Privacy is one of the few concepts that has been studied across many disciplines, but is still difficult to grasp. The current understanding of privacy is largely fragmented and discipline-dependent. This study develops and tests a framework of information privacy and its correlates, the latter often being confused with or built into definitions of information privacy per se. Our framework development was based on the privacy theories of Westin and Altman, the economic view of the privacy calculus, and the identity management framework of Zwick and Dholakia. The dependent variable of the model is perceived information privacy. The particularly relevant correlates to information privacy are anonymity, secrecy, confidentiality, and control. We posit that the first three are tactics for information control; perceived information control and perceived risk are salient determinants of perceived information privacy; and perceived risk is a function of perceived benefits of information disclosure, information sensitivity, importance of information transparency, and regulatory expectations. The research model was empirically tested and validated in the Web 2.0 context, using a survey of Web 2.0 users. Our study enhances the theoretical understanding of information privacy and is useful for privacy advocates, and legal, management information systems, marketing, and social science scholars.The authors comment that
Privacy has been studied for more than 100 years in almost all spheres of social science, most notably law, economics, psychology, management, marketing, and management information systems. Amazingly, however, it is also a concept that ‘is in disarray [and n]obody can articulate what it means’ (Solove, 2006, p. 477). Margulis (1977) noted the variety of conceptualizations of privacy and the disagreement among scholars on what privacy is. The lack of a clear, concrete, measurable, and empirically testable conceptualization of privacy affects many aspects of the society – the vagueness of the concept fails to guide adjudication and lawmaking (Bennett, 1992; Solove, 2006), as well as formation of government and organizational management policies and practices regarding the privacy and security of employees, consumers and clients, and citizens. Numerous attempts have been made by scholars to define and develop a coherent understanding of privacy and to integrate the different perspectives from different fields. The picture of privacy that emerges is fragmented and usually discipline-specific. The concepts, definitions, and relationships are inconsistent and neither fully developed nor empirically validated.
In Law, many scholars defined privacy as a ‘right’ or ‘entitlement’ (e.g., Warren & Brandeis, 1890); others from other disciplines, including philosophy and psychology, define it as a ‘state of limited access or isolation’ (e.g., Schoeman, 1984); and yet another group of scholars, particularly from the social sciences and information systems used ‘control’ as a definition of privacy (Westin, 1967; Culnan, 1993). Privacy ‘has been described as multidimensional, elastic, depending upon context, and dynamic in the sense that it varies with life experience’ (Xu et al, 2011, p. 799). And yet, ‘much of the work y has come from groups with a single point of view (e.g., civil liberties advocates, trade associations) and/or a mission that is associated with a point of view (e.g., regulatory agencies)’ (Waldo et al, 2007, p. vii). Many overlapping concepts, such as intrusion, deception, secrecy, anonymity, have been built into the definition of privacy and have added to the confusion (Margulis, 2003a, b). Moreover, very few have been empirically measured or tested. As Solove (2006, p. 479) notes, ‘privacy seems to be about everything, and therefore it appears to be about nothing’. In its report on the status of privacy research, the Committee of Privacy in the Information Age at the National Research Council of the National Academy of Sciences notes that it was ‘struck by the extraordinary complexity associated with the subject of privacy’, and that ‘the notion of privacy is fraught with multiple meanings, interpretations, and value judgments’ (Waldo et al, 2007, p. x).
Solove (2006) also notes that many discussions about privacy are targeted toward people’s fears and anxiety to the extent that the expression ‘this violates my privacy’ or ‘my privacy should be protected’ has become more a product of instinctive recoil void of meaning rather than a well-articulated statement carrying reason and a specific relevance. The difficulty in articulating what constitutes privacy, and thus what constitutes harm to privacy, translates into policymaker’s and the courts’ difficulty in defending privacy interests. This further leads to dismissing cases and disregarding organizational and government problems (Solove, 2006).
Given these challenges and murky conceptual waters, our study attempts to build a more rigorous, empirically testable framework of privacy and its correlates, which have often been confused with or built into the definitions of privacy per se. The specific research goals of our study are to (i) identify the appropriate conceptualization of privacy and the correlates that previously have been closely associated or confused with privacy; and (ii) develop empirical measures and test a nomological model of these correlates to examine their relationship to privacy and their distinctness from it.
We believe that our study is timely and needed. The dynamic globalization of the economy and information technology (IT), and the ubiquitous distributed storage and sharing of data puts the issue of information privacy at the forefront of society policies and practices. This development contributes to the urgency and need for finding a better and common framework for privacy, and information privacy in particular, that can be used across multiple areas that affect social life.
The focus of our paper is information privacy, although we found that in public and political discourse, as well as in various research streams, a clear distinction between physical and information privacy is not made. For example, polls and surveys ask about ‘privacy’ rather than ‘information privacy’. In many disciplines, including law, marketing, management information systems and economics, physical privacy concepts and definitions are directly applied to information privacy, providing continuity in the nomological models associated with information privacy (Smith et al, 2011). Analogously, we will use earlier, general privacy concepts to derive and analyze information privacy-specific concepts. In an attempt to be as clear as possible in our framework, throughout the remainder of this paper we will use the term ‘privacy’ to refer to ‘information privacy’. We will refer to ‘general privacy’ when we use previous studies and theories that are relevant to information privacy, but did not specify whether the term ‘privacy’ concerns physical or information privacy.
The overarching models guiding this process are the general privacy theories of Altman (1974, 1975), Westin (1967), and Margulis (1977, 2003a, b; see Margulis, 2003a for a review) and the general privacy taxonomy developed by Solove (2006). Each of these identifies a set of privacy dimensions but to the best of our knowledge have not been empirically validated. In addition, we employ the Zwick & Dholakia’s (2004) conceptualization of identity management that will help us rigorously define and operationalize the tactics of information control we will identify in the study.We conducted a survey study to test the research model.
In what follows, we first describe the literature review for our research, presenting the overarching theories and privacy definitions that guide the development of the research model. Then we develop the logic underlying the research model that presents the process through which individuals form privacy perceptions. This is followed by a description of the research methodology, choice of context to empirically test our model, and our findings. The paper concludes with a discussion of the results and implications of the findings.