'Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts' by Tamara Dinev, Heng Xu, Jeff H. Smith and Paul Hart in (2013) 22
European Journal of Information Systems 295–316 argues that
Privacy is one of the few concepts that has been studied across many
disciplines, but is still difficult to grasp. The current understanding of privacy is
largely fragmented and discipline-dependent. This study develops and tests a
framework of information privacy and its correlates, the latter often being
confused with or built into definitions of information privacy per se. Our
framework development was based on the privacy theories of Westin and
Altman, the economic view of the privacy calculus, and the identity management
framework of Zwick and Dholakia. The dependent variable of the model
is perceived information privacy. The particularly relevant correlates to
information privacy are anonymity, secrecy, confidentiality, and control. We
posit that the first three are tactics for information control; perceived
information control and perceived risk are salient determinants of perceived
information privacy; and perceived risk is a function of perceived benefits of
information disclosure, information sensitivity, importance of information
transparency, and regulatory expectations. The research model was empirically
tested and validated in the Web 2.0 context, using a survey of Web 2.0 users.
Our study enhances the theoretical understanding of information privacy and is
useful for privacy advocates, and legal, management information systems,
marketing, and social science scholars.
The authors comment that
Privacy has been studied for more than 100 years in almost all spheres of
social science, most notably law, economics, psychology, management,
marketing, and management information systems. Amazingly, however,
it is also a concept that ‘is in disarray [and n]obody can articulate what
it means’ (Solove, 2006, p. 477). Margulis (1977) noted the variety of
conceptualizations of privacy and the disagreement among scholars on
what privacy is. The lack of a clear, concrete, measurable, and empirically
testable conceptualization of privacy affects many aspects of the society –
the vagueness of the concept fails to guide adjudication and lawmaking
(Bennett, 1992; Solove, 2006), as well as formation of government and
organizational management policies and practices regarding the privacy
and security of employees, consumers and clients, and citizens.
Numerous attempts have been made by scholars to define and develop a
coherent understanding of privacy and to integrate the different perspectives
from different fields. The picture of privacy that emerges
is fragmented and usually discipline-specific. The concepts,
definitions, and relationships are inconsistent and
neither fully developed nor empirically validated.
In Law,
many scholars defined privacy as a ‘right’ or ‘entitlement’
(e.g., Warren & Brandeis, 1890); others from other
disciplines, including philosophy and psychology, define
it as a ‘state of limited access or isolation’ (e.g., Schoeman,
1984); and yet another group of scholars, particularly
from the social sciences and information systems used
‘control’ as a definition of privacy (Westin, 1967; Culnan,
1993). Privacy ‘has been described as multidimensional,
elastic, depending upon context, and dynamic in the
sense that it varies with life experience’ (Xu et al, 2011,
p. 799). And yet, ‘much of the work y has come from
groups with a single point of view (e.g., civil liberties
advocates, trade associations) and/or a mission that is
associated with a point of view (e.g., regulatory agencies)’
(Waldo et al, 2007, p. vii). Many overlapping concepts,
such as intrusion, deception, secrecy, anonymity, have
been built into the definition of privacy and have added
to the confusion (Margulis, 2003a, b). Moreover, very few
have been empirically measured or tested. As Solove
(2006, p. 479) notes, ‘privacy seems to be about everything,
and therefore it appears to be about nothing’. In its
report on the status of privacy research, the Committee of
Privacy in the Information Age at the National Research
Council of the National Academy of Sciences notes that it
was ‘struck by the extraordinary complexity associated
with the subject of privacy’, and that ‘the notion of
privacy is fraught with multiple meanings, interpretations,
and value judgments’ (Waldo et al, 2007, p. x).
Solove (2006) also notes that many discussions about
privacy are targeted toward people’s fears and anxiety to
the extent that the expression ‘this violates my privacy’
or ‘my privacy should be protected’ has become more a
product of instinctive recoil void of meaning rather than
a well-articulated statement carrying reason and a specific
relevance. The difficulty in articulating what constitutes
privacy, and thus what constitutes harm to privacy,
translates into policymaker’s and the courts’ difficulty
in defending privacy interests. This further leads to
dismissing cases and disregarding organizational and
government problems (Solove, 2006).
Given these challenges and murky conceptual waters,
our study attempts to build a more rigorous, empirically
testable framework of privacy and its correlates, which
have often been confused with or built into the definitions
of privacy per se. The specific research goals of our
study are to (i) identify the appropriate conceptualization
of privacy and the correlates that previously have
been closely associated or confused with privacy; and
(ii) develop empirical measures and test a nomological
model of these correlates to examine their relationship to
privacy and their distinctness from it.
We believe that our study is timely and needed. The
dynamic globalization of the economy and information
technology (IT), and the ubiquitous distributed storage
and sharing of data puts the issue of information privacy
at the forefront of society policies and practices. This
development contributes to the urgency and need for
finding a better and common framework for privacy, and
information privacy in particular, that can be used across
multiple areas that affect social life.
The focus of our paper is information privacy, although
we found that in public and political discourse, as well as
in various research streams, a clear distinction between
physical and information privacy is not made. For
example, polls and surveys ask about ‘privacy’ rather
than ‘information privacy’. In many disciplines, including
law, marketing, management information systems
and economics, physical privacy concepts and definitions
are directly applied to information privacy, providing
continuity in the nomological models associated with
information privacy (Smith et al, 2011). Analogously, we
will use earlier, general privacy concepts to derive and
analyze information privacy-specific concepts. In an
attempt to be as clear as possible in our framework,
throughout the remainder of this paper we will use the
term ‘privacy’ to refer to ‘information privacy’. We will
refer to ‘general privacy’ when we use previous studies
and theories that are relevant to information privacy, but
did not specify whether the term ‘privacy’ concerns
physical or information privacy.
The overarching models guiding this process are the
general privacy theories of Altman (1974, 1975), Westin
(1967), and Margulis (1977, 2003a, b; see Margulis, 2003a
for a review) and the general privacy taxonomy developed
by Solove (2006). Each of these identifies a set of
privacy dimensions but to the best of our knowledge have
not been empirically validated. In addition, we employ
the Zwick & Dholakia’s (2004) conceptualization of
identity management that will help us rigorously define
and operationalize the tactics of information control we
will identify in the study.We conducted a survey study to
test the research model.
In what follows, we first describe the literature review
for our research, presenting the overarching theories and
privacy definitions that guide the development of the
research model. Then we develop the logic underlying
the research model that presents the process through
which individuals form privacy perceptions. This is
followed by a description of the research methodology,
choice of context to empirically test our model, and our
findings. The paper concludes with a discussion of the
results and implications of the findings.
