Scribd Logo
Upload

Welcome to Scribd!

  • Theories in Online Information Privacy Research

    Uploaded by

    Karan Kapoor
    26 views11 pages

    Original Title

    Theories in online information privacy research

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    26 views11 pages

    Theories in Online Information Privacy Research

    Uploaded by

    Karan Kapoor

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 11
    Dessn Supper Systeme 4 (2012) 471-81 Contents tists available at SciVorse ScienceDirect Decision Support Systems ELSEVIER journal homepage: www.elsevier.com/locate/dse L Theories in online information privacy research: A critical review and an integrated framework Yuan Li* Divison of asin, Matha on sence Cobia Coleg, Celia, 25003, USA ARTICLE INFO ABSTRACT Irae io fete 7 ly 201 ecepted 25 june 2012 ‘valle nine 2 2012 To study the lrmation of online consumers information privacy concer and is effec scholars from dierent perspectives applied multiple theories in research To date, cere has yet to be a systematic review and integra- tio ofthe theories in iterature. To fil the ap. this study reviews iften established theories in online informa- tion privacy research and recognizes the primary contributions and connections of the theories. Based on the review, an integrated frameworks developed for further research. The framework highlights two inerelated trade-offs that nfaence an inva’ information disclosure behavior: the privacy’ cleus (ie, the treo between expected Benefits and privacy risk) and the risk nels (Le, the rade between privacy risks and efficacy of coping mechanisns). These two wade-ffs are roether called the dual-ocs model. A decision table based on the dua-caleulus modes provided to predict an inviduasintention to disclose personal infor ‘nln information peacy Rees Desi mode ‘mation online Implications ofthe study for further research and practice are discussed, (© 2012 Elsevier BY. All rights reserved. 1. Introduction ‘Much research has been conducted from various theoretical per= spectives on individuals’ concems for information privacy in the ‘e-commerce environment {14,49,59,74), Such concerns reflect online ‘consumers worries that theit personal information could be inappro- priately collected, maintained, acessed, o used by online merchants without their consent (547376). Consumers who are concerned about online information privacy would take protective actions tore Gace the risks, such as refusing to provide information to a website, providing inaccurate information, or removing information from a ‘website (75), These actions have significant impacts on online mer chants that rely on customer information to provide personalized products and services [9.70.85] To study online information privacy behavior, scholars from di ferent perspectives adopted multiple theories in research, including the procedural fairness theory [20,83 the theory of reasoned action, 24,64), the expectancy theory [24.35], the social contract theory [31,54] the protection mativation theory [17,88 and the socal pres= tence theory [50389], among others. These theories interpret the for ‘mation of online consumets' privacy concerns and the subsequent behavior to provide (or conceal personal information in online trans- actions. Based on these theories, a large number of antecedent and. Consequence factors of privacy concern were studied in literature (49,74) malades: ybclumbiasc edu In spite of the broad applications of theories in online information privacy research, there has yet to be 2 study to review the theories and to provide an improved understanding, ofthe theoretical basis Of the area. This leaves a number of limitations in literature. First, ‘while the same kind of phenomena, i. the privacy-riven behavior, ‘was investigated through multiple theres, the theories address the issue from different perspectives with varied emphases: some focus ‘on organizational factors that influence an individual's privacy per- ceptions, such as the procedural fairness cheory and the social pres- ence theory [20,6088], while others focus on individuals’ internal responses to the extemal factors, such as the protection motivation theory [17.8]. Such distinct emphases in theories suggest that appl- cations of multiple theories in a study may help co produce more fruitful results in understanding the phenomena, calling fora thearet- ical review, comparison, and integration (59) Second, while the theories address privacy issues from different perspectives, there are connections among the theories that need to be recognized. For example, the privacy calculus theory is a common approach to analyzing individuals’ information disclose behav suggesting that an individual's intention to disclose information is based on the comparison of expected benefits and perceived risks in a given context [20,22.24,82] Although the specific benefit and risk factors differ across studies, depending on other theories applied, the general findings support the central role of the privacy calculus 74). Recognizing such 2 connection between theories is helpfa in fortfying the theoretical basis of ths area, which iseritical for studies that draw upon multiple theories ‘Third, facets of theories that have not receive full attention in it ure should be recognized and strengthened in further research, mn ¥ 1 econ Sapo ystems 4 (2012) 471-481 Scholar operationalize certain aspects of the theories to fit their re~ search objectives For example, the theory of reasoned action (TRA) 4 suggests that a person's behavioral intention is influenced by ‘two antecedent factors: attitude and subjective norm. The privacy lit erature adopting this theoty has analyzed either attitude [837,71] or subjective norm [21] but not both, and some examined none of them, 24,41,42.53,54, By recognizing the under-investgated areas of theo ries in literature, it is possible to conduct research for improved To address the above limitations, this stuéy reviews fikeen established theories in online information privacy research and de= velops an integrated theoretical framework for future research. The study has three potential contribution. Fist, it provides a compre= hensive view of the theoretical basi ofthis area. Although several e- View studies were conducted in this area [14,4959,74], none has focused on the underlying theories in research. The cufrent study therefore fils the gap in literature. Second, the integrated framework provides a bass for further research by summarizing achievements ‘made in this area and highlighting new research opportunities, a dis cussed in Section 5. Third, a new trade-off in information disclosure decisions ~ the risk calculus ~ is derived from the protection motiva- tion theory (66], which refers to the trade-off between perceived risks and the efficacy of coping with the risks. The risk calculus and the well-known privacy calculus [74] constitute the dual-calculus ‘model, which determines the intentions of individuals to disclose in- formation online. This model has potential values for sesearch and The rest of the article is organized as follows. Section 2 describes the research method. Section 3 presents the review. The integrated, framework is proposed in Section 4, where the relationships among. the theories are explained, Finally in Section 5, limitations of the study and implications for research and practice are discussed, 2. Research method This study follows the common approach of literature review '47.69| Based on the research objectives specitied above, the fist sep #8 to select and filter theories from the literature. While many theories and frameworks were applied to study online information privacy it goes beyond the scope ofthis study to review them al. n= stead, the study focuses on established theories that have been em- Pirically tested at the individual level. Fist, only established theories are selected, and references (such as research models and frameworks) that didnot reach the status of a theory [78] are exclud- 4, Here a theory refers tote statement ofthe relationship between, vatiables or constructs [10], and established theories are those that contain specifi sets of variables or constructs i certain relationships that are consistently studied acros literature. A key indicator of such theory is its commonly cited name, such as TRA [4]. Ths criterion fensures that the review recognizes a robust theoretical basis of this Second, only theories that have been studied at the individual level are selected. While prior studies show that privacy concern is 2 multilevel construct ranging from individual concern to societal, concer [14,74), the majority ofthe information privacy Iiterature is ‘based on the individual level [5] Although the other levels of privacy concern have potential impacts on individual concern, the develop- ‘ment of a eross-level theoretical framework is beyond the scope of the study. Therefore, privacy-related theories that are not atthe indi vial level, such asthe institutional theory and the resource-based view (34), are excluded, Finally, the study includes theories that have been empirically tested in online information privacy Itrature inorder to develop a framework with empirical evidences. Theories that were not empiti- cally tested in privacy literature are excluded, These three criteria are sed to select atices from literature; potential limitations of these criteria are discussed in Section 5. ‘The search process focuses on articles published since 1996 wien. Smith et al. [73] developed a popular scale to measure information privacy concerns. Via a search in online research databases includ SCO and ScienceDirect, over eighty empirical studies were rec nized, based on which fifteen established theories were selected ‘Table | lists the theories with brief descriptions and exemplary arti- cles, The review of the theories, along with definitions of key con- structs, is presented inthe next section, 53, Review ofthe theories The fifteen theories interpret online information privacy fom differ ent but interrelated perspectives. Fig. provides a map forthe review, Which categorizes the Uneares based on the origin, the behavioral con- Sequences, and the influential factors of privacy concern. Two theories that explain the origin of privacy concern are introduced first; they are the agency theory [16,30] and the social contract theory [28.55 Both suggest that uncertaimties, such as privacy concerns, exis in online transactions die to incomplete information of online merchants’ oppor- tunistic behavior regarding customer information. Because of he priva- cy concerns, customers are hesitant to disclose information online. The relationship between privacy concern and information disclosure is fu- {her specified in the theory of reasoned action (TRA) [4] and the theory of planned behavior (TPB) [1 Privacy concern isnot the only factor that influences information disclosure; other factors, such as perceived benefits, also have an im- pact. To study the joint effect (or trade-off) of the opposing factors on the behavior, the privacy calculus theory [46] i discussed, including three various forms: the utility maximization theory [9], the expec- tancy theory of motivation [77:80], and the expectancy-value theory [1.2], These theories are introduced in sequence Finally theories that study the influential factors of privacy con- etm are reviewed, These include theories that explain the insttution- al factors (including the procedural fairness theory [20:52.77], the Social presence theory [65,72], and the social response theory [5781)) and theories that explain the individual factors (including the protection motivation theory (32,65, the information boundary theory (6,62), the social cognitive theory [1112] and the personality theories), 3.1. Agency theory ‘The agency theory, as shown in Table 1, outlines the transactional relationship (called agency relationship) between a principal and an agent, who are both self-interested parties [16,30]. It suggests that 2 information regarding the behavior of the agent is often incom- plete and asymmetric the principal is unable to fully monitor the agent's behavior before and after the transactions, which gives the agent the opportunity to serve selfinterests instead of those of the principal. To reduce the cost caused by opportunistic behaviors of the agent, the principal needs co incur addtional monitoring cost. ‘The sum of opportunity cost and monitoring cost is known as agency cos, and the theory proposes economic and social mechanisms to re- duce agency cost, such as making effective contracts [16,30] Inonline transactions, as the consumer (ie, the prineipal) provides personal information to the merchant (Le, the agent) for goods and ser- agency relationship is in effect. As both are sel-interested parties and information asymmetry favors the online merchant who collees and uses customer information during ané after the transac~ ‘ions, uncertainties such as privacy risks exist regarding the information use, Therefore, the consumer needs to decide wheter to provide infor- ‘mation to participate in the transactions and iso, how the potential risks can be mitigated. On the other hang, laws and regulation (such as the Fair Information Practice of FIP) help to transfer some of the ¥. 1 Becton Sapo ystems 4 (2012) 471-481 a” ‘able Ssmmay af theres apie in olin informton pracy each Theis let description Bamps Tic Ageny Tisha was dewlopd tars the pcipaagen pile inthe ails ta ate ander ondiansot [505] ‘eary nce and async norton Wea psn! suchas a atm) lesan agen (Suh as a Wea) 11530} te pusue the prineparsinterests case of sich prestem ithe opportunist Benavie f he agen to manmae Selineests To ede te ageey cor, various mechani cou eed he eres ee agent wth those fhe pcp such ming een conc 32 sucal Tis hoy, neem of busines tarsactns, suggest that members, persons and organizations) ofa en [7.15203135505455588287] onwact__ community or neusty Behave fay ee rates ae governed by soil contracts Asc canta inated theory when acinar (ee, ental understood lations are expected to zover the Sevan of hes sve, (255) pe the socal cones must be rounded in none conent Dates by igh of ea Theory Developed fam the expectancy theory (27) RA suggests tht a persons voina behaviors termined @1,21-24:37414245535470.7.89), ‘of reazoned_ by he persons ben iterton to perorm ta behav ane ener intention int determine se ‘Eton (TRA) perso atzude toward the behave ed aabetve ser, ‘a ‘Thecryof TPB Was develope fom TRA sugresing that in ation to attude and subjective norma persons perceived ‘isnoed behavioral ant! (F8C) sha iniencsbebviral neton PAC a3 et impact on bear wel 8) 1) 3 Privacy Tis hon sugges that nine ntenton eens informations based on a clei beavionn_—_[032.242627 383650839), Seaty leu the rstene ata where he Wades betwen expecle Ss abd expeded bebe te ot [55577] sieve wit a specie informatonasclesure comet 35. Utiy Tis theory suggests tht ensumer behavior guide award the maint oft ay otal stisation 613243583), Tuarmibaton recta tom cnsuning# gods or servic Te tal uty ia hnctonencmpasig ape of he pods or ‘eon [58] Serie hare evan portant tothe consumer ad an otal eels pursued y the conse ners of privacy, the tity frson enormaly eed privacy eles, ‘36 txpecancy ‘Te theory ages that the vation lars bhavo teri by the desi of the outcome depts [2435] ‘ear ofthe cove pees of now abindigual processes diferent neatoal mens thre sages expecaney rotation that ean efor wil ad fhe ited performance he isertalty ohspecormane ohne 2 [780] eran rest a the desta (cle valence of hs ens for he nce The te apes together ‘termine the deskabity abd meta or behave 3. sooo asthe exgetancyvaue model of atte, tis theory was proposed to explain a persons aude [89321-24374 2.45.53.54.90789) Expectancy toward an ser or ston sgt a ade arts spontaneasy and ie 9 person forms eb Value about he bjectaction Tach ble soit he bel acton with acetal true (sch the ss assoted (heory ——witban acu) an a petsons veal atte oward the objeaion i dtered by he subjective values of (2) theattrutes imineraction wit the sera ofthe astovtions Although people can for many een bl out an objec aan only bebe a ae really sce in merry nuence ste ty ven mom. 3.6 rocetual Abo kw 8 procera justice thea suggests hat proce ness seve sa teamed to [2031.83.84] ‘ess Buld est when agents (eg, websts) execs coneabe cleat power on bea of astomers who canet ‘heory seco onsain the behav. To mitigate customer cancers and to eee jsice in such stations te [205277] proce ty which decisis are made or ations are aan bythe ages shld be anparet othe ese. ‘28/socal The tery. developed to stdycompucer-medated conumantaton, cise diferent commusication meta (5607289 Presence along one-dimensional onium of soa presence, defined asthe degree of avarees the oer person Theory Sommuiestin inferaton It geese at commaication elec he eammsestn mein has he 3 16272] prot ell reco ogre fo the lve! fearon volver fe. sing or hearing each athe) Fequled ora ust. 310.Sucial__ Tis theory sugges that a person wl engage in sele-slosure of persona information he or she isthe ecient 7203339485389] Ss” ec eden he sun ate scout mn mo 3.1, Protection PMT was developed to expan the ees of fear appeal on ea aude ane behav sugpst that an_ 172240888788), ‘motwallon nghaduss inten to pots hin or heel om penal tres depees on feu ates (1) he pred Uheary Seve ofa tearing vet, (2) the perce probably af the ecutence a th eve (3) the fee fe (PT) recommenced prevent beavis tha an nna expects to cary out and (8) telnet pected 2y [5250] auch at wiefeny) to unde he eeommeneee preven bei an ‘Aso known as cansmuniaton boundary agement thay preset Boundary eoncinaion process though 18385786) Infrmaton which person manaescommunieationsn balancing a ned fr dscosure with the need pracy SURES brundiry that inehnesals vray rea form vite nfermation paces with cls eine bounds rind Theory” thenpetes. These information houndae st euted strategy scoring to deco res kh 3 (822) csebenticato and context individu seo ue expecatons or ntraction The boundaries ay be loosely trig contol depending onthe degree of is asocated wit the information prvi. 3:13.Sacial__Devlopee om sci! sing theory. theory posts tat potions tan india weed acgison an [17228587] theory” lneaces In shrt people eat cough serving and expecencng Ake component oe lear of Cane TL12] process is seleaticcy, representing a ersons bein she om competence in compleang ask aia ‘These heres een tat various personsy tas, sue the Bg Five (ie, openers conseanaurness, (13404473) Personaliy exravesionagteablenes and emotional stub) personales, ifloece a pesos conve processes an the ‘hears Conespndag bears eo) agency cost to the merchant by requiring them to apply interventions to 3.2, Social contract theory alleviate customers privacy concerns, including the use of privacy pol. lcies and third party assurance [20,31,43,60;51| These institutional fac- ‘The social contract theory [28.55] provides another vehicle for {ors are analyzed in additional theories reviewed later. pinpointing the origin of customers’ privacy concems [36.54]. It ¥ 1 econ Sapo systems 4 (2012) 471-481 3.4 Privacy calcul theory: 3.5 Uilty maximization theory + So Expectancy theory of motivation #37 Bxpectaney-value theory Agency theory 5.2 Socal con theory “flush factors ehaviorat [3.3 Tueary of reasoned section (TRA) and theory anne behavior (TPB) contequences etttonal factors 138 Procedural fairese theory 4.9 Socal pesence theory 3.10 Social respons theory Individual factors 5.11 Protection motivation theory 5.12 Information boundary theory 3.13 Social cognitive theory 5.14 Personality theones Fig 1.A map ore review ‘suggests thatthe provision of personal information to an online mer= chant involves not only an economic exchange (i, purchasing goods and service) but also a social exchange (ie, establishing relation shps) so thatthe social contract, defined as the commonly under stood obligations or social norms for the partes involve, is critical to the prevention of the merchant's opportunistic behavior to misuse customer information. As Hoffman etal. [35] point out, consumers ‘cannot complete online transactions anonymously, so that they seek to engage in social exchange that involves both an economic contract and a social contract to reduce potential risks. If customers are con- ‘emed thatthe website may not honor its socal contract to protect customer information, they may choose not to engage in the ex change relationship [20] The socal contrac theory also implies thatin adltion to holding the social contract. a fi's collection of customer information is perceived {air or justifiable only when the customers granted contol (such asin formed consent and the right of exit) over the information and is in formed about the firs intended use ofthe information [54 Several ‘institutional actors such as procedural justice and completeness of prt vacy policies are important antecedents of social contract and informa tion control [7,20,31,50), and other motivational factors related 10 individuals and third. parties are also recognizeé. in literature 58,8287), These influential factors as Fig. 1 shows are studied via fur- ‘her theories Despite their insight into the origin of information privacy concer, neither the agency theory nor the socal contrat theory provided read ‘ly applicable frameworks fr empirical research. Scholars adopted the theories in diferent ways: to develop measurement scales forthe piva- ceyconcern construct [54 fo propose conceptual frameworks ofthe im- portance of FP [20], and to develop hypotheses of the relationship between privacy invasion and privacy cancer [13]. For empirical test ofthe privacy behavior, adltonal theories such as TRA and TPB ae ap- plied to examine the antecedents and consequences of information pri vey concer, discussed next 33. Theory of reasoned action (TRA) and theory of planned behavior (7?8) AAs described in Table 1, TRA posits that a person's volitional be- havior (such as information disclosure) is driven by the intention, for that behavior, and intention is determined by attitude and subjec- tive norm [4]. Attu refers to a person’ averal assessment of the behavior, whic is influenced by the persons beliefs ofthe behavioral outcomes and evaluations (such as the lkelIhood of occurtence and severity) of the outcomes. Subjective norm stands forthe person's pes- ception of social normative pressures or relevant others’ beliefs that he or she should or should not perform an action. TPB was developed from RA, suggesting that aperson’s volitional behavior depends jointly ‘on motivation (te, intention) and ability (4, perceived behavioral con- trol of PAC), and motivation is then determines by attitude, subjective norm and PBC 1), PC refers toa person's perceived controllability of behavior based on past experience (such as privacy protection and in- ‘vasion) and the anticipated abilities to cary out the behavior. The the- ony further suggests that attitude, subjective otm and PBC are each the surnmative index ofthe strengths of some salient beliefs multiplied by the subjective evaluations of the beliefs. For example, attitude toward information disclosure is determined by perceived benefits and per- ceived risks ofthe disclosure behavior, whereas the relative strengths ofthe two beliefs ina given context determine the person's overall att- tude within tha context. Both TRA and TPB have been applied to study privacy-related ati- tudes and behavior, such as attitude toward e-banking [37), attitude toward firewall use [45], the attitude toward social network service [71] The studies confirmed the impact of privacy concer on privacy 2xticude, which then impacts privacy inteation and behavior. Only one study [21] examined the impact of privacy-related subjective ‘norm on intention. Another study [22] examined the impact of PBC on privacy concerns, although the effect of PBC on behavioral inten- tion was not tested, None of the studies, however, examined all three antecedents of behavioral intention in the same privacy con- text, Although a study by Diney and Hu [25] tested the impacts of the three antecedents in the privacy domain, a privacy construct ‘was not included inthe study limiting its input to the curren review, Other sts that drew upon TRA or TPR examined the direct impact of privacy belie (ie. privacy concer or privacy perception) on behavioral Intention [21,23,37,70|, andthe mediating roles of trust and rsk beliefs between the two were als tested [1941.42.53 54]. In sum, studies built upon TRA and TPB focus on the bete-inten- tion-behavior link [89] and the Antecedents» Privacy Concerns -» Outcomes (APCO) model [74], emphasizing the direct impact of ¥. 1 Besson Supore ystems 4 (2012) 471-481 a Tos tha ae pany once and courage Information dion = Pectin ule (242557) 5 computer ans (75 Previous experience wth privacy mason 13 7 Peon sucha pei awareness [21 cnssientonnes openness to experience 0) ymca srs paras, 3h Socal eis (7) and pteotogal ned for privacy ~ Webse reputation (7.29) Vena inerenian ach ag privacy oles (7 ‘wee normaeess snd i presence [0 seteticay [es ane conzolabity 3) Feronaiies in a resent privacy beliefs on intention. Other antecedents such as subjective ‘notm and PBC are less [requently analyzed, Although empirical stud ies provided almost unanimous support of the direct impact of priva- cy belief on intention [49 the other ewo predictors, subjective norm, and PBC, should not be ignored. ‘As other personal beliefs co-exist with privacy concerns and some ofthe beliefs may favor the disclosure of personal information, such as expected benefits (9,35, it raises the question of how individuals ‘compare the multiple beliefs and make a trade-off in attitude forma- tion, To address ths issue, the famous privacy calculus theory is applied 34, Privacy callus theory Privay caleulus isa common approach to studying the joint effect of ‘opposing forces on privacy perception and behavior (20,27.45,55,7,83 The theory suggests that a person's intention to cisclose personal infor ‘mation is base ona calculus of behavior (ie, privacy calcul) in which potentially competing factors are weighed in light of possible outcomes [27], Specifically, consumers perform te rsk-beneft analysis in the ps vacy calculus and decide whether to disclose information based on the ‘et outcomes [83] ‘Many risk and benefit factors that influence the privacy calculus and ‘intention to disclose information have been studied in literature Table 2 lists some examples. The table shows that privacy caleulus is a complex psychological process involving multiple considerations, suggesting that iis important to gain deeper understanding ofthese fa tors based on additional theories. In fc, scholars adopting the privacy Calculus theory als incorporated other theories to develop the trade-off functions. including the utility maximization theory, the expectancy the- ‘ory of motivation, and the expectancy-value theory. These theories from diferent perspectives incerpret how the privacy calculus is operated. 35, Utility maximization theory The wily maximization theory isthe variation of economic exchange {theories inthe social exchange domain. The tenet ofthe theory isto max- Imize the total uty or satisfaction by a person. In tesns of information| privacy, it depicts che ulity function of information disclosure asthe dif ference between expected benefits (suchas monetary incentive and per sonalized service) and expected costs (such as consumer privacy concerns and risks) [9.85], and suggests an optimal or equilibrium point between the two, which determines the amount of information the per- son s willing t disclose (53), In further behavioral research, however, the focus of the utility functions is no longer the search for equilibrium or optimal solutions but the test of the associations between predictors and criteria vati- ables. For example, Awad and Krishnan [9| developed the utility function with two opposing predictors of behavior: perceived benef of personalization, and perceived cost (including privacy concern and other risks). Instead of finding equilibrium, they tested the associa- tion between privacy concern and consumers’ perceived importance of information transparency (ie, the dependent variable), show that privacy concern has a positive impact on the dependent variable. Similarly, Bansal etal. [13] applied the utility function to show that health information privacy concern has a negative impact on inten- tions to disclose health information, Hann etal. [35] built the utility function to show thatthe stimulus of providing personal information isthe function of expected benefits and privacy concerns, and Xu etal. [85] used the utility function to address personalization benefits and privacy concerns in mobile commerce. Other studies implicitly applied the utility functions with varied combinations of cost and benefit factors (24,83), Similar to the above studies, these have examined and confirmed the direct impact ofthe perceived benefits and costs (including privacy concerns) on consumers willingness to dislase information. 236, Expectancy theory of motivation ‘This theory, as described in Table 1, depicts that behavioral motiva- tion s the function of tree distinct perceptions (Le, expectancy, instru mentality, and valence) of the relationship between three distinct evens (Le, effort, performance, and outcomes) [77:80], According to the theory, expectancy is a probability assessment that reflects the individual’ belie that a given level of effort wil result in a given level of performance, instrumentality refers to the subjective assessment that a given performance level will lead to certain outcomes, and va- lence refers tothe value that an individual places on a given outcome [35], The theory suggests that behavior or behavioral intention is driven by the three perceptions regarding the process ané outcomes of the behavior. Hann etal [35] used the theory to develop a utility function to study Individuals intention to register a a financial website to trade stocks. A Potential limitation of the study is that bath effort and performance fac- {ors are fixed variables in the model, while the outcomes, inluding the registration benefits and privacy concerns, are allowed to vary. ue to the complex structure of the theory, other studies adopting the theory also have used certainty aspects, such asthe expectancy [24 37, Expectancy-value theory ‘Tostudy the trade-offs between multiple beliefs and thelr impact on privacy behavior, most studies adopted the expectancy-value theory [1.2} whichis the bass TRA and TPB. As shown in Table 1 this theory depicts that behavioral attitude develops from the beliefs people hold about the behavior in question, and each belie links the behavior to a Certain outcome. Accordingly, people learn to favor behaviors that are believed to have largely desirable outcomes and frm unfavorable at- tudes toward behaviors that are associated with mostly undesirable ‘outcomes. This theory clearly supports the studies that test the direct impact of various personal beliefs, including privacy perceptions, on in- tentions to disclose information, Most of the factors shown in Table 2 Were analyzed from this theoretical perspective. and the dominant be lef-intention-behavior link and the APCO model mentioned above are also built on the theory. In sum, the privacy calculus theory, especially the supportive expectancy-value theory, provides a common approach to analyz the impact of personal beliefs on intention to disclose information. ‘While the specific personal beliefs differ across studies, they com= ‘monly refer to the benefit and risk atributes of the behavior. From a website's point of view, strengthening consumers’ benefit beliefs ane reducing their risk beliefs such as privacy concerns would help to achieve expected motivating effects. Three theories thatillustrate the impacts of institutional factors are discussed next. a6 ¥ 1 econ Sapo ystems 4 (2012) 471-481 3.8, Procedural fairness theory ‘An approach for online firms to reduce customers’ privacy con- cerns isto employ procedural falmess [77], Procedural fairness, also know: as procedural justice, refers to the perception by the individ uals that a particular activity in which they area participant is eon- ducted fairly (52| In terms of information disclosure, this theory suggests that customers are wiling to dselose personal information {and have that information subsequently used by a firm when "there are fair procedures in place to protect individual privacy" (20), and such fair procedures include organizational activities that fulfil the principles of FIP, such as the privacy statements that inform cus {omers how their information is used by the frm. The theory further suggests that even ia situations where the potential outcomes are not favorable co the customers, they are less likely to feel dissatisfied if they believe that the underiying procedures ae fair [20,51] Procedural fairness can be enforced through government regula- tions (such as FP and the recently passed Consumer Privacy Bill of Rights by the United States government), industry self-regulations 83), organizational privacy policies, and other interventions (31,84) Particularly, privacy interventions are important for customers to evaluate the trustworthiness ofa particular online firm in decking, ‘what information to disclose to that frm. 3.9, Social presence theory Another approach for online firms to reduce customers’ privacy concerns is to increase the social presence of the website. Social presence refers to the measure of the awareness of other persons in the communication interaction, and the theory suggests that for a given task, the level of social presence should math the level of interpersonal involvement needed for the task [65,72], For example, video-conferencing has a higher level of social pres- tence than etnaling, which allows two persons to see and hear each other, and is suitable for intimate information exchange be- tween acquaintances, In terms of communications on the websites, the theory suggests that the resemblance between the online environment and the physieal inter= action with a rea agent wouid create a sense of social presence and ‘makes the website a trustworthy social actor, wiich would help to mit {ate privacy concerns [39), The empirical stcies found supporto tis = Iationship (6089). The implication is that e-commerce websites may apply multiple techniques to enhance their socal presence so as to en ‘courage information disciosure by uses, such as using rich media (eg. Videos) co announce privacy policies instead of using the text version of privacy statements [5 kn another study [72], however, social presence hha no significant impact on privacy, suggesting that further research is, ‘needed to expand knowledge inthis area. 3.10. Social response theory Social response theory suggests that a person will engage in self-disclosure of personal information in response to a similar dis closure from another person or organization [57,81]. During the pro- ‘ess, a social exchange relationship (called reciprocal relationship) is, established between the two upon the norm of reciprocity, defined as the tendency forthe recipient to match the level of intimacy he/she discloses with the level of intimacy he/she receives [48] For example, ‘fa person receives private information from anther person, the norm of reciprocity would suggest the person to disclose similar information to the other person in order to maintain the exchange relationship. This norm-based self-disclosure behavior i evidenced in online envi- ronment [48], Scholars suggest that computers and websites are also social ac- tors in online communications, an¢ a customer’ interaction with the computers or websites has subsequent effects on future interactions ‘withthe same computers/websites 57). Anumber of organizational fac- tors such as privacy polices, rewards, company reputations and initial toust all have a potential impact on web-based self-sclosute [7.63 These factors imply tha a website may establish reciprocal relationships with customers in order to enhance voluntary information disclosure [89]. To tis end, the website may stat the interaction with customers by exchanging less intimate (or less sensitive) information and then build up tothe exchange of more intimate information, Meanvsile, im proving the social presence and socal contract (ie rust) ofthe website «an also encourage socal responses fom the customers. In ather studies, the impacts of procedural faimess [20] and communication mela [33] on social response are also examined, showing connections among the ‘theories, In sum, the thre theories - procedural faimess theory social pres- ence theory, and socal response theory - illustrate the impact of inst- tutional factors on customer’ privacy concerns, How effective these factors are, however, is affected by the cognitive process of the individ- uals. The next four theories explain individual responses to external factors 3.11, Protection motivation theory Protection motivation theory provides a conceptual framework to study individuals’ fear appeal and behavioral change [17.40.88 Itheo- rizes an individual's intention o protect fom potential threats based on four factors: (1) the perceived severity ofa threat, (2) the perceived probability ofthe threat, (3) the efficacy of the preventive behavior that an individual may carryout, and (4) the individual's perceived abi- ity (such as self-efficacy) to undertake the recommenced preventive behavior 32,65), These factors are further categorized into two aspects: threat appraisal (Factors 1 and 2) and coping appraisal (Factors 3 and 4), Generally speaking, a person's protective intention ishigh ifthe threatis severe and the probability is high, andthe person lacks the ability co take effective preventative action to reduce the risk; on the other hhand, the protective intention is low (Le, the person is willing to pro- vide information) i the threats erivial or highly unlikely, and the cop- ing mechanisms are effective. ‘Studies adopting this theory have analyzed some of the four fac- tors. For example, threat appraisal factors examined include inforra- tion privacy importance [17], perceived severity [88], and perceived ‘vulnerability (22.87.88), Coping appraisal factors examined include information privacy self-efficacy |17.87, response efficacy (83), per- ceived ability to contro (22|,and personality traits [40]. The empirical results generally support the theory. In addition. privacy risk and pri- vacy control are two direct antecedents of privacy concerns [84], pro- Viding further evidence ofthe theory in privacy research 2212, Information boundary theory As a person may develop different threat perceptions regarding the same personal information accessed by different orgenizations or entities (67), the information bounéary theory, also known as the ‘communication boundary management theory [62] or the primary territory theory [6]. applied to determine whether an information access is considered a potential risk The theory posits that each indi- ‘vidual forms an informational space (or territory) around him or her ‘with clearly defined boundaries, and such boundaries determine What information can be shared. Depending on the situational and personal factors, an altempt by 2n external entity to penetrate these boundaries may be deemed threat. “The internet changes information boundaries of ordinary people and causes privacy concerns due to ubiquitous access to information [18.38.84], Insticutional factors such as privacy polices, vendor-cus- tomer relationships and trust-bulding mechanisms have potential impacts on information boundary and self-disclosure [39], and so do personality tats such as disposition to value privacy [$4] and ¥. 1 Besson Sapo ystems 5 (2012) 471-481 information needs [48 In adlition, the provision of benefits also en- ables online firms to “erode” the information boundaries of customers ‘and relax the intrusion alert. These mechanisms are critical for firms tw elicit information from customers. 3.13, Social cognitive theory Both the protection motivation theory andthe information boundary theory emphasize the importance of individual abilities to cope with privacy risks, which is interpreted ince social cognitive theory [11.12] This theory, as described in Table 1, premises that per sonal factors inthe form of cognitive, affective and biological events ‘a5 well as behavioral and enviconmental events all operate as inter= ‘acting determinants ofa person's behavior. A key construct ofthe the ‘ory ssel-efcacy belie defined asa person's judgment of elf-capabiites| to organize and execute courses of action required to attain designated performance [11,12] Such a belief doesnot concern the actual sls a per on has, but the selEjalgment thatthe person is able to da the task with ‘whatever skills he or she possesses, Higher sel-ffcacy would determine more willingness to perform a task. Privacy selFeficacy, referring to a person's belief ofthe ability to eal with privacy risks, is found to have a negative impact on privacy concern [17,8687]. A similar construct, perceived abiity to control, also has @ negative impact on privacy concern [22], Research found thatthe tvo constructs are to some extent equivalent [3 3.14, Personality theories Personality theories (or trait theories) suggest that personality traits, referring to an indviduatS stable psychological attributes, ‘would have a potential impact on his/her privacy perception and be- havior. The association between personality and behaviors widely dis- cussed in behavioral research, and in terms of online information privacy, a large numberof personality traits has been studied, including cynical distrust, paranoia, and social enitcsm (73); social awareness [23h the Big Five personality traits (extaversion, agreeableness,consc- entiousness, neuroticism, and intellect (13.40.44); and psychological Aispostionto privacy [85]. Although not all ofthese traits exert signi icant impacts on privacy concern and privacy behavior, some have significant implications in privacy research, especially the privacy disposition [23] Compared to other factors studied from alternative theoretical perspectives, personality traits function as antecedents to all other personal beliefs. For example, a meta-analysis on protection motiva- tion theory (32) shows that personality variables are intrapersonal sources of information for the whole motivation process, 3.15. Summary of the review The above review illustrates the multiplicity of theories in privacy reseatch. From the review, the intertelationships among the theories are recognized and summarized as follows. Fits, the agency theory (Section 3.1) and the social contract theory (Section 3.2) provide a basis to understand the origin of privacy concerns and hep recognize Some coping mechanisms, Both suggest that to reduce privacy risks, the merchants and the customers should play their corresponding roles. For merchants, multiple interventions are needed to reduce customers’ privacy concerns and to build trust, including procedural faimess (Section 3.8). social presence (Section 3.8), and social con- tract (Section 3.10), For customers, they should balance the trade-offs between benefits and risks using the privacy caleulus (Section 3.4) and also enhance ther privacy sell-effcacy (Section 3.13) Both TRA and TPB (Section 33), especially the underlying expectancy-value theory, the belie-intention-behavior link, and the AFCO motel, provide a popular framework for empirical study, predicting a negative impact of privacy concern and a positive im- act of perceived benefit on intention to sclose information. The Drivacy calculus theory (Section 3.4) then helps to study te joint ef- fect of the opposing expectations or beliefs on intention, For privacy concern, the protection motivation theory (Section 3.11) ilkistrates its two underlying drivers: risk appraisal and coping mechanisms such as privacy self-efficacy (17). Additional theories, including the information boundary theory (Section 3.12) and the personality the- ries (Section 3.14), help to interpret these two individual drivers, fairness [Perceived benefits: : se = seu Social “Axtitude ‘response: Privacy calewlus toward Perceived Shee Tntention to =n cee , - = ae Peseonalies control [—*] sehavior Fig 2 An ated framework or enineiormation pay researc, a ¥. 1 ecston Supoe stems 4 (2012) 421-481 E-commerce websites may take multiple interventions to mitigate potential privacy risks, as explained in the corresponding theories. These institutional factors are interconnected: for example, procedure fairness helps to establish social contracts [31] and both social presence and social contracts (Le, rust) encourage the customers’ social r= ‘sponse and self-disclosure of persona information [89] Individual fa tors such as selefiacy beliefs also influence the corresponding risk appraisal and coping mechanisms [8]-The connections ameng the the- otis help to develop an integrated theoretical framework for further research, presented in the next section 4. Development of an integrated theoretical framework To strengthen the theoretical basis ofthis area and throw light on further researc, an integrated theoretical framework is proposed in Fig. 2. The framework adopts TPB as the basis to outline the relation ships between privacy antecedents, privacy belie, privacy-driven be- havioral intention and privacy behavior. Most of the relationships (cither postive or negative) between concepts/constructs are clearly specified in the corresponding literature, although some concepis, such as personality traits, may have varied effects depending on the particular personalities studied (49) Consistent with TPB, the framework suggests that information dis- closure behavior is positively inflenced by intention and ability, and intention is then positively influenced by attitude toward disclosure, subjective norm for disciosure, and PBC (including self-efficacy (3). ‘Atitude toward disclosure is developed from an overall assessment (ie. privacy caleulus) of various behavioral beliefs, including privacy concer and perceived benefit. Studies that adopt TPB (and TRA) have examined the influential factors of behavioral attitude via other theories: we particularly explain how these theories tin the TPH framework. First, the privacy caleulusfenetions as a summation of personal be- lies regarding the expected positive and negative outcomes of infor ‘mation éiselosure, No significant difference was found between the tty maximization theory, the expectancy theory of motivation, and te expectancy-value theory inthe ways they were operationalized in, privacy literature. Rather, these theories perform privacy calculus in ‘compatible ways, as exemplified by Hann etal. [35] and discussed by Diney and Hart [24 Of the various components of privacy calculus, convenience, per- sonalized service, fan and financial rewards, etc are all contribute to perceived benefits (9,3548,85), and factors that influence privacy concern include institutional factors (i.e, procedural fairness, social contract, social response, and social presence) and individual factors (ie, protection motivation, information boundary, self-efficacy, and personalities) Although some studies treated the institutional forces, as direct antecedents of individuals’ privacy concems, the above re- view shows that their impacts are mediated by the risk appraisal by Individuals based on their perceptions ofthe likelihood and severity Of the risks. Literature also shows that various institutional factors are targeted at reducing the risk perceptions by individuals [83] Meanwhile, individuals may apply coping mechanisms, such as self-efficacy [17.88] and perceived ability to control [22), to counter= balance the threats For example, a higher level of privacy selPeticacy ia ow tow Verysong Moderate low sigh Nederste Very weak Tieatre Coping Sk ——SPveced— Dependent fees) tats) : 2) pevacy presen bene purcuse on peoteion “ra webae sede [50] protection See!” ieuiness and diclose ele ‘money —lnration 2 (6t] anonjuty” computer avalule te af Proved by Setuy—Ssance bse ina publi Youn[87] Pavay Sel Vulnerabilty Information Concerns about cifcaeytaprvacydeclore | eomaeere would help to deal with privacy risks, thus reducing privacy concerns. ‘Therefore, consistent with the protection motivation theory ane! ind ings from te literature and the review, we suggest that the mechanism of protection-motivation mediates the impacts ofthe institutional and individual factors on privacy concern. ‘The mediating role of protection-motivation implies another im- portant decision by online customers: che risk calculus. I measures a person's perceived net risks (such as net privacy risks) in dealing ‘with online transactions based on threat appraisal and coping ap- praisal It is calculated as the difference between expected risks and expected coping effectiveness. The net risks igh l the privacy threat is unmatched by the coping mechanisms, and the net risk is low if the coping mechanisms overcomes the privacy threat, Consequently, a person who is more capable of protecting his or her online privacy ‘would be more willing fo perform high-risk transactions if necessary, and a person who has limited knowledge or ability to protect online privacy would be unwilling to participate in even the least-rsky transactions unless the stake is very high. Therefor, the privacy cal culus and the risk calculus together predict a person’ intention to provide information in online transactions, and we all the individual decision process that employs both trade-offs the dual-caleulus model Based on the three components of the dual-caleulus model, we propose a decision table to predict a person's intention to diselasein- formation online, as shown in Table 3, To be simple, we categorize teach component in two levels: high or low. The combinations of these levels of factors produce eight scenarios or outcomes of the dualcalculus model, with intentions to disclose information ranging. from very weak to very strong. The condition of very weak intention. ta disclose information is characterized by low perceived benefits, low coping appraisal, and high risk appraisal, and the condition of very strong intention to diselose information is characterized by high perceived benefits, high coping appraisal, and low risk appraisal ‘Ast goes beyond the scape of this study to conduct empirical r- search to test the dual-aleultts model, we use existing literature til lustrate the three decision factors and the corresponding outcomes, as shown in Table 4 The table shows that although the specific dec- Sion factors differ across studies, the three components of the ddual-calculus model all play significant roles inthe process. ¥. 1 essen Sapo ystems 4 (2012) 471-481 a In adcition, potential relationships exist among the institutional factors, such as the impact of procedural faimess on social contract 20}, and the impact of social contract and social presence on social esponse [89], These relationships are well documented in literature. The impact of personality traits on information boundary i also stud- Jed [13] Finally, both selF-efficacy and perceived ability to control are ‘components of PBC (3), suggesting a direct impact of PBC on protec tion motivation. These additional relationships ae illustrated in Fig 2. 5, Discussion and concluding remarks In this study, fifteen established theories in online information pri- vacy research are reviewed for an understanding of the theoretical basis ofthis area. The review highlights the distinctions as well as in- terconnections among the theories. Based on the review, an integrat- ced theoretical framework is developed to consolidate the theories for better understanding ofthe antecedents and consequences of priva ‘y concer, Two interrelated trade-off in privacy decision are highligh ed in the dual-cleulus model; they are the privacy calcul andthe risk calculus. A decision able based on the dual-calculus modelis further pro- posed to predict individual's intentions to disclose information online. The study fils the gap in extant literature by providing a comprenensive review and integration of theories in this area, which may have potential values for research and practice. nthe next sections, the limitations ofthe study are first recognized, and its implications for research and practice are then discussed. 5.1 Limitations ofthe study This study has a number of limitations. Firs, itis restricted to established theories that have been empirically tested in literature, ‘which overlooks other valuable references. Recent review studies fe ‘ognized zdltional theoretical basis inthis area that helps to analyze explain and predict privacy behavior [14,74], As these references ¢o not satisty the search criteria specified in this study, they are excluded from the current review. which may limit the scope of the study. AS empirical studies on online information privacy develop, addtional theories could be incorporated into the current framework. Second, the study only addresses privacy at the individual level while theories that analyze privacy at other levels, such as the organi zational level and the societal level, are not considered. As all these levels of privacy are interrelated, a cross-evel theoretical framework ‘would help to present a more comprehensive view of privacy at the fundamental, individual level, for which Belanger and Crossier [14] provide a preliminary conceptual framework. Further research is needed to adress this imitation by incorporating theoties at other Jevels into an integrated, multi-level framework The thitd limitation ofthe study is that when addressing uncer- {ainties in online transections (Le, the dual-ealculus model), the sole emphasis is on privacy risks, Other risk factors, such as security concerns, were also recognized in literature [6], which may have fan impact on risk appraisal and the dual-calewlus process of con Sumers. Integrating these vatious risk factors woule provide a better ‘understanding of individuals’ online information behavior. Further research is needed to incorporate these additional factors in a broader research framework 5.2. Implications of the study ‘This study has implications for future research and practice. For re= search i recognizes multiple theories in this area that all address priva- cy behavior, suggesting that future research should apply multiple theories inorder to gain a better understanding ofthe behavior, The in tegrated tneoretial framework for example, provides a starting point for pinpointing theoties for research. Importantly, the study recognizes the dual-calulus process in pri= ‘vacy decisions, It shows that both the privacy calculus and the risk Calculus are necessary to interpret the cognitive process of individuals to gauge the privacy risk levels and to decide the corresponding be- havior. The decision table (Table 3) based on the dual-calculus model helps researchers to recognize relevant factors for research It suggests tha studies analyzing the trade-offs in privacy behavior should employ at east one benefit variable (such as perceived benefit), one privacy isk ‘variable (such as conceens fo information privacy), and one coping var- lable such as privacy self-efficacy and controllability) na research con- text This would help to better capture the behavioral intentions of individuals, In addition to recognizing the existing theoretical basis, the study also highlights several undet-investigated areas that need to be fur- ther explored First, subjective norm has not received sufficient atten- tion in privacy literature. The study suggests ro include this factor in further research, especially in studies on the use of social network sites [71] where peer pressure is expected to havea significant impact ‘on individual information disclosure behavior. For example, a person ‘wha wants to make friends ona social networking site should ist re lease some personal information, such as personal interests and hobbies, whch is expected by the existing members of the site. Sec- ‘ond, risk coping mechanisms have not been analyzed adequately. Studies on coping mechanisms have largely relied on set-perceptions such as privacy seleficay, but the measure of actual abilities is sel dom reported. which shouldbe investigated in future research, Finally, future research should be conducted to recognize or design addtional benefits for consumers, as studies show that under certain circum= stances people would easily forget privacy concernsin exchange of ben- ‘fits [15] This suggests that more theories ate needed to clearly identify inline customers’ benefit expectations and enable effective design of the benefits. ‘The study also has implications for practice. It shows that multiple Interventions are necessary for online firms to mitigate customers! privacy concerns. These include procedural faimess through FP and privacy polices, social presence through better design of communica- tion channels, socal response through relationship building, and so- cial contract through trust building. These interventions are also interrelated and mutually enhancing. through which customers’ pr- vaey concerns can be effectively mitigated. Therefore, online firms should invest in these interventions fo aédress customers’ privacy For customers, the study shows the importance of information boundary management and the corresponding coping mechanisms, as both are important antecedents tothe dual-calculus process. Espe- dally in countries without omnibus protection of personal informa- tion, individuals’ self-protective behaviors have important impacts tn their privacy. Therefore helping people to develop adequate cop- ilties to deal with privacy concerns would have significant im- pacis on the internet-based society. With regard to this, self-efficacy And prior experience of individuals would provide some preliminary ‘ues [20}, although knowledge in this area should be deepened. In conclusion, while studies on online information privacy have been conducted for over a decade, there are still numerous uncharted ateas tobe explored, This study provides a springhoard to futher the- retical endeavors inthis area, References (8 Late tp ts pt ever na Deon (Ae Ne an opti of tie, Aa Reon toe 52 (2) (3) Aen Poetived tara conto sletacy, cu of contol a th the 9, pine ber, oul 0 pple Sot Peay 32 (202) fo] Ae, bein, Understanding Actus ané editing Soc Behavior, Peace Hal Enewoed

    You might also like