Management Information Systems Research Center, University of Minnesota

Information Privacy: Measuring Individuals' Concerns about Organizational Practices
Author(s): H. Jeff Smith, Sandra J. Milberg and Sandra J. Burke

Source: MIS Quarterly, Vol. 20, No. 2 (Jun., 1996), pp. 167-196
Published by: Management Information Systems Research Center, University of Minnesota
Stable URL: http://www.jstor.org/stable/249477 .
Accessed: 09/05/2014 16:34
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .
http://www.jstor.org/page/info/about/policies/terms.jsp
.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of
content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms
of scholarship. For more information about JSTOR, please contact support@jstor.org.
Management Information Systems Research Center, University of Minnesota is collaborating with JSTOR to
digitize, preserve and extend access to MIS Quarterly.
http://www.jstor.org
This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

All use subject to JSTOR Terms and Conditions
Information
PrivacyInstrument
tionage. Publicopinionpolls show risinglevels

Information Privacy: of concer about privacy among Americans.
Against this backdrop, research into issues
Measuring associated withinformationprivacyis increas-
Individuals' Concerns ing. Based on a numberof preliminarystudies,
it has become apparent that organizational
About Organizational practices, individuals' perceptions of these
practices, and societal responses are inextri-
Practices1 cably linkedin many ways. Theoriesregarding
these relationships are slowly emerging.
Unfortunately, researchers attempting to
examine such relationshipsthroughconfirma-
toryempiricalapproaches may be impeded by
By: H. Jeff Smith the lack of validatedinstrumentsfor measuring
Georgetown School of Business individuals' concerns about organizational
Georgetown University informationprivacypractices.
Old North Hall
Washington, D.C. 20057 To enable futurestudies in the informationpri-
U.S.A. vacy research stream, we developed and vali-
dated an instrumentthat identifies and mea-
jsmith@guvax.georgetown.edu
sures the primarydimensions of individuals'
concers about organizationalinformationpri-
vacy practices. The development process
included examinations of privacy literature;
Sandra J. Milberg
experience surveys and focus groups; and the
Georgetown School of Business use of expertjudges. The result was a parsi-
Georgetown University monious 15-item instrument with four sub-
Old North Hall scales tapping into dimensions of individuals'
Washington, D.C. 20057 concerns about organizationalinformationpri-
U.S.A.
vacy practices. The instrumentwas rigorously
milbergs @gunet.georgetown.edu tested and validatedacross several heteroge-
nous populations, providinga high degree of
confidence in the scales' validity, reliability,
and generalizability.
Sandra J. Burke
Georgetown School of Business
Georgetown University Keywords: Privacy, LISREL,ethical issues,
Old North Hall measures, reliability,validity
Washington, D.C. 20057 ISRL Categories: A10401, A10402, A10403,
U.S.A. A10611,BD0104.01, BD0105
burkes@gunet.georgetown.edu
It is inevitablethat personalprivacywillbe
one of the most significant pressure
points...formost of the 1990s. Advancing
Abstract technology,depersonalization of the work-
placeandothersocialenvironments, a grow-
Informationprivacyhas been called one of the can be expectedto create
ing population...all
most importantethical issues of the informa- a greaterpersonalneedfora sense of space
anddignity(Erwin Chemerinsky,as quotedin
1 AlienLee was the acceptingseniorforthis paper. Smith,1994).
1996 167
MISQuarterly/June

Information
PrivacyInstrument
Informationprivacy-"the abilityof the individ- Culnan (1993) tested an exploratory model

ual to personally control information about that explains consumer attitudestowardsome
one's self" (Stone, et al., 1983)-has been direct marketingpractices, and Smith (1994)
called one of the most important "ethical developed a model that explains corporate
issues of the informationage" (Mason, 1986; approaches to informationprivacy policymak-
Smith, 1994). Public opinion polls show ing. Overall, however, the theoretical base is
increasing levels of concern about privacy still quite fragmented,and few empiricaltests
among Americans(Equifax,1990; 1991; 1992; of these relationshipshave been conducted.
1993; Katz and Tassone, 1990). For example,
one survey indicates that 79 percent of Unfortunately, researchersattemptingto exam-
Americansare concerned about threatsto per- ine such relationships through confirmatory
sonal privacy,and 55 prcent feel that "protec- empiricalapproaches may be impeded by the
tion of informationabout consumers will get lack of validated instruments for measuring
worse by the year 2000" (Equifax, 1992). In individuals'concerns aboutorganizationalinfor-
addition,a numberof corporationshave faced mation privacy practices. As in many other
legal problems and received negative media areas of informationsystems (IS) research
attentionbecause of privacyissues (Cespedes (Jarvenpaa,et al., 1985; Straub, 1989), instru-
and Smith, 1993; Culnan, 1993; Smith, 1994). mentationissues have generallybeen ignored
In the United States, pressure for additional in the informationprivacy domain. This can
laws to guard against information privacy lead to two potentialproblemsover time: First,
exposures is coming from both domestic and it will be difficultto assess the significance of
internationalquarters (Cespedes and Smith, any particularstudy because the "lackof vali-
1993; Culnan, 1993). As organizations find dated measures in confirmatoryresearch rais-
their data management activities receiving es the specter that no single finding...can be
more scrutinyfroma privacyperspective, infor- trusted"(Straub,1989, p. 148). Second, devel-
mationsystems managers should be aware of opment of a research stream willbecome par-
exposures and be accountable to their organi- ticularlyproblematicbecause it will be difficult
zations (Strauband Collins,1990). to "compare and accumulate findings and
thereby develop syntheses for what is known"
Against this backdrop, research into issues (Churchill,1979, p. 67). Thus, the frontiersof
associated with informationprivacyis increas- knowledgein privacyresearch can be extend-
ing. Some privacy research dates back to the ed by efforts to enhance the tools at
1960s and 1970s (e.g., HEW, 1973; PPSC, researchers'disposal and to ensure that scien-
1977; Westin, 1967; Westin and Baker, 1972). tific rigorcan be maintainedin futurestudies.2
Most of the scholarly work, however, has Specifically, a rigorouslyvalidated instrument
emerged during the 1980s and early 1990s. that measures individuals' concerns about
Consequently, it could be argued that the organizationalinformationprivacypractices is
research stream is still in its infancy and that needed because withoutsuch an instrument,
much worklies ahead as researchers examine researchers cannot credibly test explanatory
the complex web of relationshipsin the infor- theories regardingcausal links between prac-
mationprivacydomain. Based on a numberof tices, individuals' perceptions, and societal
preliminarystudies (Culnan, 1993; Milberg,et responses. In addition,such an instrumentwill
al., 1995; Smith, 1994; and Stone, et al.,
1983), it has become apparent that organiza- 2 References as
rigorshouldnotbe interpreted
to scientific
tional practices, individuals' perceptions of suggestingthe superiorityof confirmatory empirical
these practices, and societal responses are researchapproaches overotherapproaches. Thepoint
inextricably linked in many ways. Theories beingstressedis thatforresearchers confirmato-
utilizing
ryempirical techniques, the use of validatedinstruments
regarding these relationships are slowly factor.Inaddition,
is a critical totheextentthattheuse of
emerging: for example, Stone and Stone such instruments strengthenspositivistresearchon a
(1990) developed a model for information topic,this can also call for advances in interpretive
flows and physical/social structures in work researchto be madeonthesametopic(Lee,1991).See
environments based on expectancy theory, additional remarks inthe"Discussion" section.
168 MISQuarterly/June1996

Information
PrivacyInstrument
promote cooperative research efforts by "allow- concerns.4 Furthermore,while other studies

ing other researchers in the stream to use this have examined various dimensions underlying
tested instrument across heterogenous settings information privacy concerns, the specific
and times" as well as by bringing "greater clari- dimensions differfrom study to study,5 and a
ty to the formulation and interpretation of common unifying framework relating these
research questions" (Straub, 1989, p. 148). dimensions has not yet emerged. Thus, we
attempted to ascertain the underlyingdimen-
To that end, this paper reports the results of a sions-both central and tangential-that have
study that developed and validated a measure- been identifiedin either scholarly literature,in
ment instrument that can be used in future federal law, or in privacyadvocates' writings.6
information privacy research. Table 1 shows Of course, this was a somewhat iterative
the final product of our work: a 15-item instru- process in that the understandingof the con-
ment with four subscales (Collection, Errors, structwas refinedin latersteps (see "Methods"
Unauthorized Secondary Use, and Improper section below).
Access; see definitions below) that measures
individuals' concerns about organizational This exercise revealed several central dimen-
information privacy practices. sions of individuals'concerns about organiza-
tional informationprivacy practices: collection
The following sections first consider the previ- of personal information;internalunauthorized
ous literature regarding individuals' concerns secondary use of personal information;exter-
about organizational information privacy prac- nal unauthorizedsecondary use of personal
tices. They then detail the development and information;errorsin personal information; and
validation of the instrument and conclude with improperaccess to personal information.Two
a discussion of implications for both additional,tangential dimensions, which were
researchers and managers. mentionedwith less frequency in the scholarly
literature,were also noted:concerns regarding
4 For example, a commonly used public opinion survey

LiteratureReview questionasks, "Howconcemed are you about threatsto
yourpersonalprivacyin Americatoday?"(Equifax,1990;
A prerequisite step in the creation of a validat- 1991; 1992; 1993). Whilesuch a questionprovidesvalid
data regardinglevels of public concern, it provides no
ed measurement instrument is a consideration
insightregardingthe natureof the concerns.
of the dimensionality of the relevant construct
5 Forexample,Stone, et al. (1983) referto collection,stor-
(in this case, individuals' concerns about orga- age, usage, and release. Culnan (1993) utilizeda 3x3
nizational information privacy practices). As matrix,withacquire,use, and transferalongone axis and
one of several steps in this process, a thor- interal customer,extemalcustomer,and prospectalong
ough review of the existing literature was con- the otheraxis.
ducted3 (Bearden, et al., 1993; Churchill, 6 An extensive literaturereview of informationprivacy
1979). research from prominentmultidisciplinary publications
and books providedan initialframeworkforthe identifica-
It is common for information privacy to be tion of the underlyingdimensionsof informationprivacy.
To furtherour understandingof the dimensionalityof
approached as though it were a unidimension- information privacyconcems, a modifiedcontentanalysis
al construct. For example, while available opin- technique was used to identify concerns most often
ion surveys (Equifax, 1990; 1991; 1992; 1993) raised in privacyadvocates' writingsand in federal law.
FollowingKerlinger's(1986) outline,a "universe" consist-
report an increasing level of concern about 960 articlesin the publicationPrivacy
ingof approximately
information privacy, these surveys do not fully Journal(a leading monthlypublicationfor privacyadvo-
explore the nature (dimensionality) of those cates) from1983-1990was examined.A particular article
was consideredthe unitof analysis. A beginningset of
categories, inspired by the "Code of Fair Information
3 This section details the resultsof the literaturereview.In Practices"as describedin the U.S. Departmentof Health,
a latersection ("Methods"), details of additionalsteps in Education,and Welfare study (1973) and the Privacy
this process are provided. ProtectionStudyCommission(PPSC, 1977),was used.
MISQuarterly/June1996 169

Information
PrivacyInstrument
Table 1. Final Instrument
Here are some statements about personal information.Fromthe standpointof personalprivacy,

please indicatethe extent to whichyou, as an individual,agree or disagree witheach statement by
circlingthe appropriatenumber.*
A. Itusuallybothers me when companies ask me for personalinformation.

B. Allthe personal informationin computerdatabases should be double-checkedfor accuracy-no
matterhow much this costs.
C. Companies should not use personal informationfor any purpose unless it has been authorized
by the individualswho providedthe information.
D. Companies should devote more time and effortto preventingunauthorizedaccess to personal
information.
E. When companies ask me for personal information,I sometimes thinktwice before providingit.
F. Companies should take more steps to make sure that the personal informationin theirfiles is
accurate.
G. When people give personal informationto a companyfor some reason, the companyshould
never use the informationfor any other reason.
H. Companies should have betterproceduresto correcterrorsin personalinformation.
I. Computerdatabases that containpersonal informationshould be protectedfromunauthorized
access-no matterhow much it costs.
J. Itbothers me to give personal informationto so manycompanies.
K. Companies should never sell the personal informationin theircomputerdatabases to other
companies.
L. Companies should devote more time and effortto verifyingthe accuracyof the personal informa-
tion in theirdatabases.
M. Companies should never share personal informationwithothercompanies unless it has been
authorizedby the individualswho providedthe information.
N. Companies should take more steps to make sure that unauthorizedpeople cannot access per-
sonal informationin theircomputers.
O. I'mconcerned that companies are collectingtoo much personalinformationabout me.
ItemsA, E, J, and 0 comprisethe "Collection" subscale; items B, F, H, and L comprisethe "Errors"

subscale; items C, G, K, and Mcomprisethe "Unauthorized Secondary Use"subscale; and items D,
I, and N comprise the "Improper Access" subscale. Subscale scores are calculatedby averagingthe
responses to the items for each subscale; an overallscore is then calculatedby averagingthe sub-
scale scores.
* Each of the items is followed a seven-pointLikertscale anchoredby "Stronglydisagree"(1) and
by
"Strongelyagree"(7).
1996
170 MISQuarterly/June

Information
PrivacyInstrument
reducedjudgmentin decision makingand com- use of personalinformationwillvery often elicit

bining data from several sources. Each is dis- a negative response. This concern was raised
cussed brieflybelow (see synopsis in Table 2). pointedly in the Code of Fair Information
Practices, which was included in a seminal
study sponsored by the U.S. Department of
Collection Health, Education, and Welfare (1973).
Concerns about such secondary use were
raised in several industry settings in a later
The Association for Computing Machinery
study (PPSC, 1977) and echoed in Linowes
(ACM),a majorassociation of informationpro-
(1989). Stone, et al. (1983) refers to this issue
cessing professionals, has a phrase in its
Code of Professional Conduct that dictates
underthe label of "information usage";it is reit-
erated by Stone and Stone (1990) in a discus-
members shall "always consider the principle
sion of various information uses. Specific
of the individual's privacy and seek . . . to
minimizethe data collected. . ." (ACM,1980). examples of such secondary, internaluses are
also covered in the literature: for example,
This area of concern reflects the perception,
'There's too much damn data collection going "sugging"-a practicein whichdata are collect-
ed ostensiblyfor research only to be used later
on in this society" (Miller, 1982). Individuals
for marketingpurposes-falls into this area of
often perceive that great quantities of data
concern (Cespedes and Smith, 1993). It is
regardingtheir personalities, background,and common for organizationsto find new uses for
actions are being accumulated,and they often
resent this. The growingcollectionof personal data: for example, some banks' marketing
informationhas been a theme in privacylitera- groups have attempted to use income data
ture since the 1970s. Although Westin and collected on loan applications to sort cus-
Baker (1972) did not find that informationcol- tomers into narrow categories for targeted
lection had increased appreciably,they argued sales offerings-a use of income data likely
that it was an inevitablebyproductof the grow- unanticipated by the customers at the time
ing computerrevolutionand raised concerns in they filledin the loan application.
that regard. Shortly thereafter, two major
reports from that era (HEW, 1973; PPSC,
1977) confirmed the trend and the concern;
this position was echoed by Linowes (1989).
secondaryuse
Unauthorized
Laudon(1986) also inferreda concern regard- (external)
ing excessive collection of data when he Some studies (for example, Tolchinsky,et al.,
coined the moniker "dossier society" to
describe our increasing reliance on personal 1981) have found that concerns about sec-
data. In the behavioralliterature,Stone, et al. ondary use are exacerbated when personal
informationis disclosed to an external party
(1983) utilized "informationcollection"as one
component in their study; Stone and Stone (i.e., another organization). This issue was
mentioned in studies conducted in the 1970s
(1990) also discuss a number of concerns
associated with informationcollection. (HEW,1973; PPSC, 1977; Westin and Baker,
1972), but it was not stressed in great depth at
that time-perhaps because the technology of
the day constrainedsuch external exchanges
secondaryuse
Unauthorized of data. By the 1980s, though,the concern had
(internal) become a majorone. Linowes (1989) discuss-
es several examples of unauthorizedexternal
Sometimes informationis collected from indi- use of informationin variousindustries.Culnan
viduals for one purpose but is used for anoth- (1993) examines attitudestowardexternalsec-
er, secondary purpose without authorization ondary uses in direct marketingapplications.
fromthe individuals.Even if contained internal- Stone, et al. (1983) consider the issue under
ly within a single organization, unauthorized the rubricof "informationrelease," and Stone
1996 171
MISQuarterly/June

Information
PrivacyInstrument
Table 2. Dimensions
Dimension Description of Concern MajorLiteratureReferences*

Collection Concernthat extensive amountsof personally HEW,1973
identifiabledata are being collected and stored Laudon,1986
in databases Linowes,1989
Miller,1982
PPSC, 1977
Stone, et al., 1983
Stone and Stone, 1990
Westinand Baker,1972
Unauthorized Concernthat informationis collected from HEW,1973
Secondary Use individualsfor one purpose but is used for Linowes,1989
(internal) another,secondary purpose (internallywithina PPSC, 1977
single organization)withoutauthorizationfrom Stone, et al., 1983
the individuals
Unauthorized Concernthat informationis collected for one Culnan,1993
Secondary Use purpose but is used for another,secondary Linowes,1989
(external) purpose afterdisclosureto an externalparty Stone, et al., 1983
(not the collectingorganization) Tolchinsky,et al., 1981
ImproperAccess Concernthatdata about individualsare readily Date, 1986
availableto people not properlyauthorizedto Linowes,1989
view or workwiththis data PPSC, 1977 (minorreferences)
Errors Concernthat protectionsagainst deliberate Date, 1986
and accidentalerrorsin personaldata are HEW,1973
inadequate Laudon,1986
Miller,1982
PPSC, 1977 (minorreferences)
Reduced Judgment Concernthat automationof decision-making Kling,1978
(tangential)** processes may be excessive and that Ladd,1989
mechanisms for decouplingfromautomated Laudon,1986
decision processes may be inadequate Mowshowitz,1976
Combining Data Concernthat personaldata in disparate HEW,1973
(tangential)*** databases may be combinedintolarger Laudon,1986
databases, thus creatinga "mosaiceffect" PPSC, 1977
* Not an exhaustive list. Items in this columnshould be viewed as representative.

** While some authors have addressed Reduced Judgment in their scholarly writings, they have
seldom identifiedit as a privacyconcern, per se.
T* he CombiningData concern is almost always addressed in concert with either the Collectionor
the Unauthorized Secondary Use (External) concern.

Information
PrivacyInstrument
and Stone (1990) discuss the "subsequentdis- vacy-relatedconcerns involveinstead acciden-

closures"of personal information. tal errorsin personal data. Earlyprivacystud-
ies detailsome proceduresfor minimizingsuch
The most commonly cited examples of this errors (HEW,1973; Westin and Baker, 1972;
concern are the sale or rental of current or also see minor references in PPSC, 1977).
prospective customers' names, addresses, Later works (Laudon, 1986; Linowes, 1989)
phone numbers, purchase histories, catego- documentcontinuingproblemsin this domain.
rizations, etc., on mailing "lists,"which are
often transferred between the organizational Provisions for inspection and correction are
entities as digital files. Trade publications in often considered as antidotes for problems of
the direct marketing industry such as DM erroneous data (HEW, 1973; PPSC, 1977;
News ("DM" stands for "directmarketing") con- Smith, 1994). But many errors are stubborn
tain pages of advertisements for such lists ones, and they seem to snowball in spite of
(e.g., "individualswho responded to an adver- such provisions (Smith, 1994). In addition, a
tisement for a weight-loss product"). reluctanceto delete old data-which can clear-
ly become "erroneous"because of their static
nature in a dynamic world-can exacerbate
this problem (Miller,1982). Also at issue are
Improperaccess questions of responsibilityin spotting errors:
does a system rely on individualsto monitor
Who within an organization is allowed to theirown files, or is there an overarchinginfra-
access personal informationin the files? This structure in place (Bennett, 1992)? Although
is a question not only of technological con- errorsare sometimes assumed to be unavoid-
straints(e.g., access controlsoftware)but also able problems in data handling,whether con-
of organizational policy. It is often held that trols are or are not includedin a system does
individuals should have a "need to know" represent a value choice on the part of the
before access to personal informationis grant- system's designers (Kling,1978; Mowshowitz,
ed. However, the interpretationof which indi- 1976).
viduals have, and do not have, a "need to
know"is often a cause of much controversy.
PPSC (1977) and Linowes (1989) provide
some attention to the topic-considering, for Reducedjudgment
example, the inappropriateaccess to employ-
ees' healthcare records that are not controlled As organizationsgrow in size and in theirdata
properly-and it is sometimes considered processing capabilities,they tend to rely more
underthe rubricof "security"in database litera- often on formulas and rules in their decision
ture (see, for example, Date, 1986). Of course, making(Cyertand March,1963). Their use of
automated decision-making processes may
technological options now exist for controlling
such access at file, record, or field level. But lead individuals to feel that they are being
how those options are utilized and how poli- treated more as "a bunch of numbers"than as
cies associated with those uses are formed an individual. As systems are increasingly
representvalue-laden managerialjudgments. designed so that these decisions are automat-
ed, mechanisms for "decoupling"the decision
makingfromthe systems as appropriate-that
is, revertingto humancontrolswhen the com-
Errors puter'slimitsas a decision makerare reached
(Ladd,1989)--should be included.When such
Manyindividualsbelieve that organizationsare mechanisms are not provided,concerns about
not taking enough steps to minimizeproblems this dimension of decision making increase
from errors in personal data. Although some (Kling, 1978; Ladd, 1989; Laudon, 1986;
errors might be deliberate (e.g., a disgruntled Mowshowitz, 1976). Some examples of this
employee maliciouslyfalsifyingdata), most pri- phenomenon border on the ridiculous:
MIS Quarterly/June 1996 173

InformationPrivacyInstrument
AmericanExpress once issued a Gold Cardto to measure individuals'concerns about orga-

a man who had been dead 14 years, just nizationalinformationprivacypractices. While
because his widowfilledin all the blankson an it is expected that this instrumentwill be used
applicationform. Muchof the data would have primarilyin positivist studies, the process of
appeared immediatelysuspicious to a human instrumentdevelopment and validation used
being (e.g., she entered all zeroes for his in this study includedsteps that addressed not
social security number and "God" as his only what Lee (1991) would call a
employer), but the system apparently had researcher's positivist understanding (e.g., a
been programmedto accept these entries, and theory taking the form of independent and
the appropriate mechanisms for decoupling dependent variables), but also the subjective
the decision making from the computerized understanding (i.e., what the research sub-
informationsystem had apparently not been jects themselves understandtheir situationto
included(Smith,1994). be) as well as a researcher's interpretive
understanding (i.e., what the researcher
While advocates often couple "reducedjudg- observes and interpretsto be the subjective
ment"with privacyin their argumentsand writ-
understanding).7
ings, it should be noted that "reduced judg-
ment" can easily be considered a tangential As can be seen in Stage 1 of Figure 1,8 an
construct or even a separate construct of its iterative process is used to (1) specify the
own (under the rubricof "decision making"). domain and dimensionalityof a construct, (2)
Indeed, it has usually been referenced in generate a sample of items, and (3) assess
scholarlyworkas a relatedconcern ratherthan content validityof these items (i.e., the extent
as a dimensionof privacy,per se. to which scale items appear-to be consistent
with the theoretical domain/dimensionalityof
the construct (Churchill, 1979; Cronbach,
Combiningdata 1971)).
Techniques9 used to accomplish these tasks

Concerns are sometimes raised with respect include literature reviews, experience sur-
to combined databases that pull personal data
from numerous other sources, creating what veys,10 focus groups, expert judges, and pilot
tests with relevantsamples. Duringthis stage,
has been termed a "mosaic effect." These based on inputfromindividuals,expertjudges,
combinationsof data were mentionedin some and literature, scale items are trimmed and
of the 1970s privacy studies (HEW, 1973; refinedand dimensions may be added, delet-
PPSC, 1977) and in the 1980s (see especially ed, or modifiedas understandingof the con-
Laudon,1986). Even if data items in disparate structimproves.
databases are seen as innocuous by them-
selves, theircombinationinto largerdatabases In Stage 2, the items and the conceptualiza-
appears to some to be suggestive of a "Big tion of the construct are subjected to "field
Brother"environment. The Combining Data
concern is usuallyencountered in the literature
7 See Lee (1991) for fuller explanationsof these terms.
in parallelwith Collectionand/or Unauthorized
Also, see remarksin our"Discussion"section.
Secondary Use (External) concerns and, in 8 Figure1 representsa synthesis and adaptationof sever-
fact, may not be a separate dimension (see
al models of the developmentand validationprocess. It
"Methods"below). model;however,itdoes
is notclaimedto be a definitive
includethe steps thatare widelyacceptedand have
beenusedinpaststudies.
9 Forfurther discussionof thesetechniques,see Bearden,
Methods et al.,1993andChurchill, 1979.
10 Anexperience samplebuta
surveyis "nota probability
The ultimateobjective of this research was the judgment sampleofpersonswhocanoffersomeideasand
development and validation of an instrument insightsintothephenomenon" 1979,p.67).
(Churchill,

Information
PrivacyInstrument
Stage 1: Techniques/Proce
Specifydomainand dimensionality Literature
review
of the construct Experiencesurveys
'I
+ Focusgroups
Generatesampleof items
Assess contentvalidity Expertjudges

(add,delete, modifyitems) Experience surveys
Focusgroups
Stage | 2: I
I I
Administerinstrumentto sample I
i
Assess itemsand instrument
factoranalysis
Exploratory
(purifyitemsand/orunderstanding Interitem
reliabilities
of construct)
Comparealternativemodelsof factoranalysis
Confirmatory
the construct
(LISREL)
Stage 3:
Assess internalvalidity factoranalysis
Confirmatory
- construct (LISREL)
- concurrent Pearsoncorrelations
- nomological OLSregressions
Assess reliability factoranalysis

Confirmatory
-internal consistency (LISREL)
- test-retest Pearsoncorrelations
factoranalysis
Confirmatory
Assess generalizability
(LISREL)on multiplesamples
Source: AdaptedfromBagozzi (1980), Bearden,et al. (1993), Churchill(1979), and Straub(1989).

Figure 1. Instrument Development and Validation Process

Information
PrivacyInstrument
tests." A preliminaryversion of the instrument starting point in determiningthe central and

is administered to various samples, and tangential dimensions of the construct.
exploratoryfactor analysis is utilizedto assess Concomitant with this effort, semistructured
the items. The instrument is "purified" interviewswere conducted with 83 executives,
(Churchill,1979) as researchers find that cer- managers, and employees of banks, insurance
tain items should again be added, deleted, or companies, and a creditcard issuer.11Further,
modified. Indeed, the researchers may even 18 consumers were interviewedeither individ-
find that they must modifytheir understanding ually or in focus groups. (See Table 3a for a
of the construct's dimensionality.Stage 2 con- descriptionof the samples; see Table 3b for a
tinues until the loading of the items in the summaryof the proceduresand results in this
exploratoryfactor analysis is consistent with study.)
the understanding of the construct's dimen-
sions, and the inter-item reliabilities By discussing the construct both with people
(Cronbach's alpha) are at satisfactory levels who were employed in organizationshandling
for all dimensions. In addition, Stage 2 much personal data and withpeople who were
includes a comparisonof alternativemodels of not in any way associated with such organiza-
the construct through confirmatory factor tions, we were betterable to interpretthe sub-
analysis (CFA). (See the Appendix for a dis- jective understanding(i.e., what the individuals
cussion of the meritsof CFA.) themselves understood"concernsabout infor-
mationprivacy"to mean). To achieve our own
In Stage 3, the internalvalidityof the instru- interpretive understanding, rather than rely
ment is assessed. This includes evaluations exclusively on how other researchers and
of the instrument'sconstruct, concurrent,and some advocates have alreadyinterpretedwhat
nomological validity.Stage 3 also includes an individualsthemselves understandinformation
assessment of the instrument's reliability, privacy to mean (see previous discussion
specifically internal consistency and test- under "LiteratureReview"),we interviewed12
retest reliability.Finally, Stage 3 includes an consumer/privacyadvocates either in person
assessment of the instrument'sgeneralizabili- or over the phone.
ty (i.e., its usefulness for different popula-
tions). In all tests, the instrument must per- Commonlycited themes regardinginformation
form at statistically adequate levels. These privacy concerns from the research articles,
levels have been documented, based on gen- from privacy advocates' writings and U. S.
erally accepted criteria, by numerous writers laws, and from the interviews/focus groups
(see Bagozzi and Yi, 1988; 1991; Bearden, et were sorted in an iterative and interpretive
al., 1993; Bentler and Bonett, 1980; Fornell process by the researchers, and the cate-
and Larcker,1981). gories were combinedand modifiedin an intu-
itive manner to suggest underlying dimen-
The following sections provide further detail sions. Based on the dimensions identified,we
regarding our instrument development generated a preliminaryset of 72 survey items
process. for measuring individuals' concerns about
organizationalinformationprivacypractices.
Instrumentvalidationresults- To establish content validityof the scale items

(i.e., whether the items trulysampled the uni-
stage 1 verse of situationswe were attemptingto mea-
To specify the domain/dimensionality of the
"individuals'concerns about organizational 1 Inall interviews, employeeswereasked
organizations'
informationprivacypractices"constructand to fortheiropinionsbothas employeesandas individuals.
Whilebetterinformedaboutorganizational than
practices
establish content validity of the generated averageconsumers, employeeswereusuallyableto dis-
scale items, the extensive literature review, tinguishbetweentheirorganizational
perspectivesand
detailed in a previous section, was used as a theirpersonalopinions.
1996

Information
PrivacyInstrument
Table 3a. Samples

n of
Sample # sample* Composition of Sample Date Collected
1 83 Executives,managers, employees-banks,
insuranceorganizations,creditcard issuer Fall 1989/Spring1990
2 18 Consumers (individualand focus group) Spring1990
3 12 Consumer/privacyadvocates Spring1990
4 3 Judges (familiarwithprivacyarea) Spring1990
5 15 Doctoralstudents and facultymembers
(large Easternuniversity) Spring1990
6 15 Organizationalemployees (follow-upinterviews) Spring1990
7 25 Employees-bank, insuranceorganizations
(focus groups) Spring1990
8 704 Employees-bank, insuranceorganizations,
creditcard issuer Spring/Summer 1990
9 239 Information systems managers;graduatebusiness
students (two Easternuniversities) Summer/Fall1991
10 270 Graduatebusiness students (fourgeographically
dispersed U.S. universities) Spring1992
11 147 Graduatebusiness students (Easternuniversity) Fall 1992
12 354 U.S.-based ISACAmembers Spring1993
13 186** Undergraduatebusiness students
(Easternuniversity) Spring1993
14 170*** Undergraduatebusiness students
(Easternuniversity) Fall 1993
15 77 Graduatebusiness students (twogeographically
dispersed U.S. universities) Fall 1993
* n's reported in this table are for the total samples. These n's may differslightly from those in
subsequent tables, which report effective sample sizes (in which responses with some missing
data have been removed).
**All 186 of these students completed a "test"of the instrument,and these 186 responses were
used for the "generalizability"exercise. One hundredtwenty-threeof the 186 also completed the
retest"of the instrumenteight weeks later)and were used in the "test-retest"exercise. Halfof the
retest"group was randomlyselected to complete a "cynicaldistrust"scale; 59 of these, who had
also completed the "test,"were correlatedwiththe "cynicaldistrust"scale.
These 170 students were randomlyassigned to complete, in additionto the informationprivacy
***
instrument,eithera "paranoia" or a "socialcriticism"scale.

Information
PrivacyInstrument
Table 3b. Procedures and Results
Technique/ Samples
Stage* Task Procedure (See Table 3a) Results
1 Interpret Semistructuredinterviews 1, 2 Preliminaryresearch
organizational understandingof
participants' constructdomain
understandingof and dimensionality.
matterspertainingto
construct domain and -
dimensionality
1 Improveinterpretation Semistructuredinterviews 3 Refinedresearch
of the organizational understandingof
participants' constructdomain
understandingof and dimensionality;
matterspertainingto used in generating
constructdomainand set of 72 survey
dimensionality items.
1 Assess content validity Judgingexercise 4 33 items discarded,
-
of initial item set resulting in a 39-item
set.
1 Test content validityof Judgingexercise 5 Itemsdeleted and
reduced item set reworded,resulting
in a new 32-item set.
1 Test refinementof Follow-upinterviews 6 Confidencein refined
constructdomainand understandingof
dimensionality constructdomain
prliir. and dimen$ionality,
1 Pilottest preliminary Focus group:fillin survey 7 Itemsdeleted and
survey and discuss i reworded,resulting
jina new 20-item $et.
2 Assess items and Exploratoryfactoranalysis 8 20 items includedon
instrument and interitemreliabilities instrument.Deleted
3, added 2, and
modified8 forclarity,
resultingin a 19-item
instrument.
9 19 items includedon
instrument.Deleted
2, added 8, and
modified6 for clarity,
resultingin a 25-item
instrument.
10 Secondary internal
and externaluse
converged intoa
single dimension.
Also deleted items
that did not clearly
load onto single
factors and items
that were
redundant,resulting
in a 15-item
instrument(see
Table 1). Of these 15
1996

Information
PrivacyInstrument
Table 3b. continued
items, all loaded

unambiguouslyonto
fourfactors;
Cronbach'salphas at
adeauate levels.
2 Comparealternative Confirmatory factor 10 Hypothesized4-
models of the construct analysis (LISREL) factormodel
providedbest fitto
data comparedto
alternativemodels
(see Table 4)
3 Assess constructvalidityConfirmatory factor 11 Non-centralized
- overallmodel fit analysis (LISREL) normedfit index
adequate
3 Assess constructvalidityConfirmatory factor 11 Standardizedfactor
- convergent/ analysis (LISREL) loadings,average
discriminant varianceextracted,
and factorinter-
correlations
adequate (see
Tables 6 and 7)
3 Assess concurrent Pearson correlations 12 Significant
validity correlationswith
publicopinion
questions
3 Assess nomological OLS regressions 15 Expected relation-
validity ships withpast
experiences and
priorknowledge
supported
Pearson correlations 13,14 Expected relation-
ships withpersonality
factorssupported
Pearson correlations 15 Expected relation-
ships withfuture
behavioralintentions
supported
3 Assess reliability Confirmatory factor 11 Compositereliability,
- internalconsistency analysis (LISREL) average variance
extractedadequate
(see Table 6)
3 Assess reliability Pearson correlations 13 Significantcorrelations
test-retest over an 8-week
period
3 Generalizability Confirmatory factor Validityand reliability
analysis (LISREL) 12, 13 shown for disparate
populations(see
Table 8)
* As shown in
Figure 1.
1996 179
MISQuarterly/June

Information
PrivacyInstrument
sure (Cronbach, 1971; Straub, 1989)), we as an outcome of Collectionand Unauthorized

asked three judges, familiarwith the privacy Secondary Use (External). When we tested
area, to screen the 72 items for those that did some items that purportedto measure con-
not appear consistent with the construct and cerns about CombiningData, our judges con-
the identifieddimensions (i.e., did not appear sistently held that it was almost impossible to
to actually measure individuals' concerns separate the items' content fromthe Collection
about organizationalinformationprivacyprac- and UnauthorizedSecondary Use (External)
tices).12 This resulted in a reduced set of 39 dimensions.Also duringthis process, Reduced
items. Then, 15 doctoral students and faculty Judgment was found by our judges and by
members at a large Eastern universityjudged some consumers to be tangentialto the major
this reduced set of items. Specifically, the constructof concern about informationprivacy
dimensions were explainedto eight of the doc- and was dropped from furtherconsideration.
toral students/faculty members, who were Few scholarlyworks hold Reduced Judgment
asked to evaluate the items for theirapplicabil- to be a dimensionof privacy.Furthermore,pri-
ity to the respective dimensions. The other vacy advocates, when pressed, were inclined
seven doctoralstudents/facultymembers were to concede that Reduced Judgmentwas actu-
presented withthe items but were not given an ally outside the sphere of privacy concerns,
explanationof the dimensions. They indicated, per se.
for each item, what they perceived that item
would measure. Items that were either incon-
sistently classified or were misclassified were validationresults-
Instrument
eliminatedor reworded.Afterthis analysis, 32
items remained. stage 2
Followingthis step, follow-upinterviewswere Stage 2 includesa preliminary assessment and
conducted with 15 corporate employees. In refinementof the instrumentthroughexploratory
addition,at this point, the items were present- methods. In particular,in our study, the 20-item
ed to 25 people employed by banks and insur- scale was administered to a sample of 704
ance organizations. Using a focus group for- bank, insurance organization,and credit card
mat, participantsfilled in the survey and then issuer employees.13Exploratory factor analysis
discussed their reaction to, and thoughts and interitemreliability
(Cronbach'salphas) pro-
about, each item. Based on this test, further vided tentative supportfor the various dimen-
modificationsand reductions resulted in a 20- sions. Unfortunately,however,several items did
item scale. not load as expected. An additional iterative
process was initiatedin whichthree versions of
During this iterative process, as defined in revisedinstrumentswere administeredto varied
Stage 1, the domain and the dimensionalityof populations,such as information systems man-
the "individuals'concerns about organizational agers and graduatebusiness students.
informationprivacy practices"construct were
Based on additionalexploratoryfactor analy-
repetitivelyassessed and modified.It became
apparent that the Combining Data dimension sis, items were deleted, added, or revised.
was actually subsumed by two other dimen- This process eventually resulted in a 15-item
sions: Collectionand UnauthorizedSecondary instrument.Fourfactors emerged representing
Use (External). Further probing with both
advocates and consumers revealed that 13The surveywas distributedto the employees, who were
CombiningData concerns are actuallyviewed randomlychosen fromthe organizations'personnel ros-
ters, under a cover letterfrom a senior executive. The
completed,anonymoussurveys were mailed directlyto
12 For example, when presented with some preliminary the researcher.A totalof 1,103 surveys were distributed,
items that were attemptingto measure concerns about and 704 were returned,for a response rate of 63.8 per-
Reduced Judgment,the judges respondedthat they had cent. The survey instructionssaid "Weare interestedin
difficultyin understandingwhy it was a privacyconcern, your own, personal opinionsabout the issue of privacy.
per se. Yourresponses willbe held in completeanonymity."
1996

Information
PrivacyInstrument
the subscales: Collection (4 items), Errors(4 measures than competing models. The chi-
items), UnauthorizedSecondary Use (4 items), square statistics for all models estimated were
and ImproperAccess (3 items). Examinationof significant,but-given the large samples used
the exploratory factor analysis revealed that in the study-the significantchi-squares were
the unauthorizedinternal secondary use and likely artifacts of sample size (Bentler and
the external secondary use dimensions had Bonett,1980) . Thus, a comparisonof the GFI,
converged onto a single factor,the salient fea- AGFIand RMRmeasures-which are indepen-
ture being that the secondary use of the infor- dent of sample size (Bagozzi and Yi, 1988)-
mationhad not been authorizedby the individ- was performedto assess the model's fit. As
uals involved. Chosen items all had factor shown in Table4, boththe GFIand the AGFIof
loadings greaterthan .60 on the same factorin the four-factormodel are higherthan those for
all factoranalyses performed.(The finalinstru- the three competing models. Further, RMRs
ment is shown in Table 1.) are also considerablyhigher in the competing
models (more residualvariance remains)than
Stage 2 included one final step: to determine in the hypothesized model. Finally,the coeffi-
whether the hypothesized model of a four-
cient of determination,a criterionfor evaluating
dimensionconstructprovidedthe best fitto the
data as comparedto alternativeplausiblemod- the globalfitof a model by assessing explained
els. To accomplish this, the overallfits of four variance(i.e., how well the items serve as joint
measures of the latent variable), was exam-
theoretically plausible alternative models (a
unidimensional model, a three-dimensional ined. As shown in Table 4, the coefficient of
determinationis as high or higher in the four-
model, a model with two main factors and
three sub-factors, and the hypothesized four- factor model as in the other three models.
factor model) were compared using the CFA Thus, of the fourmodels compared,the hypoth-
esized four-factormodel providedthe best fitto
program LISREL (Joreskog and Sorbom,
1984). Four statistics provided in the LISREL the data and was ultimatelyaccepted.
programthat are commonly used to compare
model fits are the non-adjusted and adjusted
goodness-of-fitindices (GFIand AGFI,respec- validationresults-
Instrument
tively),root mean square residuals (RMR),and 3
chi-squarestatistics (Bagozzi and Yi, 1988). stage
Comparison of these statistics (see Table 4) Stage 3 included assessments of the instru-
suggests that the hypothesized four-factor ment's internal validity, its reliability,and its
model performsbetter on the overall model fit generalizability.
Table 4. Comparison of Four Models

Four-Factor
One-Factor Three-Factor Second-Order (Hypothesized)
Model Model Model Model
Chi-square (d.f.)* 792 (90) 371 (101) 371 (101) 240 (84)
GFI .66 .75 .85 .90
AGFI -.36 .42 .42 .67
RMR .10 .07 .066 .047
Coeff. of
Determination .812 .991 .970 .996
* p<.001 for all models tested.

Information
PrivacyInstrument
InternalValidity the hypothesized model as comparedto a null

model that hypothesizes that all variables are
ConstructValidity mutuallyindependent.15This analysis is com-
monlyperformedto assess model fit when the
Construct validity is defined as the extent to CFA does not fulfillthe acceptance criterionof
which the operationalization of a construct a non-significant chi-square statistic, even
measures what it is supposed to measure though other measures of model fit fall within
(Cook and Campbell, 1979). To establish con- acceptable ranges (Bagozzi, 1993; Bentler,
structvalidity,we considered (1) the adequacy 1990; McDonald and Marsh, 1990), as was
of the model's fit and (2) convergent and dis- found in this case.
criminantvalidity for the model. To this end,
The NCNFI for this model is .91, which is
the instrument was administered to a new
greaterthan the .90 ruleof thumbrecommend-
sample of graduate business students ed as a minimumsatisfactory level (Bentler
(n=1 47).14 and Bonett, 1980), suggesting adequate model
fit from a practicalstandpoint.In other words,
Adequacy of Model's Fit: In Stage 2, it was
shown that the four-factormodel providedthe the remaining incremental fit that could be
best fit to the data, suggesting its superiority achieved by additionalmodel modificationsis
over the other models in definingthe "individu- small. Further,the coefficientof determination
als' concerns about organizationalinformation (whichshows how well the hypothesized rela-
tions account for the factors) is very high at
privacy practices" construct. However, the
.996. Finally,the RMRis also very low, at .065
accepted model will achieve an adequate or
satisfactoryfit to the data only when a signifi-, (Bagozzi and Yi, 1988). These findingssupport
cant degree of correspondence exists between the overall adequacy of the model fit and pro-
vide supportfor the theoreticalstructureof the
concepts and their respective measures and construct(Bagozzi and Yi, 1988).
when measurement error is random (Bagozzi
and Phillips,1982). If significantmeasurement
Convergent and Discriminant Validity:
or method errors (or other external confound-
Convergent validity refers to the extent to
ing factors) are present, overall model fit will which multiplemeasures of a construct agree
be poor, suggesting model misspecification.In with one another (Campbelland Fiske, 1959).
other words, subject responses must fit a fairly Discriminantvalidity refers to the extent to
well-defined pattern for the hypothesized which measures of differentconstructsare dis-
model to be sustained and construct validity tinct (Campbelland Fiske, 1959). A traditional
supported. method for assessing construct validity has
been the multitrait-multimethod (MTMM)
On that basis, the first step in assessing con-
matrix.However, CFA affords certain advan-
struct validity using the CFA technique is to
assess overall model fit. While the chi-square tages in validity assessment over MTMM
matrixanalysis (Bagozzi and Phillips, 1982).
statistic provided in LISRELis often used to
CFA explicitly represents random measure-
assess the adequacy of the model's fit, it may ment errorand allows for estimationof method
be a misleadingartifactof sample size (Bentler variation.In addition,it provides explicittests
and Bonett, 1980). Given the large sample of the entire model, estimates of parameters,
size in this study, the overall fit of the model and a varietyof fit measures, not availablewith
was examined using the non-centralized the MTMMprocedure(Bagozzi, 1993).
normedfit index (NCNFI).The NCNFI,whichis
independent of sample size (Bentler, 1990; There are several approaches to assessment
McDonald and Marsh, 1990), assesses the of convergentvaliditythroughCFA. First,con-
proportionof additionalvariance explained in
15The method for calculating the NCNFIis specified in
14Loadings from an exploratoryfactor analysis and the Bentler(1990, pp. 239-241). The chi-squarefor the null
forthis sample are shownin Table5.
interitemreliabilities modelwas 1094 (d.f.= 105).
1996

Information
PrivacyInstrument
Table 5. Final Instrument-Factor Analysis

UNAUTHORIZED IMPROPER
COLLECTION ERRORS SECONDARYUSE ACCESS
Item # Factor Loading Factor Loading Factor Loading Factor Loading
J .861
E .856
A .855
0 .762
F .864
H .816
L .811
B .679
K .778
M .768
G .719
C .717
N .773
D .771
~~~~~~~~~~~~~I ~~~~.719
These results are froma sample of 147 business graduatestudents fromFall 1992. Allloadings
above .40 are listed above.
Interitemreliabilities(Cronbach'salpha):Collection,.88; Errors,.84; Secondary Use, .80; Improper
Access, .75.
vergence implies that all within-constructcor- Thus, to furtherassess convergentvalidity,the

relations are both high and of approximately correlations between the subscales were
the same magnitude (Fornell and Larcker, examined. As shown in Table 7, the correla-
1981). To assess this aspect of convergent tions between the dimensions are all signifi-
validity,the fit of the internalstructureof the cantly different from zero (p<.05). This sug-
model (as discussed above), factor loading gests that the four dimensions are all measur-
size, and significance were assessed. Bagozzi ing some aspect of the same construct (are
and Yi (1991) suggest weak evidence of con- not orthogonal).
vergent validityresults when the factor loading
on an item of interest is significant.Strong evi- To assess discriminantvalidity,subscales must
dence is achieved when the squared factor be examined to insure they are not perfectly
loadingis greaterthan .5 (morethan halfof the correlated(correlationsequal to 1). As shown
total variation in the measures is due to the in Table 7, all subscale correlationsare signifi-
trait).As shown in Table 6, standardizedfactor cantlydifferentfromone (p<.05).This suggests
loadings (SFL) for all measures are greater thatwhilethe subscales are measuringaspects
than .6; all are statisticallysignificantat p<.05. of the same construct, they are measuring
In addition, 12 of the 15 items have squared unique dimensions of that construct. Further,
factorloadings greaterthan .5. more rigorousevidence of discriminantvalidity
is also observed by lookingat the average vari-
Second, convergent validitycan be assessed ance extracted(AVE)by each factorrelativeto
in terms of the degree to which the four sub- that factors shared variance with other factors
scales (which might be considered four differ- in the model (see Fornelland Larcker,1981).
ent measures of concern) are correlated (AVEmeasures the amountof variance that is
(Bagozzi, 1980; Barki and Hartwick, 1994). captured by the construct in relation to the
1996 183
MISQuarterly/June

PrivacyInstrument
Information
amountof variancedue to measurementerror.) if the test is shown to correlatewithsome use-

Inevery case, the AVEassociated witha factor ful criterion(e.g., anothertest) administeredat
(see Table 6) is greater than the shared vari- the same time (Cronbach and Meehl, 1955;
ance (squared correlation)between that and Bagozzi, 1981). To assess concurrentvalidity
every otherfactor(see Table 7). of this instrument, the correlation between
responses to the current instrument and
responses to previouslyutilizedpublicopinion
ConcurrentValidity survey questions was assessed. These public
opinion surveys (see Cambridge Reports,
Concurrent validity is considered when one 1989; Equifax, 1990; 1991; 1992; 1993; Katz
test is proposed as a substitutefor another or and Tassone, 1990) typicallyused questions
Table 6. Summary of Parameter Estimates of Four-FactorModel
Graduate
Business Students
Factor Item (n= 147)
SFL CR AVE
Collection A .816
E .743
J .870
0 .765
.88 .69
Errors B .700
F .709
H .720
L .900
.85 .58
Secondary Use C .726
G .669
K .646
M .781
.80 .50
ImproperAccess D .652
I .733
N .721
.75 .50
Chi-Square 174 (84)

NCNFI .91
RMR's .065
Coeff. Determ. .996
Legend: SFL = StandardizedFactorLoading

CR = Composite Reliability
AVE= Average VarianceExtracted
NCNFI= Non-centralizedNormedFitIndex
RMR= Root Mean-squaredResidual
1996

Information
PrivacyInstrument
Table 7. Factor Intercorrelationsof Four-FactorModel

Unauthorized Improper
FACTORS Collection Errors Secondary Use Access
Collection 1.00
Errors .216 1.00
[SquaredCorrelation] [.047]
(Std. Dev. of Correlation) (.09)
Unauthorized
Secondary Use .425 .448 1.00
[SquaredCorrelation] [.181] [.201]
(Std. Dev. of Correlation) (.08) (.08)
ImproperAccess .264 .611 .641 1.00
[SquaredCorrelation] [.070] [.373] [.411]
(Std. Dev. of Correlation) (.10) (.07) (.08)
Allfactorintercorrelationsare significantlydifferentfromzero (p<.05) and one (p<.05).

These results are froma sample of 147 business graduatestudents fromFall 1992.
that have been subjected to limitedvalidation information on individual consumers is

procedures, and the questions address gener- being acquiredand stored in various com-
al, unidimensional privacy concerns. puters.Howserious a threatto personalpri-
Nevertheless, it is expected that a strong rela- vacy is this development?" (Cambridge
tionship should exist between a subject's Reports,1989).
responses to those questions and the scale
developed in this research. To check this, Correlationsbetween each subject's response
three questions that had been used on previ-
to these questions and their overall score on
ous public opinionsurveys were includedwith
our instrumentwere .35, .36, and .46 for items
our instrument,and this combined survey was
administered to a sample of 354 U.S.-based (1), (2), and (3), respectively (p < .001 for all
members of the InformationSystems Audit three). The expected relationship between
and ControlAssociation (ISACA).16The three public opinion survey questions and the cur-
rentinstrumentwas observed.
questions were:
1. "Compared with other subjects on your
mind, how importantis personal privacy?"
(CambridgeReports, 1989). NomologicalValidity
Nomological validity refers to the extent to

2. "Howconcerned are you about threats to whichpredictionsbased on the constructbeing
your personal privacy today?" (Equifax, measured are confirmedwithina wider theo-
1990; 1991; 1992; 1993). retical context or network of constructs
(Bagozzi, 1981; Cronbach, 1971; Cronbach
3. "As computer usage increases in business and Meehl, 1955). Not often tested in IS
and the general society, more and more research (see, however, Straub, et al., 1995),
nomologicalvalidityexamines the robustness
of the constructs as they interrelatewith one
16ISACAmembers were asked to respond"as an individ-
another. To assess nomological validity, we
ual"and to give their"personalopinions."In a latersec-
results of a CFA asseSsment of
tion ("Generalizability"), considered (1) some possible antecedents that
the ISACAmembers' responses to our instrumentare might affect levels of informationprivacycon-
described. cern, (2) individualfactors that might have

InformationPrivacyInstrument
theoretical relationships to levels of concern, trust, (2) paranoia, and (3) social criticism.
and (3) some future behavioralintentionsthat Therefore,the instrumentwas administeredin
should be associated withlevels of concern. conjunction with scales measuring the sug-
gested related personalityfactors to separate
Antecedents: Two theoretically plausible
samples of undergraduatebusiness students
"causal"variables were assessed. It has been as follows:
suggested that (a) previous personal experi-
ences may impact one's concerns about infor- It is argued that cynical distrustmay be posi-
mation privacy (Culnan, 1993; Stone and
tively correlated with concern for information
Stone, 1990), and (b) media coverage may privacy in that individualswith high levels of
increase the.level of concern about information distrust may also be more concerned about
privacy(Westin, 1990). These assertions lead the use and dissemination of their personal
to a reasonable set of propositions.Itwas pro-
information.Examinationof the responses to
posed that individualswho had been exposed the "cynicaldistrust"and the "overalllevel of
to, or been the victim of, personal information
misuses should have stronger concerns concern"scales supports this contention (n =
59,18 correlation = .30,19 p< .05).
regardinginformationprivacy.To that end, 77
business graduate students from two geo-
Paranoia is a second personalitytrait argued
graphically dispersed U.S. universities were to be positively correlated with concern for
asked to complete our instrument and were
informationprivacy.Itis plausiblethat individu-
also asked to answer the followingquestions
als who are paranoidare also likelyto be more
(on seven-point Likertscales) (1) "Howoften
have you personally been the victim of what concerned about the privacyof their personal
information. When both the paranoia scale
you felt was an improperinvasion of privacy?"
and (2) "Howmuch have you heard or read (Fenigstein and Vanable, 1992) and the infor-
duringthe last year about the use and poten- mation privacy concern scale were adminis-
tial misuse of computerizedinformationabout tered to undergraduates,a significantcorrela-
consumers?"17The first question examines, to tion was observed (n = 87, correlation= .37,
some degree, the respondent's perception of p< .001).
his or her own experiences with respect to
information handling. The latter question The social criticism scale measures "the
examines the respondent's level of knowledge degree of acceptance or rejection of the val-
regardingcollection and use of personal infor- ues, norms, and practices of...society"(Jessor
mation. Results of regression analyses, with and Jessor, 1977). It is proposed that con-
overallconcern as the dependent variableand sumers who reject society's values, norms,
experience and knowledge as independent and practices would also be highlyconcerned
variables, strongly support these research about informationprivacy.Correlationalanaly-
propositions,with beta coefficients of .16 and sis of responses to the information privacy
.22, respectively(p < .01 for both). concern instrument and the social criticism
scale showed supportfor this proposition(n =
Individual Personality Factors: Prior
83, correlation = .37,20 p< .001).
research has suggested that informationpriva-
cy concerns may also be associated withvari-
ous personalityfactors (e.g., Berscheid, 1977; 18Studentsin this sample were also used in the test-retest
Cozby, 1973; Kelvin,1973; Lauferand Wolfe, reliabilityexercise (see section below). They responded
to the "cynicaldistrust"scale followingthe "retest"of the
1977; Levin and Askin, 1977; Stone, 1986; privacyconcern instrument.The reportedcorrelationuti-
Warrenand Laslett, 1977). Some factors that lizes the "test"score for the privacyconcern instrument
one might expect to be correlated with infor- (completedeightweeks earlier).
mation privacyconcerns include: (1) trust/dis- 19The correlationsin this section refer to our OVERALL
scale.
17Both of these questions were patterned after those in 20This correlationis reported as an absolute value; its
Equifax(1990). directionis consistentwiththe proposition.

Information
PrivacyInstrument
Future Behavioral Intentions: Previous InternalConsistency

research (e.g., Stone, et al., 1983) suggests
that individualswith higher levels of concern Internalconsistency examines the degree to
which the "items used to assess a construct
about information privacy practices may be
reflecta true, common score for the construct"
more likelyin the futureto refuse to participate
(Bagozzi, 1980; Barkiand Hartwick,1994). To
in activities that require the provision of per- assess internalconsistency in this research,
sonal information.They may also be more like- two measures were calculated in addition to
ly to contact official agencies or companies factorloadings:(1) composite reliability(CR)of
regarding informationpractices. To provide a the dimension measures and (2) AVE from
preliminary test of such assertions, the 77 the dimension measures. CR considers the
business graduate students from two geo- ratio of non-randomvariationassociated with
all measures of a subscale to total variationin
graphically dispersed U.S. universities (see all these measures. As shown in Table 6, CRs
"Antecedents"section above) were given, in
for the dimension measures are all quite high
additionto the informationprivacyinstrument, and well above a .6 rule of thumb of accept-
a set of six items that investigatedsuch future ability(Bagozzi and Yi, 1988).
behavioral intentions with respect to informa-
tion privacy.21The six items exhibited a high AVE, as described earlier, measures the
level of interitemreliability(Cronbach'salpha = amount of variance captured by the construct
in relationto the amount of variance attribued
.87). A mean score for the six items was corre- to measurement error. If AVE is less than .5,
lated withthe overallscale score for our instru- the variance associated with measurement
ment. The research proposition suggesting error is larger than the variance captured by
that higher levels of informationprivacy con- the construct, and the construct reliabilityis
cern willbe associated withstrongerintentions questionable.As shown in Table 6, AVEs are
to take privacy-related actions was strongly all at or above .5, which is a rule of thumbfor
supported(correlation= .33, p<.01). adequacy of this measure (Bagozzi and Yi,
1988). Thus, the measures of internalreliability
and structurefit all surpass the minimumstan-
dards of adequacy.
Reliability
The reliabilityof the instrumentwas assessed
by evaluating (1) internalconsistency and (2) Test-RetestReliability
test-retest reliability. Test-retest reliabilityexamines an instrument's
abilityto achieve stable responses froma sin-
21 Respondentswere asked how likelythey were, withinthe gle sample over time (Churchill, 1979). To
next three years, to: (1) "decidenot to apply for some- assess the test-retest reliabilityof our instru-
thing,like a job, credit,or insurance,because you do not ment, it was administered on two separate
want to providecertain kinds of informationabout your-
self,"(2) "refuseto give informationto a business or com- occasions to a single sample of undergradu-
pany because you think it is too personal," (3) "take ate business students. Specifically, 123 stu-
action to have your name removedfromdirectmail lists dents (of 186 total) responded to both the
for catalogs, products, or services," (4) "writeor call a "test"and "retest"of the instrument, which
company to complain about the way it uses personal
information," (5) "writeor call an elected officialor con-
were separated by a period of eight weeks.
sumer organizationto complainabout the way compa- Correlationsfor these repetitionsfor the four
nies use personal information," and (6) "refuseto pur- subscales ranged from.63 to .74, and the cor-
chase a productbecause you disagree with the way a relationfor the overall scale was .78 (p<.001
companyuses personal information." Each was followed
for all), which is in line with acceptable levels
by a seven-point Likertscale anchored by "verylikely"
and "veryunlikely."Some of these questions were pat- reported in prior, similar scale development
ternedafterthose in Equifax(1990). research (Bearden, et al., 1993). Test-retest
MISQuarterly/June
1996 187

PrivacyInstrument
Information
correlations for individualitems ranged from chy of concern regardingthe various dimen-
.39 to .66 (p< .001 for all). sions. It was observed that the highest levels
of concern were associated with Improper
Access and Unauthorized Secondary Use.
Lowerlevels of concern were associated with
Generalizability Collectionand Errors.Withinthese categories,
however, there seem to be some distinctions
To achieve its full usefulness, an instrument between samples (see Table 9). For example,
should be applicable to "othersubjects, other ISACA members ranked Unauthorized
groups, and other conditions"(Kerlinger,1986, Secondary Use as theirtop concern, while the
p. 299). Such a concern is includedunder the other respondents indicated more concern
rubricof "externalvalidity,"which is defined as about ImproperAccess.
"persons,settings, and times to which findings
can be generalized"(Straub 1989). While our
instrumentwas initiallybased upon inputfrom
numeroussources (as described in Stage 1), it Discussion
must also be validated with differentpopula-
tions. To achieve generalizabilityof the instru-
This study providestwo majorcontributionsto
ment, it was administered to, and validated
the privacyliterature:(1) a frameworkdescrib-
with, two diverse sample populations in addi-
tion to the sample of graduate business stu- ing the primarydimensions of individuals'con-
dents: undergraduate business students (n= cerns about organizationalinformationprivacy
186) and U.S.-based members of the ISACA practices and (2) a validated instrument for
(n= 354).22 As can be seen in Table 8, the measuring those concerns. The development
results of CFA analyses on data from these process includedexaminationsof privacyliter-
ature and U.S. laws; experience surveys and
samples supports the validityand reliabilityof
the instrument across these populations as focus groups; and the use of expert judges.
well. Specifically, the validationof the instru- The resultwas a parsimonious15-item instru-
ment across two groups as dissimilar as ment with four subscales tapping into dimen-
sions of individuals'concerns about organiza-
undergraduatestudents (who have, arguably,
a low level of understandingregardingactual tionalinformationprivacypractices.The instru-
ment was rigorously tested and validated
industry practices) and IS auditors (who,
across several heterogenous populations,pro-
arguably, should represent a populationwith
high on-the-job knowledge) stands as strong viding a high degree of confidence in the
evidence of the instrument's generalizability scales' validity,reliability,and generalizability.
(Gordon,et al., 1986). Before considering implications for
researchers and managers, two limitationsof
this study should be noted. First, all scale
Additional Findings development processes require a number of
"judgmentcalls"by researchers based on their
The relationshipsbetween the subscales and analysis of the literature;on inputfrom experi-
individuals'response patternsseem to provide ence surveys, focus groups, and expert
additionalinsights into the underlyingnatureof judges; and on levels of acceptabilityfor vari-
the informationprivacy concern construct. As ous statistical measures. In particular,based
can be seen in Table 9, there may be a hierar- on inputfrom various sources, we concluded
that one of the dimensions, CombiningData,
was actually represented by two of the other
22The ISACAsample was also utilizedfor some tests of
nomologicalvalidity;this student sample was also uti-
dimensions, Unauthorized Secondary Use
lized for the "test-retest"evaluationand for one test of (External)and Collection.We also concluded
nomological validity(correlationwith "cynicaldistrust") that Reduced Judgmentwas not a part of the
(see Tables 3a and 3b). major "individuals'concerns about organiza-
1996

Information
PrivacyInstrument
Table 8. LISRELResults for Generalizability
Undergraduate Business
Students
Factor Item (n=186) IS Auditors (n=354)
SFL CR AVE SFL CR AVE
Collection A .675 .759
E .559 .772
J .941 .878
0 .689 .667
.81 .53 .86 .60
Errors B .647 .637
F .841 .864
H .698 .775
L .857 .890
.85 .59 .87 .64
UnauthorizedSecondary Use C .691 .
.733 r\ r
G .636 .726
K .671 .693
M .898 .838
.82 .54 .84 .56
ImproperAccess D .691 .785
.754 .598
N .877 .880
.82 .65 .80 .58
Chi-Square 139 (84) 330 (84)
NCNFI .96 .91
RMR's .063 .074
Coeff. Determ. .998 .998
Legend: SFL = StandardizedFactorLoading
CR = Composite Reliability
AVE= Average VarianceExtracted
NCNFI= Non-centralizedNormedFitIndex
RMR= Root Mean-squaredResidual
Table 9. Subscales
Mean (S.D.)
Mean (S.D.) for Mean (S.D.)
for MBAs Undergraduates for ISACAMembers
Subscale (n = 146) (n = 183) (n = 337)
Collection 5.28 (1.19) 5.11 (1.04) 5.45 (1.16)
Errors 5.36 (1.06) 5.57 (.99) 5.46(1.11)
Unauthorized
Secondary Use 5.77 (1.22) 5.74 (1.14) 6.15 (1.07)
ImproperAccess 6.10 (.89) 5.83 (1.01) 5.90 (1.01)
OVERALL 5.63 (.78) 5.56 (.83) 5.74 (.86)
Largermeans are associated withhigherlevels of concern (see Table 1.).

Information
PrivacyInstrument
tional informationprivacy practices"construct. Theoretical models (see Stone and Stone,

Both of these assessments appear to be con- 1990) often posit theoreticalrelationshipsthat
sistent withthe majorityviews of scholars, con- includeprivacyconcern as one of the model's
sumers, and advocates, and the four-dimen- constructs. With respect to factors that may
sion model of the construct seems to reflect impactlevels of concern, it has been suggest-
current thinking. We acknowledge, however, ed that concerns may be context-sensitive
that this dimensionalityis neitherabsolute nor based on either the type of informationbeing
static, since perceptions of advocates, con- managed (Culnan, 1993; Stone and Stone,
sumers, and scholars could shift over time. 1990) or the type of organizationcollectingand
Thus, the instrument should be viewed as storingthe data (Stone, et al., 1983). Concerns
may also be associated with numerous per-
measuring the most central dimensions of the
constructat this time. Futureresearch endeav- sonality factors and demographic data (see
review in Stone and Stone, 1990). Further,
ors might consider any changes in these some public opinion survey findings (Equifax,
dimensions that may occur.
1990) suggest that levels of concern on some
subscales may be lowerfor professionals with
Second, while we made a concerted effortto
day-to-dayexposure to informationprocessing
validatethe instrumentin a nomologicalmodel activities.
of antecedents, individual personality vari-
ables, privacyconcerns, and futurebehavioral There may also be factors that are impacted
intentions (Stage 3), it should be noted that by levels of concern. It has been asserted that
this nomological model is not purportedto be individuals may take a variety of different
an exhaustive one, nor did we test it in an actions based on their levels of concern, such
experimental,causal context. Indeed, theories as "optingout" of various activities (Culnan,
regardingthe interrelationshipsbetween priva- 1993; Stone and Stone, 1990). Furthermore,
cy concerns and other constructs are not fully perceptions of organizationalprivacy policies
and practices may be related to levels of
developed in the literatureat present, and the
creationof a fullmodel is a task appropriatefor employee concern (Smith, et al., 1995), and
a subsequent study. Furthermore,because of levels of concern may also be associated with
differentculturalvalues and regulatorystruc-
the constraints of time and length associated
tures in various countries (Milberg, et al.,
with administrationof writtensurveys, we were
unable to test all the antecedents, personality 1995). It is clear that a significant research
stream could emerge from empiricaltests of
variables, and behavioralintentionswith a sin- the relationships between the antecedents,
gle sample. Despite these limitations,this work associated factors, levels of concern, and out-
has significant implications for both comes.
researchers and managers. We examine each
in the followingsections. As suggested by the discussion in the previ-
ous paragraph,most of this instrument'suse-
fulness will come from its applicationin posi-
tivist research-in particular,the development
forresearchers
Implications and testing of theories that take the form of
independent and dependent variables (Lee,
Likemany other areas withinthe IS domain,lit-
1991). But the instrumentmay also assist a
tle attention has been paid to instrumentation researcher in conductinginterpretiveresearch
issues in privacyresearch. Now, witha validat- on what the meaning of informationprivacyis
ed instrumentfor measuring individuals'con- for the individualsthemselves in an organiza-
cerns about organizationalinformationprivacy tion, apartfromor priorto whatevera positivist
practices, researchers can undertake studies theory would define it to be (Lee, 1991). Full
to carefullyexamine the linksbetween relevant understanding of a phenomenon is best
privacy-related variables, privacy concerns, achieved not through any singularity in
and outcomes of those concerns. approach, but rather,through iterativecycles
1996

Information
PrivacyInstrument
of positivist and interpretive research (Lee, cal approaches are being adopted for tracking
1991).23 To the extent that researchers con- purposes. Itis acknowledgedthat IS managers
firm some of the theoretical linkages in posi- and executives willseldom be in a position to
tivist approaches (e.g., by showing that indi- unilaterallycorrect all the organizationalprob-
viduals exhibit higher levels of concern when lems in these domains since they are likelyto
stimulus materials promptthem to thinkabout involvesome degree of existing organizational
medical data ratherthan financialdata), these policy. Changing existing policy will demand
findings may then feed back to interpretive attention from general managers at a senior
studies (e.g., field studies that examine differ- level. However, IS professionals can be
ent approaches to managing medical data and aggressive in challenging organizationalpoli-
managers' perceptions of differingresponsibil- cies for sharing personal data with outside
ity levels). organizations, and they may insist on tighter
interpretations of the "need to know"when
As privacy increases in importance, it
organizational policies regarding access are
behooves the IS research communityto care- constructed.
fully consider the complexity of individuals'
concerns, the factors that may cause By taking a proactive stance in managing
increased levels of concern, and the outcomes these dimensions of concern, IS managers
of those concerns. The instrumentdeveloped and executives may reduce the probabilitythat
in this study should enable futurework in this onerous regulatory options will be pursued
importantarea. (see Milberg, et al., 1995; Smith, 1994).
Research has shown that increased concerns
about informationprivacyare associated with
formanagers increased levels of governmentalinvolvement
Implications in organizational privacy management
This study, which identified the most central (Milberg,et al., 1995), but so far, managers
have been primarilyreactive in addressing
dimensions of individuals' concerns about
informationprivacy concerns (Smith, 1994).
organizational informationprivacy practices,
can serve as the first step on a path of proac- Managers should be alert to the value-laden
tive management. By carefully considering choices that are made by systems designers
theirown organizations'approaches to the four and implementers (Kling, 1978; Mowshowitz,
major dimensions of concern-Collection, 1976), because these choices can ultimately
Errors, Unauthorized Secondary Use, and impactthe privacydomainand reactionsthere-
to. This study, along with future research
Improper Access-managers can identify
underlying problems and take corrective addressing the antecedents and conse-
actions as appropriate.Table 10 contains a set quences of various concerns, may allow man-
of possible recommendations that might be agers to evaluate specific situationalcontexts
embracedfor each of the dimensions. and manage responses to informationman-
agement practices, thus avoiding costly con-
As an example, IS professionals can address sumer and/orregulatorybacklashes.
secondary use issues by identifyingthe sec-
ondary uses of data withintheir organizations
and ensuring that the appropriatetechnologi-
Acknowledgements
23 f course, the choice of researchapproach(es)is
highly The three authors contributedequally on this
contextualand depends on the type of researchquestion research. We gratefullyacknowledge several
being asked (Yin,1988), the findingsfrompreviousstud- individualsfor their assistance in administering
ies (Bonoma, 1985), and the levels of understanding
regardingthe phenomenonof interest (Lee, 1.991).See
versions of the survey instrument:Tom Cooke,
Bonoma (1985), Lee (1991), Orlikowskiand Baroudi Elizabeth Cooper-Martin, Mary Culnan, Bill
(1991), and Yin (1988) for a broaddiscussionof the rela- DeLone, Mark Keil, Mike McCarthy, Keri
tionshipsbetween researchapproaches. Pearlson, Craig Smith, Bob Thomas, Suzie

Information
PrivacyInstrument
Table 10. Recommendations to IS Community

Area of Recommended Actions Within Recommended Actions in Broader
Concern IS Domain Organizational Domain
Improper * Implementtechnologicalcontrolson * Lobbyfor organizationalaccess
Access access to systems policieswitha tightdefinitionof
* Ensurethat applicationsare designed "needto know"
so that access can be restrictedto * Challengeliberalinterpretationsof
narrowestdomains possible "needto know"
Unauthorized
Secondary Use * Ensurethat all internaluses of * Lobbyforclear organizationalpolicies
personal data can be tracked on "intendeduse"for personaldata
* Refuse to release personaldata to * Challengeinternaluses of personal
outside entitieswithoutexplicitsenior data that are outside "intendeduse"
managementapproyal boundaries
* Lobbyfor organizationalpolicies
restrictingoutside sharingof
personaldata
Errors * Ensurethat applicationsare designed * Identifytradeoffsregardingerror
withappropriateedit techniques controlsto senior management;
ensure informeddecision making
Collection * Practiceparsimoniousdatabase design * Challengeexcessive collectionof
personaldata withinorganization
* Lobbyfor organizationalpolicythat
limitsdata collectionto minimallevels
requiredfor business
Weisband,and BerryWilson.We also acknowl- Bagozzi, R. P. Causal Modelingin Marketing,
edge with gratitudethe organizationsthat sup- John Wileyand Sons, New York,1980.
portedthis survey research,includingan anony- Bagozzi, R. P. "AnExaminationof the Validity
mous bank, two anonymous insurance organi- of Two Models of Attitude," Multivariate
zations, an anonymous credit card issuer, the Behavioral Research, July 1981, pp. 323-
Information Systems Audit and Control 359.
Association (ISACA), and the Georgetown
Bagozzi, R. P. "A Holistic Methodology for
University Center for Business-Government to
Relations. Ernest Kallman is especially Modeling Consumer Response
Innovation," Operations Research, January-
acknowledgedfor his assistance in much of the
data collection. We also appreciate the data February1983, pp. 128-176.
entry help provided by Emmy Curtis, Debra Bagozzi, R.P. "Assessing ConstructValidityin
Miller,and ShirmelRichards.MaryCulnanpro- Personality Research: Applications to
vided helpfulcomments on an earlierversionof Measures of Self-Esteem," Journal of
this paper. We also gratefullyacknowledgethe Research in Personality (27:1), March
senior editor, associate editor,and five anony- 1993, pp. 49-87.
mous referees for their insightfulcomments on Bagozzi, R. P. and Phillips,L. W. "Represent-
an earlierdraft. ing and Testing OrganizationalTheories: A
HolisticConstrual,"AdministrativeScience
Quarterly(27:3), 1982, pp. 459-489.
References Bagozzi, R. P. and Yi, Y. "Onthe Evaluationof
ACM (Association for ComputingMachinery). StructuralEquationModels,"Journalof the
"Code of Ethics," Communications of the Academy of MarketingScience (16), Spring
ACM(23:7), July 1980, p. 425. 1988.
1996

Information
PrivacyInstrument
Bagozzi, R. P. and Yi, Y. "Multitrait-Multi- Cote, J. A. and Buckley,M. R. "Measurement

method Matrices in Consumer Research," Error and Theory Testing in Consumer
Journal of Consumer Research (17:4), Research: An Illustrationof the Importance
March1991, pp. 426-439. of Construct Validation" Journal of
Barki, H. and Hartwick,J. "MeasuringUser ConsumerResearch (14), March1987, pp.
Participation,User Involvement,and User 579-582.
Attitude,"MISQuarterly(18:1), March1994, Cozby, P.C. "Self-disclosure: A Literature
pp. 59-82. Review," Psychological Bulletin (79:2),
Bearden, W. O., Netemeyer, R. G. and February1973, pp. 73-91.
Mobley, M. F. Handbook of Marketing Cronbach, L. "Test Validation"in Educational
Scales, Sage Publications, Newbury Park, Measurement(2nd edition),R. L. Thorndike
CA, 1993, pp. 3-8. (ed.), American Council on Education,
Bennett, C. J. Regulating Privacy: Data Washington,D.C., 1971, pp. 443-507.
Protectionand Public Policy in Europe and Cronbach, L. J. and Meehl, P. E. "Construct
the UnitedStates, CornellUniversityPress, Validity in Psychological Tests,"
Ithaca,NY, 1992. PsychologicalBulletin(52:4), July 1955, pp.
Bentler, P. M. "Comparative Fit Indexes in 281-302.
StructuralModels," Psychological Bulletin Culnan,M.J. "'HowDidThey Get My Name?':
An ExploratoryInvestigationof Consumer
(107:2), 1990, pp. 238-246.
Attitudes Toward Secondary Information
Bentler, P. M. and Bonett, D. "Significance
Tests and Goodness of Fit in the Analysis Use," MIS Quarterly (17:3), September
of Covariance Structures," Psychological 1993, pp. 341-363.
Bulletin (88:3), November 1980, pp. 588- Cyert, R. M. and March,J. G. A Behavioral
606. Theory of the Firm, Prentice Hall, New
York,1963.
Berscheid, E. "Privacy:A Hidden Variable in
Date, C.J. An Introduction to Database
ExperimentalSocial Psychology," Journal
of Social Issues (33:3), 1977, pp. 85-101. Systems (4th ed.), Addison-Wesley
PublishingCompany,Reading,MA,1986.
Bonoma, T. V. "Case Research in Marketing:
Equifax Inc. The Equifax Report on
Opportunities, Problems, and a Process," Consumers in the InformationAge, 1990.
Journal of MarketingResearch (XXII),May Also Harris-Equifax Consumer Privacy
1985, pp. 199-208.
Survey 1991, Harris-Equifax Consumer
Cambridge Reports. "Technology and Privacy Survey 1992, and Harris-Equifax
Consumers: Jobs, Education, Privacy," Health InformationPrivacy Survey 1993.
Bulletin on Consumer Opinion no. 157,
EquifaxInc.,Atlanta,GA.
Cambridge,MA1989. Fenigstein, A. and Vanable, P. A. "Paranoia
Campbell,D. T. and Fiske, D. W. "Convergent and Self-Consciousness," Journal of
and DiscriminantValidation by the Multi- Personality and Social Psychology (62:1),
trait-Multimethod Matrix,"Psychological January1992, pp. 129-138.
Bulletin(56:2), March1959, pp. 81-105. Fornell, C. and Larcker, D. F. "Evaluating
Cespedes, F. V. and Smith, H. J. "Database Structural Equation Models with
Marketing: New Rules for Policy and UnobservableVariablesand Measurement
Practice,"Sloan ManagementReview (34), Error,"Journalof MarketingResearch (18),
Summer 1993, pp. 7-22. February1981, pp. 39-50.
Churchill, G. "A Paradigm for Developing Gordon, M.E., Slade, L.A., and Schmitt, N.
Better Measures of MarketingConstructs," 'The 'Science of the Sophomore'Revisited:
Journal of Marketing Research (XVI), From Conjectureto Empiricism," Academy
February1979, pp. 64-73. of Management Review (11:1), 1986, pp.
Cook, T.D. and Campbell, D. T. Quasi-experi- 191-207.
mentation:Design and Analysis Issues for HEW(U.S. Departmentof Health, Education,
Field Settings, Rand McNally, Chicago, and Welfare).Records, Computers,and the
1979. Rightsof Citizens:Reportof the Secretary's
MISQuarterly/June
1996 193

Information
PrivacyInstrument
Advisory Committee on Automated Lee, A. S. "Integrating Positivist and

Personal Data Systems, U.S. Government InterpretiveApproaches to Organizational
PrintingOffice,Washington,D.C., 1973. Research," Organizational Science (2:4),
Jarvenpaa, S. L., Dickson, G. W., and 1991, pp. 342-365.
DeSanctis, G. "Methodological Issues in Levin, H.A. and Askin, F. "Privacy in the
Experimental IS Research: Experiences Courts:Law and Social Reality,"Joural of
and Recommendations," MIS Quarterly Social Issues(33:3), 1977, pp. 138-153.
(9:2), June 1985, pp. 141-156. Linowes, D. F. Privacy in America: Is Your
Jessor, R. and Jessor, S. Problem Behavior PrivateLifein the PublicEye? Universityof
and Psychosocial Development, Academic IllinoisPress, Urbana,IL,1989.
Press, New York, 1977, pp. 234-235, as Mason, R. O. "Four Ethical Issues of the
reproducedin Measures of Personalityand Information Age," MIS Quarterly (10:1),
Social Psychological Attitudes, J. P. March1986, pp. 4-12.
Robinson, P. R. Shaver, and L. S. McDonald,R. P. and Marsh,H. W. "Choosing
a Multivariate Model: Noncentrality and
Wrightsman (eds.), Academic Press, San
Goodness of Fit," Psychological Bulletin
Diego, 1991, pp. 355-358.
Joreskog, K. and Sorbom, D. LISREL VI: (107:2), March1990, pp. 247-255.
Analysis of Linear StructuralRelationships Milberg,S. J., Burke, S. J., Smith, H. J., and
by the Maximum Likelihood and Least Kallman,E. A. "Values,PersonalInformation
Squares Methods, Scientific Software, Privacy Concerns, and Regulatory
Mooresville,IN, 1984. Approaches,"Communicationsof the ACM
Katz,J. E. and Tassone, A. R. "PublicOpinion (38:12),December1995, pp. 65-74.
Trends: Privacy and Information Miller,A. "Computersand Privacy,"in Ethics
and the Management of Computer
Technology,"Public OpinionQuarterly(54),
Technology, W. M. Hoffman, and J. M.
Spring 1990, pp. 125-143. Moore (eds.), Oelgeschlager, Gunn, and
Kelvin,P. "ASocio-psychological Examination HainPublishers,Inc.,Cambridge,MA,1982.
of Privacy,"BritishJoural of Social Clinical
Mowshowitz, A. The Conquest of Will,
Psychology (12:3), September 1973, pp. Addison-Wesley,Reading,MA,1976.
248-261.
Orlikowski,W. J. and Baroudi,J. J. "Studying
Kerlinger, F. N. Foundations of Behavioral InformationTechnology in Organizations:
Research (3rd ed.), Holt, Rinehart, and Research Approaches and Assumptions,"
Winston,New York,1986, pp. 477-483. InformationSystems Research (2:1), 1991,
Kling,R. "ValueConflicts and Social Choices pp. 1-28.
in Electronic Funds Transfer Systems PPSC (PrivacyProtectionStudy Commission).
Developments," Communications of the Personal Privacyin an InformationSociety:
ACM(21:8), August 1978, pp. 642-657. Report of the Privacy Protection Study
Ladd, J. "Computerand MoralResponsibility: Commission, U.S. Government Printing
A Frameworkfor Ethical Analysis,"in The Office,Washington,D.C., 1977.
Information Web: Ethical and Social Smith, H. J. Managing Privacy: Information
Implications of Computer Networking, C. Technology and OrganizationalAmerica,
Gould (ed.), Westview Press, Boulder,CO, Universityof NorthCarolinaPress, Chapel
1989. Hill,NC, 1994.
Laudon, K.C. Dossier Society: Value Choices Smith,H. J., Milberg,S. J., and Kallman,E. A.
in the Design of National Information "Privacy Practices Around the World: An
Systems, Columbia UniversityPress, New Empirical Study,"workingpaper,Georgetown
York,1986. University,Washington,D.C., 1995.
Laufer, R.S. and Wolfe, M. "Privacy as a Stone, D. L. "RelationshipBetween Introver-
Concept and a Social Issue: A sion/Extraversion,Values Regarding Con-
MultidimensionalDevelopmental Theory," trol Over Information,and Perceptions of
Journal of Social Issues (33:3), 1977, pp. Invasionof Privacy,"Perceptualand Motor
22-41. Skills(62:2), April,1986, pp. 371-376.
1996

Information
PrivacyInstrument
Stone, E. F. and Stone, D. L. "Privacy in About the Authors

Organizations: Theoretical Issues,
Research Findings, and Protection H. Jeff Smith is associate professor,School of
Mechanisms," in Research in Personnel Business, Georgetown University,
and HumanResources Management(8), K.
Washington, D.C. He holds B.S. degrees in
M. Rowland and G. R. Ferris (eds.), JAI
computerscience and mathematicsfromNorth
Press, Greenwich,CT, 1990, pp. 349-411. Carolina State University;an M.B.A. degree
Stone, E. F., Gardner, D. G., Gueutal, H. G.,
fromthe Universityof NorthCarolinaat Chapel
and McClure, S. "A Field Experiment
Hill; and a D.B.A. degree from Harvard
Comparing Information-Privacy Values,
Beliefs, and AttitudesAcross Several Types University.His research focuses on the social
of Organizations," Journal of Applied issues created by the use of emerging tech-
Psychology (68:3), August 1983, pp. 459- nologies. His research has been published in
468. Communications of the ACM and Sloan
Straub, D. W. "ValidatingInstrumentsin MIS Management Review. He is the author of
Research," MIS Quarterly (13:2), June Managing Privacy: Information Technology
1989, pp. 146-169. and Corporate America, published by the
Straub, D. W., Jr. and Collins, R. W. "Key Universityof NorthCarolinaPress.
Information Liability Issues Facing
Managers: Software Piracy, Proprietary Sandra J. Milberg is assistant professor,
Databases, and Individual Rights to School of Business, Georgetown University,
Privacy,"MIS Quarterly(14:2), June 1990, Washington,D.C. She holds a B.A. degree in
pp. 142-156. sociology from Washington University, St.
Straub, D.W., Limayem, M., and Karahanna, Louis; an M.S. degree in marketing from
E. "MeasuringSystem Usage: Implications Carnegie MellonUniversity,Pittsburgh;and a
for IS Theory Testing," Management Ph.D. degree in business administrationfrom
Science (41:8), August 1995, pp. 1328- the University of Pittsburgh. Her research
1342. focuses on consumer privacy issues, brand
Tolchinsky, P.D., McCuddy,M.K.,Adams, J., equity, and the roles of affect and cognitionin
Ganster, D.C., Woodman, R.W., and attitude formation and choice behavior. Her
Fromkin, H.L. "Employee Perceptions of research has been published in
Invasion of Privacy: A Field Simulation Communications of the ACM, Journal of
Experiment,"Journalof AppliedPsychology Consumer Research, Journal of Personality
(66:3), June 1981, pp. 308-313. and Social Psychology, and Journal of
Warren, C. and Laslett, B. "Privacy and
ExperimentalSocial Psychology.
Secrecy: A Conceptual Comparison,"
Journal of Social Issues (33:3), 1977, pp. Sandra J. Burke is assistant professor,
43-51. School of Business, Georgetown University,
Westin, A. F. Privacyand Freedom,Atheneum
Washington,D.C. She holds a B.A. degree in
Publishers,New York,1967. economics from Michigan State University,
Westin, A.F. "ConsumerPrivacyIssues in the
and M.B.A and Ph.D. degrees in marketing
Nineties," in The Equifax Report on
Consumers in the InformationAge, Equifax fromThe Universityof Michigan.Her research
focuses on ethical/privacyissues in marketing,
Inc.,Atlanta,GA, 1990, pp. XVIII-XXVIII.
Westin, A. F. and Baker, M. A. Databanksin a consumer informationprocessing and decision
Free Society, Quadrangle Books, New making,and consumer inference use and for-
York,1972. mation. Her research has been published in
Yin, R. K. Case Study Research: Design and Communications of the ACM, Advances in
Methods, Sage Publications,Beverly Hills, Consumer Research, and Journal of
CA, 1988. BehavioralDecision Making.
MISQuarterly/June
1996 195

Information
PrivacyInstrument
Appendix
ConfirmatoryFactorAnalysis
Because an a priorihypothesis is tested, CFA has several advantages over traditionalmethods of
scale validation(Bagozzi, 1983). CFA(1) providesexplicitmeasures to assess constructvalidityand to
correct for the unreliabilityof measures that can contaminate theoretical relations, (2) represents
explicitlythe extent of measurementerror,and (3) overcomes the fundamentalindeterminacy(problem
of non-unique solutions) of exploratory factor analysis. To be more specific, in models where
sequences of relationshipsoccur, it is importantto explicitlyrepresent and controlfor systematic and
randomerrorsin measurement. Failureto do so can lead to biased and inconsistentestimates of para-
meters. Furthermore,most proceduresthat employthe measurementsobtainedfromscale administra-
tions (e.g., correlations,regression, ANOVA)implicitlyassume the absence of randomand systematic
errors in observations. Yet, when Cote and Buckley (1987) applied CFA techniques to 70 published
data sets, they found that measurementerror,on average, accounted for 32 percent of total variance.
CFA goes beyond traditionalvalidation methods, in that theoretical concepts, non-observational
hypotheses, and errorsare explicitlyassessed.
Furthermore,while obliqueor orthogonalexploratoryfactoranalyses are traditionallyused in scale vali-
dation, neitherprocedureyields a uniquesolutionin a statisticalsense. Once a set of factors is found,
an infinitenumberof other equallyacceptable factorscan be formedas non-singularlineartransforma-
tions of the firstset (Bagozzi, 1983). Again, if the researcherattemptsto interpretthe factors, use the
loadings for furtheranalysis, or compute scores to test hypotheses, this implicitnon-uniqueness can
cause problems.CFAyields a uniquesolutionon an a prioribasis. A researcherhypothesizes a model
and then tests the goodness-of-fitof the model on a particularset of data. In addition,CFA is used to
assess the overall fit of this model versus the fit with other models reflectingalternativeunderlying
structuresof this constructto assess validity.
1996


Management Information Systems Research Center, University of Minnesota

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Management Information Systems Research Center, University of Minnesota

Uploaded by

Copyright:

Available Formats

Information Privacy: Measuring Individuals' Concerns about Organizational Practices

Author(s): H. Jeff Smith, Sandra J. Milberg and Sandra J. Burke

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

tionage. Publicopinionpolls show risinglevels

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Informationprivacy-"the abilityof the individ- Culnan (1993) tested an exploratory model

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

promote cooperative research efforts by "allow- concerns.4 Furthermore,while other studies

4 For example, a commonly used public opinion survey

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 1. Final Instrument

Here are some statements about personal information.Fromthe standpointof personalprivacy,

A. Itusuallybothers me when companies ask me for personalinformation.

ItemsA, E, J, and 0 comprisethe "Collection" subscale; items B, F, H, and L comprisethe "Errors"

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

reducedjudgmentin decision makingand com- use of personalinformationwillvery often elicit

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Dimension Description of Concern MajorLiteratureReferences*

* Not an exhaustive list. Items in this columnshould be viewed as representative.

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

and Stone (1990) discuss the "subsequentdis- vacy-relatedconcerns involveinstead acciden-

MIS Quarterly/June 1996 173

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

AmericanExpress once issued a Gold Cardto to measure individuals'concerns about orga-

Techniques9 used to accomplish these tasks

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Assess contentvalidity Expertjudges

Assess reliability factoranalysis

Source: AdaptedfromBagozzi (1980), Bearden,et al. (1993), Churchill(1979), and Straub(1989).

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

tests." A preliminaryversion of the instrument starting point in determiningthe central and

Instrumentvalidationresults- To establish content validityof the scale items

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 3a. Samples

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 3b. Procedures and Results

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 3b. continued

items, all loaded

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

sure (Cronbach, 1971; Straub, 1989)), we as an outcome of Collectionand Unauthorized

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 4. Comparison of Four Models

* p<.001 for all models tested.

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

InternalValidity the hypothesized model as comparedto a null

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 5. Final Instrument-Factor Analysis

vergence implies that all within-constructcor- Thus, to furtherassess convergentvalidity,the

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

amountof variancedue to measurementerror.) if the test is shown to correlatewithsome use-

Chi-Square 174 (84)

Legend: SFL = StandardizedFactorLoading

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Table 7. Factor Intercorrelationsof Four-FactorModel

Allfactorintercorrelationsare significantlydifferentfromzero (p<.05) and one (p<.05).

that have been subjected to limitedvalidation information on individual consumers is

Nomological validity refers to the extent to

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

Future Behavioral Intentions: Previous InternalConsistency

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM

This content downloaded from 195.78.108.129 on Fri, 9 May 2014 16:34:16 PM