consumers.

Report

Privacy is a key driver of trust and adoption when businesses consider enterprise tools (software and hardware built for the needs of a business or organization). Yet, little research exists about the privacy needs that decision makers keep in mind when they’re evaluating enterprise software or hardware. Because identifying and understanding these needs could help enterprise developers create more useful tools for businesses, we conducted research to advance this topic.

As a first step, we interviewed employees at businesses that use enterprise tools across the United States, United Kingdom, Fance, Brazil, and India. During the interviews, we asked participants to describe their privacy and data concerns and needs for enterprise tools. For additional method details including information about the sample of participants and the specific questions asked, see the Appendix below.

Similar to consumer privacy (see Hepler & Blasiola, 2021), “privacy” in the enterprise space is an umbrella term that can mean a range of different things. Our research participants articulated 15 privacy concerns that we grouped into four high-level themes: Data access, data storage, data control, and data misuse. In addition to concerns, our participants also articulated 11 privacy expectations they had for enterprise tools that we grouped into the three high-level themes: Expectations pre sign-up, post sign-up, and related to data management. For the specific concerns and expectations, see Figure 1.

Figure 1. Core privacy concerns and expectations for enterprise products.

Figure caption. “Customer” = an organization that purchases or subscribes to an enterprise tool provided by another company. “Provider” = a company that creates and then sells or licenses an enterprise tool to another organization. “Competitors or third parties” = organizations other than the enterprise tool provider and customer being discussed. “SaaS” = Software as a service, a form of enterprise tool.

Next, we wanted to quantify these privacy concerns and expectations for enterprise tool users to discover how common they are. To do this, we surveyed 1,193 employees who make decisions about adopting enterprise tools at their businesses along with 301 employees who use enterprise tools where they work. The decision-maker sample was from the United States, Fance, Brazil, and India, and the employee sample was from the United States. The sample was evenly split across three company size buckets: 50-500, 501-5000, and over 5000 and was recruited from a wide range of industries (34% technology and software, 9% finance and insurance, 7% retail, 7% construction, 7% medicine and health, and the remaining 36% were spread across a wide range of other industries that each comprised < 5% of the sample). We developed survey items to measure the concerns and expectations shown in Figure 1. We performed cognitive testing on the initial survey draft, which led us to modify the initial list of questions slightly relative to the list of items in Figure 1. For the full survey instrument, see the Appendix.

Survey respondents were asked to rate how worried they were about each privacy concern in general. We also asked them to rate how worried they were about those topics for four specific business tool providers: Facebook (now Meta), Microsoft, Google, and Apple. Similarly, we then asked respondents to rate how important each privacy expectation was in general as well as how well these were currently met by Facebook, Microsoft, Google, and Apple.

Across topics, worry was relatively high, with 57% - 62% of survey respondents stating they worry ‘quite a bit’ or ‘a lot’ about each privacy concern when they consider purchasing or using enterprise tools for their organization. Similarly, privacy expectations were high with 75% - 85% of respondents stating that each expectation was ‘quite important’ or ‘very important’. Moreover, all privacy concerns were moderately to highly correlated with each other (correlations for privacy concerns were all r > .53; range = .53 - .69). So if someone worries about one privacy concern, they’re more likely to also worry about most other privacy concerns. Similarly, all privacy expectations were also moderately to highly correlated with each other (correlations for privacy expectations were all r > .40; range = .40 - .61). So if someone has high expectations in one area related to privacy, they more likely have high expectations in most other areas we measured.

Interestingly, enterprise privacy concerns and expectations appear to be driven more by the topic than by the brand, which mirrors privacy concerns for consumer apps (Hepler & Rutherford, 2021). So for example, the privacy topics that caused the most (least) concern for one app also tended to cause the most (least) concern for the other brands we asked about; although there were a few exceptions to this pattern, they were exceptions rather than the norm.

Figure 2. Percent of respondents who worry ‘quite a bit’ or ‘a lot’ about each topic.

Figure 3. Percent of respondents who rate each topic as 'quite' or 'very' important

Implications

The fact that privacy concerns and expectations are similar across brands in our research suggests that enterprise tool decision makers and users may tend to look for the same privacy features and assurances across the market. As a result, companies developing enterprise tools could use the list of concerns and expectations we identified in this research as a useful starting point when considering where to invest in privacy features for their products, regardless of their specific enterprise product space or brand perceptions.

However, we did observe a brand reputation effect, in which some brands were consistently rated higher or lower than other brands for most concerns and most expectations (with a few exceptions). This suggests that there may be something of a brand halo for certain brands (perhaps based on their reputation) that can increase or decrease privacy concerns and expectations in general for that brand, but which ultimately results in a similar rank order for prioritizing which privacy topics to address with features or other assurances.

It was particularly interesting to observe this topic-level pattern of results among enterprise decision makers who are experts in their domain and should have a good understanding of key privacy differences across major enterprise brands. Ultimately, this result suggests that topic-level beliefs may play an outsized role in driving enterprise tool decisions relative to brand-specific beliefs.