How you are seen to protect your customers' personal information can have a huge effect on your brand – and your bottom line, according to a new report.

Security researcher Ponemon Institute released its list of the "Top 20 Most Trusted Companies for Privacy", based on a survey of 6,627 US adults. Some 38,000 individual companies got mentioned, 229 of which were ranked more than 20 times. American Express was top of the list, followed by IBM, Johnson & Johnson, HP, and eBay.

No small businesses actually made the Top 20 – could it be because 56 percent of small businesses don't even have a privacy policy on their Web sites? – but the Ponemon results still provide a useful lesson. Facebook, for example, made the list last year but not the current one – which comes as no surprise, as 2009 saw the site face serious security breaches as well as a very public debate about their privacy policies.

Said Larry Ponemon, the Michigan-based institute's chairman and founder, in the report:  "Facebook draws a great deal of attention because they have chosen to innovate on the issue of privacy in a highly visible manner, and while they were rewarded for their efforts last year, consumer were less kind to them this year, showing just how important privacy protection is as a brand asset."

Mike Spinney, a Ponemon senior privacy analyst, thinks Facebook may return to this list. On his blog he praised the company's "transparent approach to privacy" and "typical responsiveness to public comment," saying he believed it would serve the company well in the long run. (What other movement was there in the Top 20? Besides Facebook, AOL and eLoan dropped off the list. Four not listed the previous year who made the cut this year: Google, Weight Watchers, Walmart and AT&T.

The study also found that consumers' feeling of control of their personal information is dropping steadily: 41 percent in 2010, down from 45 percent in 2009, which was down from 56 percent in 2006, the first year the study was conducted.

A top area of concern for those surveyed: Identity theft. Nearly 60 percent of those surveyed rated the subject a major factor in how much they trust a brand. Other threats to brand trust: Abuse of civil liberties and annoying "background chatter" in public venues. Translation: Lay off the unnecessary Twitter and Facebook updates.

How can you help encourage trust? Sixty percent of those surveyed said "substantial" security protections were a huge plus, while 53 percent gave great weight to accurate data collection and use. Ponemon cautions that the latter also includes marketing. You should gather all the information you can from customers, but be careful what you do with it.

"Any time customers receive marketing that's irrelevant or annoying, it's a privacy issue to them," Ponemon said.

Not surprisingly, Fran Maier, CEO of TrustE, which monitors online privacy practices, advocates a sturdy privacy policy – a survey done for the company last year revealed that of the less than half of small businesses who actually had a policy, a third had just cut and pasted it from elsewhere. (Looking for some help crafting yours? Click here.)

Niceties that may be overlooked – such as privacy – she says "are the very elements that give small businesses an edge over their competitors. Especially in times of economic downturn, a good brand reputation is something small businesses should not jeopardize."

What do you think? Does your business have a written privacy policy? And do you think Facebook's new policies are cause for alarm?