The role of privacy policy on consumers’ perceived privacy
Introduction
We live in the era of big data that dramatically transforms the way we make decisions (Janssen, van der Voort, & Wahyudi, 2017). Big data is the “data sets whose size is beyond the ability of typical database software tools to capture, store, manage, and analyze” (Manyika, Chui, Brown et al., 2011). New information and communication technologies (ICTs) have enabled the big data trend by providing the capability to capture and store huge amounts of consumer data which serves as the core of the big data trend (Chen, Chiang, & Storey, 2012). When properly collected, stored, and processed, consumer data may allow organizations to understand customer behaviors and preferences. Such knowledge is valuable in customizing and personalizing products and services to meet customer needs, thereby equipping companies with a competitive advantage (Erevelles, Fukawa, & Swayne, 2016).
While businesses are eager to access customer data, privacy factor remains the most salient issue that must be solved before organizations could capitalize on the value of a data-centric service economy (Janssen & van den Hoven, 2015; TRUSTe, 2011). Given that each piece of data leaves behind electronic trails of customer activities, individuals are concerned about how companies collect and use their private information (Janssen & Kuk, 2016; Morey, Forbath, & Schoop, 2015) This situation, together with the increasing number of online information leaks, heightens customers' privacy concerns toward information risk (Drinkwater, 2016). Therefore, it is important that companies are aware and capable of handling the risks because they could pose long-term damaging effects on companies as well as cause economic losses (Culnan, 1993).
The risks have led governments to enact privacy regulations and policies (e.g., European Directive EC 95/461995 and United States Federal Trade Commission (FTC)’s Fair Information Practice Principles (FIPPs)) to protect people from potential harmful acts. Companies must comply with these regulations and devise effective privacy management strategies to address privacy issues. This would require knowledge of how people make decisions about revealing and concealing private information.
Petronio (2012)’s communication privacy management (CPM) theory used a boundary metaphor to explain how people make decisions about revealing and concealing information, which is known as ‘privacy boundary formation.’ In impersonal contexts such as those between customers and companies, the form by which companies use customer data (i.e., organizational information practices) is salient to the formation of an individual's privacy boundary (Dinev, Xu, Smith, & Hart, 2013; Metzger, 2007). In the process of forming privacy boundary, consumers also reference their governments' privacy regulations (Xu, Dinev, Smith, & Hart, 2011).
Weighing the interplay among consumers' privacy boundary formation, organizations' information practices, and government's regulations as well as the current findings in the literature, we realize that there are gaps that have to be addressed so that a better understanding of consumers' privacy boundary formation can be achieved. First, previous research has not fully examined the effect of government's privacy policy. In fact, these studies are either considering only some of the dimensions (e.g., Libaque-Saenz, Chang, Kim, Park, & Rho, 2016; Libaque-Saenz, Chang, Wong, & Lee, 2015; Libaque-Saenz, Wong, Chang, Ha, & Park, 2016) or have not even delved into its specific dimensions at all (e.g., Xu et al., 2011; Xu, Teo, Tan, & Agarwal, 2012). Since each principle of the privacy regulations may have different effect, organizations need to determine which is exerting stronger impact on individuals' decisions in order to draw adequate strategies (Schwaig, Kane, & Storey, 2006),
Second, while prior research has focused on various dependent variables such as privacy concerns, intrinsic motivation, trust, information sensitivity, intention to disclose personal information and compliance intention (e.g., Bansal, Zahedi, & Gefen, 2010; Dinev & Hart, 2006a; Joinson, Reips, Buchanan, & Schofield, 2010; Lee, Lim, Kim, Zo, & Ciganek, 2015; Lowry, Cao, & Everard, 2011; Tsai, Egelman, Cranor, & Acquisti, 2011), it has not placed the complete organizational information practices within the recursive and wholeness view of privacy boundary formation model to explore their effect in the online context. Recognizing this gap, researchers (e.g., Bansal & Gefen, 2015; Dinev et al., 2013; Kehr, Kowatsch, Wentzel, & Fleisch, 2015) have called for scholars to further explore online privacy boundary formation and rationality.
Our research aims to fill these two research gaps by proposing and empirically testing a Privacy Boundary Management Model (PBMM) that is grounded on Petronio (2012)’s Communication Privacy Management Theory, Higgins (1997)’s Regulatory Focus Theory and Xu et al. (2011)’s application of CPM in the context of information privacy to provide a complete view of customers' privacy boundary management process. We collected the data from bank customers in Malaysia who are using online banking services because the banking sector contains a wealth of sensitive private information that many consumers would be reluctant to disclose to third parties. Therefore, we expect these consumers to act more conservatively as regards the sharing and disclosure of their banking data.
The rest of the paper is structured as follows. Section 2 reviews the theoretical background and section 3 discusses the research model and the hypotheses. Section 4 describes the research method while section 5 discusses the results. Section 6 provides the discussion, implications, research limitations, future research, and concluding remarks.
Section snippets
Online banking
Online banking refers to the use of banking services through the Internet (Yiu, Grant, & Edgar, 2007). Although it started as a channel to present information, this technology has evolved and nowadays allows customers to perform various transactions such as paying bills, transferring money, and checking account balances through the bank's website. The use of this technology has expanded worldwide due to its cost savings and convenience (Pikkarainen, Pikkarainen, Karjaluoto, & Pahnila, 2004). As
Boundary rule formation: risk-control assessment
The calculus perspective of privacy, which incorporates the interplay between risk and control (Dinev & Hart, 2006a; Dinev et al., 2013), is the most useful framework for analyzing contemporary consumer privacy concerns (Culnan & Bies, 2003). Xu et al. (2011, p. 804) defined privacy control as “a perceptual construct reflecting an individual's beliefs in his or her ability to manage the release and dissemination of personal information.” The risk-control literature posits a positive
Scale development
We adapted validated measurement items from the literature. Items for measuring perceived privacy were adopted from Dinev et al. (2013). Perceived privacy risk was measured using four Likert-scale questions adapted from Dinev and Hart (2006a) and Malhotra et al. (2004). Perceived privacy control, privacy concerns and perceived effectiveness of privacy policy were measured using items taken from Xu et al. (2011). Trust were adapted from Paul A. Pavlou (2003) and Wu et al. (2012). Items that
Results
We used Partial Least Squares (PLS) to analyze the data. PLS is a powerful second generation modeling technique that is suitable for theory testing in exploratory studies. It simultaneously assesses measurement and structural models in an optimal fashion and analyzes complex causal models involving multiple constructs with multiple observed items (Chin, 1998). PLS also places minimal restrictions on measurement scales, sample size, and residual distributions (Chin, 1998). To decide the minimum
Discussion of the findings
The results showed that the proposed model accounted for high percentage of the variance in perceived privacy. For organizations, the results imply that the factors identified in our privacy boundary management model for the formation of perceived privacy can be manipulated to yield the desired effects. All hypotheses are supported, except that on the relationship between choice and perceived effectiveness of privacy policy and privacy risk to perceived privacy.
Choice implies that customers
Acknowledgement
This work is supported by funding from the Malaysia Ministry of Higher Education, Fundamental Research Grant Scheme (FRGS), Project number: FRGS/1/2014/SS05/SYUC/02/1.
Younghoon Chang is an Associate Professor in the School of Management and Economics at Beijing Institute of Technology, Beijing, China. He received his PhD degree in Business & Technology Management from Korea Advanced Institute of Science and Technology (KAIST), South Korea. His research interests include Information privacy, ICT4D, e-business, business analytics and HCI. His articles have appeared in the Government Information Quarterly, Journal of Global Information Management, Behavior and
References (108)
- et al.
When changing the look of privacy policies affects user trust: An experimental study
Computers in Human Behavior
(2016) - et al.
The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online
Decision Support Systems
(2010) - et al.
Compliance to personal data protection principles: A study of how organizations frame privacy policy notices
Telematics and Informatics
(2017) - et al.
Unveiling the coverage patterns of newspapers on the personal data protection act
Government Information Quarterly
(2017) - et al.
Big data consumer analytics and the transformation of marketing
Journal of Business Research
(2016) - et al.
The challenges and limits of big data algorithms in technocratic governance
Government Information Quarterly
(2016) - et al.
Big and open linked data (BOLD) in government: A challenge to transparency and privacy?
Government Information Quarterly
(2015) - et al.
Factors influencing big data decision-making quality
Journal of Business Research
(2017) - et al.
Compensation paradox: The influence of monetary rewards on user behaviour
Behaviour & Information Technology
(2015) - et al.
Beyond concern—A privacy-trust-behavioral intention model of electronic commerce
Information Management
(2005)
Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices
Journal of Interactive Marketing
Compliance to the fair information practices: How are the fortune 500 handling online privacy disclosures?
Information Management
Privacy, trust and control: Which relationships with online self-disclosure?
Computers in Human Behavior
Intrinsic and extrinsic motivation in internet usage
Omega
Privacy issues and human-computer interaction
Computer
A meta-analysis of 25 years of mood-creativity research: Hedonic tone, activation, or regulatory focus?
Psychological Bulletin
Social cognitive theory: An agentic perspective
Annual Review of Psychology
The role of privacy assurance mechanisms in building trust and the moderating role of privacy concern
European Journal of Information Systems
The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation
Online privacy concerns and privacy management: A meta-analytical review
Journal of Communication
Privacy in the digital age: A review of information privacy research in information systems
MIS Quarterly
Regulating privacy: data protection and public policy in Europe and the United States
A gap in perceived importance of privacy policies between individuals and companies
Misplaced confidences privacy and the control paradox
Social Psychological and Personality Science
Convergent and discriminant validation by the multitrait-multimethod matrix
Psychological Bulletin
Perceived information security, financial liability and consumer trust in electronic commerce transactions
Logistics Information Management
Business intelligence and analytics: From big data to big impact
MIS Quarterly
The partial least squares approach to structural equation modeling
Personal data protection and privacy law in Malaysia
Convention for the protection of individuals with regard to automatic processing of personal data
" how did they get my name?": An exploratory investigation of consumer attitudes toward secondary information use
MIS Quarterly
Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation
Organization Science
Consumer privacy: Balancing economic and justice considerations
Journal of Social Issues
The second exchange: Managing customer information in marketing relationships
How ethics can enhance organizational privacy: Lessons from the choicepoint and TJX data breaches
MIS Quarterly
An extended privacy Calculus model for SNSs: Analyzing self-disclosure and self-withdrawal in a representative US sample
Journal of Computer-Mediated Communication
An extended privacy calculus model for e-commerce transactions
Information Systems Research
Internet privacy concerns and social awareness as determinants of intention to transact
International Journal of Electronic Commerce
Information privacy and correlates: An empirical attempt to bridge and distinguish privacy-related concepts
European Journal of Information Systems
A model of perceived risk and intended risk-handling activity
Journal of Consumer Research
Does a data breach really affect your firm's reputation
Innovative web use to learn about consumer behavior and online privacy
Communications of the ACM
Influence of the web vendor's interventions on privacy-related behaviors in e-commerce
Communications of the Association for Information Systems
A primer for soft modeling
Consumer trust, perceived security and privacy policy: Three basic elements of loyalty to a web site
Industrial Management & Data Systems
Evaluating structural equation models with unobservable variables and measurement error
Journal of Marketing Research
Privacy concerns and benefits in SaaS adoption by individual users: A trade-off approach
Information Development
Structural equation modeling and regression: Guidelines for research practice
Communications of the Association for Information Systems
Fair information practices: A basic history
An assessment of the use of partial least squares structural equation modeling in marketing research
Journal of the Academy of Marketing Science
Cited by (0)
Younghoon Chang is an Associate Professor in the School of Management and Economics at Beijing Institute of Technology, Beijing, China. He received his PhD degree in Business & Technology Management from Korea Advanced Institute of Science and Technology (KAIST), South Korea. His research interests include Information privacy, ICT4D, e-business, business analytics and HCI. His articles have appeared in the Government Information Quarterly, Journal of Global Information Management, Behavior and Information Technology, Industrial Management & Data Systems as well as in the proceedings of international conferences. He is currently serving as an editorial review board member of Journal of Computer Information Systems.
Siew Fan Wong is an Adjunct Associate Professor in the Department of Computing and Information Systems at Sunway University, Malaysia. She received her PhD degree in MIS from the University of Houston, Texas. Her research interests involve organizational IT strategy, digital inclusion, information privacy and business analytics. Her publications have appeared in journals such as the Government Information Quarterly, Journal of Global Information Management, International Journal of Information Management, Industrial Management & Data Systems, Information Development, and Telematics and Informatics as well as in the proceedings of international conferences. She is currently serving as an associate editor of International Journal of Business Intelligence Research.
Christian Fernando Libaque-Saenz is a Professor and Researcher at Universidad del Pacífico, Lima, Peru. He received his BS degree in Telecommunications Engineering from the Universidad Nacional de Ingeniería (Lima-Peru), and his MA and PhD degrees in Information and Telecommunication Technology from the Korea Advanced Institute of Science and Technology (KAIST). Before starting his studies at KAIST, Christian worked for the Peruvian Ministry of Transport and Communications. Christian's research interests include digital divide, privacy, ICT strategy, human-computer interaction, and spectrum management. His publications have appeared in journals such as the Government Information Quarterly, Telecommunications Policy, Behavior and Information Technology, Telematics and Informatics, as well as in international conferences.
Hwansoo Lee is an Assistant Professor in the Department of Convergence Security at Dankook University, South Korea. He received his PhD degree in Business & Technology Management from Korea Advanced Institute of Science and Technology (KAIST), South Korea. His research focuses on information security & privacy, electronic commerce, and enterprise information systems. His papers have appealed in journals such as Information & Management, Behaviour & Information Technology, Journal of Artificial Societies and Social Simulation, Journal of Global Information Management, Telematics & Informatics. He also received the Best Paper awards at various international and domestic conferences. Further, he has well-qualified experiences related to information systems as a developer and a system analyst. He is currently serving as an editorial review board member of Industrial Management and Data Systems.