Professional Documents
Culture Documents
Purpose – Customer privacy and security are major concerns. Online firms worldwide collect customer
data for various reasons. The aim of this study is to investigate factors that motivate as well as hinder a
customer’s willingness to disclose personal information to online firms on e-commerce websites.
Design/methodology/approach – Based on an extensive literature review, three sets of factors have
been identified. These sets of factors are: privacy concern, perceived disclosure benefits, and privacy
assurances. It is hypothesized that privacy concerns negatively affect the disclosure of personal
information, while the perceived benefits of disclosure have positive effects. Privacy assurances
would positively affect information disclosure and attenuate the negative effect of privacy concerns
on the disclosure of personal information. We gathered data from 253 online customers in Saudi
Arabia.
Findings – The results indicate that perceived disclosure benefits and privacy concerns have a
significant positive and negative relationship, respectively, with willingness to disclose personal
information online. Privacy assurances had neither a direct nor a moderating effect on information
disclosure.
Research implications – The findings will inform online firms about the factors that prevent or
motivate customers to disclose personal information.
Originality/value –The effect of privacy concerns and benefits on personal information disclosure are
not fully understood in Saudi Arabia. This study reveals more insights into the specific factors that make
online customers reluctant or motivated to disclose their personal information.
Introduction
With the technological advancement of information and communication technology, the growth rates
of electronic commerce and services have been increasing exponentially. A major reason for this growth
is the reliance of both customers and firms on electronic channels. In general, customers use the Internet
for shopping, and firms use it for selling goods and services online. When customers use Internet
channels, online firms collect extensive personal information, including addresses, phone numbers, age,
marital status, and credit card information, among others. The online firms or companies use the Internet
not only for buying and selling but also for providing online services. The terms online firm, online
company and e-commerce company are used interchangeably in this study. Online firms claim that they
use customer information to personalize their offerings and services to ensure that customers enjoy
better services in future purchases. However, this is not always the case; sometimes customer
information is subjected to opportunistic behavior. Online firms, without customer consent, could use
personal information for advertisement or sell the information to a third party, thereby, making
customers very concerned about their privacy. Such a concern reduces customer willingness to share
personal information with online firms (Lowry et al., 2012). However, although customers express
concerns about their privacy, they still share their personal information to gain certain benefits from
online firms.
At the same time, businesses do attempt to protect the privacy of their customers and apply privacy
assurance mechanisms that are part of industry self-regulation and government regulations (Xu et al.,
2011). Included in such regulation is the privacy assurance mechanism that firms will request consent
from their customers prior to sharing their personal information. Through this, customers have control
over sharing or disclosing their information. Privacy assurance mechanisms reduce customer concerns,
put them at ease, and increase their level of comfort in disclosing personal information.
Theoretical Foundation
Numerous studies have discussed the privacy concern and benefits issue, and their relationship with
information disclosure using privacy calculus theory (Culnan and Armstrong, 1999; Dinev and Hart,
2006; Laufer and Wolfe, 1977; Xu et al., 2009). This theory suggests that people’s intention to disclose
personal information is based on a calculus of behavior where a trade-off takes place between the
expected risks and benefits of disclosing personal information. In the context of e-commerce, the
privacy calculus means that customers perform a risk-benefit analysis and evaluate the consequences
of disclosing personal information (Dinev et al., 2006). Using this concept, Culnan and Armstrong
(1999) studied the relationship between information disclosure and the existence of procedural fairness.
In other words, customers disclose personal information if there is a fair procedure to protect their
information. Xu et al. (2009) studied the relationship between information disclosure in location-based
services (LBS) and privacy concern using the privacy calculus theory. They found that financial
compensation encouraged consumers to disclose their personal information. Xu et al. (2013) studied
the factors affecting information disclosure in the context of social networking sites using the privacy
calculus and the theory of planned behavior (TPB). Malhotra et al. (2004) used theory of reasoned
action (TRA) to propose a causal model based on the trust-risk framework; according to this causal
model, the presence of trust and risk beliefs can mediate the impact of privacy concern on behavioral
intention to disclose personal information. Another study by Gurung and Raja (2016) used the TRA and
TPB to study the privacy and security concerns in the e-commerce context and how it affects individual
behavioral intention. Many other studies in the area of online privacy concern have used the privacy
calculus, the TRA, and/or the TPB (Li, 2012; Smith et al., 2011; Li, 2011).
Another important theory used in the context of information disclosure is the protection motivation
theory (Rogers, 1975). According to this theory, people act to protect themselves based on three factors:
Privacy concern
Privacy concern is defined as the degree to which an individual is concerned about the collection and
use of his/her personal information (Hong and Thong, 2013). It also refers to customer concern about
threats to information privacy (Xu et al., 2013). Various studies have addressed the effect of privacy
concern on willingness to disclose personal information. For example, users with high levels of privacy
concern may be inclined to submit false information (Gross and Acquisti, 2005). Sheehan (1999) found
that as privacy concern increased, customers were more reluctant to register on websites asking for
personal information. Mothersbaugh et al. (2012) also studied the relationship between privacy concern
and willingness to disclose personal information. They found that privacy concern had a strong negative
effect on willingness to disclose sensitive personal information. Moreover, Zorotheos and Kafeza
(2009) found that privacy concern had a direct negative effect on the willingness to transact on the
Internet.
Privacy concern is a multidimensional construct that can be defined in terms of four dimensions:
collection, error, improper access, and unauthorized secondary use (Smith et al., 1996). In many cases,
online firms collect information about their customers. Customers then worry about such practices
because they are unsure how the collected information will be used. Customers usually are highly
concerned if their information is collected without consent and used for other purposes (i.e., secondary
use) such as promotion or selling to a third party. Many customers are also concerned about the accuracy
and currency of their information stored in the database of online firms. Information is dynamic by
nature; customer data may change over time such as mail address, marital status, preferences, and
education level. In order to understand the specific impact of the dimensions of privacy concern, we
postulate a hypothesis for each.
H1: Privacy concern (collection) has a negative effect on customers’ willingness to provide personal
information.
H2: Privacy concern (error) has a negative effect on customers’ willingness to provide personal
information.
H3: Privacy concern (improper access) has a negative effect on customers’ willingness to provide
personal information.
Privacy assurance
In this study, privacy assurances refer to mechanisms that protect the personal information the
customers provide to online firms. Customers have confidence in websites that offer assurances about
protecting their personal information, thereby increasing their willingness to disclose their information.
In the context of information disclosure, customers assess the situation at the moment of disclosing their
personal information and try to strike a balance between the expected risks they might face and the
perceived privacy assurance that the website offers. This tradeoff between the expected risks and the
perceived privacy assurance is the risk-calculus or net privacy risk (Li, 2012).
The literature describes three privacy assurance mechanisms (Xu, 2010). These are individual,
institutional, and privacy-enhancing technology. Individual privacy assurance mechanisms include self-
efficacy and perceived privacy control. Perceived privacy control refers to “an individual’s beliefs in
his/her ability to manage the release and dissemination of personal information” (Xu et al., 2011, p.804).
This is stated in the literature as having a significant effect on reducing privacy concerns and increasing
willingness to disclose personal information (Xu et al., 2013). For example, an individual may opt out
of the use of her/his personal information in marketing campaigns like advertising or sales promotions
(Mothersbaugh et al., 2012). Dinev and Hart (2003) found that perceived control over personal
information positively affects Internet use. In line with the TPB, research shows that perceived control
affects the behavioral intention, which, in our case, is the willingness to disclose personal information
(Ajzen, 2002; Chen et al., 2009). Hence, we hypothesize the following:
H5a. Privacy control has a positive effect on customers’ willingness to disclose personal information.
H5b1. Privacy control reduces the negative impact of privacy concern (collection) on customers’
willingness to disclose personal information.
H5b2. Privacy control reduces the negative impact of privacy concern (error) on customers’ willingness
to disclose personal information.
H5b3. Privacy control reduces the negative impact of privacy concern (improper access) on customers’
willingness to disclose personal information.
H5b4. Privacy control reduces the negative impact of privacy concern (unauthorized secondary use) on
customers’ willingness to disclose personal information.
Institutional privacy assurance refers to the mechanism that a particular institutional entity (e.g.,
company, government, or industry) offers to ensure that the customer’s personal information is
Research Methodology
Survey development
The survey instrument was developed based on previous literature. All measures were adapted from
previous studies to fit the context of the present study. The measures for privacy concerns were taken
from Malhorta et al. (2004). The measures of privacy assurance were taken, with slight modification,
from Xu et al. (2013) and Xu (2013). The measures of perceived benefits were taken from Chiu et al.
(2014) and Xu et al. (2009). The measures of willingness to disclose personal information were taken
from Malhotra et al. (2004) and Raschke et al. (2014). All survey items were measured on a five-point
Likert-type scale, where “1=Strongly Disagree,” “2=Disagree,” “3=Somewhat Disagree,” “4=Neutral,”
“5=Somewhat Agree,” “6=Agree,” and “7=Strongly Agree.”
The initial survey items were reviewed by a small sample of about 20 online customers. The purpose
of this panel was to review the survey items and make sure they were all clear and understandable by
survey respondents. The feedback from this panel was used to modify or rephrase some items before
making the survey available to the target population.
The validity and reliability of the research model were assessed using average variance extracted
(AVE) and Cronbach’s alpha (CA). Table 3 presents the correlations, CAs, AVEs, and square roots of
the AVEs. The CAs ranged from 0.783 to 0.924, all above the cut-off value of 0.6 (Nunnally and
Bernstein, 1994), providing support for the reliability of the research model. The convergent validity
was confirmed since factor loadings loaded significantly (> 0.5) (Hair et al., 1998) on their intended
constructs and all AVEs exceeded the threshold of 0.50 (Fornell and Larcker, 1981). The discriminant
validity was also confirmed since the square roots of the AVEs were greater than the inter-correlation
for each construct (Fornell and Larcker, 1981). Hence, these findings indicate that the research model
was reliable and valid and all measures were psychometrically adequate.
Results
Hierarchical regression analysis was used to test the hypotheses since it tests the main effects and the
moderating effects separately. In block 1, we entered the main study variables: privacy concern
R2 0.233 0.257
F (Sig.) 9.256 (0.000) 5.882 (0.000)
∆ R2 0.233 0.024
∆ F (Sig.) 9.256 (0.000) 1.294 (0.261)
Note: Dependent variable is Willingness to Disclose Personal Information
From Table 5, COL is the only privacy concern variable that had a significant relationship with
willingness to disclose personal information, thus, supporting H1 while H2 and H3 were not supported.
The privacy assurance variables (PCN and GTC) were not significant, thus, H5a and H6a were not
supported; however, the perceived benefits variables were significant, except for FNR; thus, H10 and
H11 were supported but not H9. The research model explained 23.3% (R2 = 0.233) of the variance. All
interaction terms did not show any significant relationships with the dependent variable. The R2, after
adding the interaction terms, was 0.257, which indicates that the interaction terms did not significantly
improve the explanatory power of the model (ΔR2 = 0.024 and ΔF = 0.261); thus, H5b1, H5b2, H5b3,
H6b1, H6b2, and H6b3 were not supported. In summary, the variables that had significant relationships
with willingness to disclose personal information were collection, personalization, and convenience.
Privacy assurance variables (PCN and GTC) appeared not to moderate the relationships between
privacy concern variables (COL, ERR, and IAU) and willingness to disclose personal information.
References
Aiken, L.S., West, S.G. and Reno, R.R. (1991), Multiple regression: Testing and interpreting
interactions, Sage, Thousand Oaks, CA.
Ajzen, I. (2002), “Perceived Behavioral Control, Self-Efficacy, Locus of Control, and the Theory of
Planned Behavior”, Journal of Applied Social Psychology, Vol. 32 No. 4, pp. 665–683.
AlGhamdi, R., Nguyen, J., Nguyen, A. and Drew, S. (2012), “Factors Influencing E-Commerce
Adoption by Retailers in Saudi Arabia: A Qualitative Analysis”, International Journal of
Electronic Commerce Studies, Vol. 3 No.1, pp. 83-100.
Alzamil, Z.A. (2018), “Information security practice in Saudi Arabia: case study on Saudi
organizations”, Information & Computer Security, Vol. 26 No. 5, pp. 568-583
Bansal, G., Zahedi, F. and Gefen, D. (2015), “The role of privacy assurance mechanisms in building
trust and the moderating role of privacy concern”, European Journal of Information Systems, Vol.
24 No. 6, pp. 624–644.
Biernacki, P. and Waldorf, D. (1981), “Snowball sampling: Problems and techniques of chain referral
sampling”, Sociological Methods and Research, Vol. 10 No.2, pp. 141–163.
Chellappa, R.K. and Sin, R.G. (2005), “Personalization versus Privacy: An Empirical Examination of
the Online Consumer’s Dilemma”, Information Technology and Management, Vol. 6 No. 2/3, pp.
181–202.
Chen, J., Ping, W., Xu, Y. and Tan, B. C.Y. (2009), “Am I Afraid of My Peers? Understanding the
Antecedents of Information Privacy Concerns in the Online Social Context”, paper presented at
the 30th International Conference on Information Systems, 15-18 December, Phoenix, Arizona,
USA. available at: http://aisel.aisnet.org/icis2009/174 (accessed 22 March 2017).