Please cite this article as Al-Jabri, I.M., Eid, M.I., and Abed, A.

(2020) "The willingness to disclose personal

information: trade-off between privacy concerns and benefit", Information & Computer Security, Vol 28, No. 2,
pp. 161-181

The willingness to disclose personal information: trade-off between privacy concerns

and benefit
Ibrahim M. Al-Jabri, Department of Information Systems and Operations Management,
Dhahran, Saudi Arabia
Mustafa I. Eid, Dammam Community College, Dhahran, Saudi Arabia
Amer Abed, Thales Group, Riyadh, Saudi Arabia

Purpose – Customer privacy and security are major concerns. Online firms worldwide collect customer
data for various reasons. The aim of this study is to investigate factors that motivate as well as hinder a
customer’s willingness to disclose personal information to online firms on e-commerce websites.
Design/methodology/approach – Based on an extensive literature review, three sets of factors have
been identified. These sets of factors are: privacy concern, perceived disclosure benefits, and privacy
assurances. It is hypothesized that privacy concerns negatively affect the disclosure of personal
information, while the perceived benefits of disclosure have positive effects. Privacy assurances
would positively affect information disclosure and attenuate the negative effect of privacy concerns
on the disclosure of personal information. We gathered data from 253 online customers in Saudi
Arabia.
Findings – The results indicate that perceived disclosure benefits and privacy concerns have a
significant positive and negative relationship, respectively, with willingness to disclose personal
information online. Privacy assurances had neither a direct nor a moderating effect on information
disclosure.
Research implications – The findings will inform online firms about the factors that prevent or
motivate customers to disclose personal information.
Originality/value –The effect of privacy concerns and benefits on personal information disclosure are
not fully understood in Saudi Arabia. This study reveals more insights into the specific factors that make
online customers reluctant or motivated to disclose their personal information.

Introduction
With the technological advancement of information and communication technology, the growth rates
of electronic commerce and services have been increasing exponentially. A major reason for this growth
is the reliance of both customers and firms on electronic channels. In general, customers use the Internet
for shopping, and firms use it for selling goods and services online. When customers use Internet
channels, online firms collect extensive personal information, including addresses, phone numbers, age,
marital status, and credit card information, among others. The online firms or companies use the Internet
not only for buying and selling but also for providing online services. The terms online firm, online
company and e-commerce company are used interchangeably in this study. Online firms claim that they
use customer information to personalize their offerings and services to ensure that customers enjoy
better services in future purchases. However, this is not always the case; sometimes customer
information is subjected to opportunistic behavior. Online firms, without customer consent, could use
personal information for advertisement or sell the information to a third party, thereby, making
customers very concerned about their privacy. Such a concern reduces customer willingness to share
personal information with online firms (Lowry et al., 2012). However, although customers express
concerns about their privacy, they still share their personal information to gain certain benefits from
online firms.
At the same time, businesses do attempt to protect the privacy of their customers and apply privacy
assurance mechanisms that are part of industry self-regulation and government regulations (Xu et al.,
2011). Included in such regulation is the privacy assurance mechanism that firms will request consent
from their customers prior to sharing their personal information. Through this, customers have control
over sharing or disclosing their information. Privacy assurance mechanisms reduce customer concerns,
put them at ease, and increase their level of comfort in disclosing personal information.

Electronic copy available at: https://ssrn.com/abstract=3759731

 Although there are numerous studies that have investigated the relationship of privacy concerns and
willingness of consumers to disclose personal information online (Desai et al., 2012; Son and Kim,
2008), there are few, if any, on this subject with a focus on Saudi Arabia. The e-commerce market in
Saudi Arabia is expanding at a rapid rate. According to the Sacha Orloff Group report, “In July 2014,
Saudi Arabia registered a record overall growth of 43 percent in e-commerce in the first quarter of 2014
compared to the same period last year, making it the highest growth rate in the MENA region” (Sacha
Orloff Group, 2014, p. 3). The paucity of research and the pervasive use of e-commerce in Saudi Arabia
motivated this study. Previous studies have focused on the overall impact of privacy concern (Xu et al.,
2012) rather than on the individual privacy concern dimensions, specifically, on the willingness to
disclose personal information. This study examines three sets of factors: the privacy concerns, the
expected disclosure benefits, and the privacy assurances. Privacy concern factors hinder disclosure,
whereas the benefits from disclosure encourage customers to share their personal information in
electronic channels like e-commerce. This study reveals more insights into the specific factors that make
online customers reluctant or motivated to disclose their personal information. Furthermore, this study
analyzes the moderating effect of privacy assurances on the relationship between privacy concern and
willingness to disclose personal information. Specifically, we address the following three research
questions:
RQ1: What privacy concern dimensions hinder disclosure of personal information?
RQ2: What expected benefits encourage the disclosure of personal information?
RQ3: Do privacy assurances attenuate the association between privacy concerns and disclosure of
personal information?
This study’s contributions are manifold. First, it identifies the factors that are influential in
encouraging or hindering customer disclosure of personal information. Second, from a practical
standpoint, by knowing these factors, online firms can use these to encourage customers to share their
personal information and to ensure confidentiality, integrity, and availability of customer information.
Third, online firms will be able to assess which assurance mechanisms reduce customer privacy
concerns and enhance willingness to provide personal information, which can be used to provide better
service and shopping experience. Fourth, by better understanding the effect of customer privacy
concerns on personal information sharing and privacy assurance factors, such as policies, regulations,
and security, online firms can improve policies that encourage customers to pursue transactions online,
thereby expanding their e-commerce market share.

Theoretical Foundation
Numerous studies have discussed the privacy concern and benefits issue, and their relationship with
information disclosure using privacy calculus theory (Culnan and Armstrong, 1999; Dinev and Hart,
2006; Laufer and Wolfe, 1977; Xu et al., 2009). This theory suggests that people’s intention to disclose
personal information is based on a calculus of behavior where a trade-off takes place between the
expected risks and benefits of disclosing personal information. In the context of e-commerce, the
privacy calculus means that customers perform a risk-benefit analysis and evaluate the consequences
of disclosing personal information (Dinev et al., 2006). Using this concept, Culnan and Armstrong
(1999) studied the relationship between information disclosure and the existence of procedural fairness.
In other words, customers disclose personal information if there is a fair procedure to protect their
information. Xu et al. (2009) studied the relationship between information disclosure in location-based
services (LBS) and privacy concern using the privacy calculus theory. They found that financial
compensation encouraged consumers to disclose their personal information. Xu et al. (2013) studied
the factors affecting information disclosure in the context of social networking sites using the privacy
calculus and the theory of planned behavior (TPB). Malhotra et al. (2004) used theory of reasoned
action (TRA) to propose a causal model based on the trust-risk framework; according to this causal
model, the presence of trust and risk beliefs can mediate the impact of privacy concern on behavioral
intention to disclose personal information. Another study by Gurung and Raja (2016) used the TRA and
TPB to study the privacy and security concerns in the e-commerce context and how it affects individual
behavioral intention. Many other studies in the area of online privacy concern have used the privacy
calculus, the TRA, and/or the TPB (Li, 2012; Smith et al., 2011; Li, 2011).
Another important theory used in the context of information disclosure is the protection motivation
theory (Rogers, 1975). According to this theory, people act to protect themselves based on three factors:

Electronic copy available at: https://ssrn.com/abstract=3759731

severity of the threatening event, probability of the threat occurrence, and efficacy of the protective
behavior or the individual’s ability to undertake preventive measures. In the context of information
disclosure, customers assess the threat of disclosing their personal information and if they can protect
themselves from the threat. This tradeoff between the expected threat/risk and the ability to protect
themselves from the threat/risk is known as the risk-calculus (Li, 2012). If the result of the assessment
shows that the expected risks of disclosing personal information outweigh the expected benefits, then
the customer would be unwilling to disclose personal information. On the other hand, if the customer
feels that he/she is capable of protecting him/herself from the expected risks, he/she would tend to
disclose personal information and perform more online transactions. In this study, we refer to protective
behavior as privacy assurance.
Privacy assurance based on the information boundary theory (Petronio, 1991) is a mechanism that
assures customers that personal information will be protected and kept private (Bansal et al., 2015).
This theory posits that each person forms a bounded information space where he/she clearly determines
what information to disclose or not disclose. The information boundary can be flexible or rigid,
depending on individual and institutional factors. For example, individual factors/mechanisms are the
perceived privacy control and self-efficacy, whereas institutional factors are industry self-regulation
and government regulation.

Literature Review and Hypotheses

The link among the foundation theories (i.e., privacy calculus theory, protection motivation theory,
and information boundary theory) is that the willingness to disclose personal information is affected by
three factors: privacy concern, perceived disclosure benefits, and privacy assurances. This section
reviews the relationships between privacy concern, perceived disclosure benefits, and privacy
assurances and their impact on the willingness to disclose personal information. The underlying core
constructs of the research model are depicted in Figure 1.

Privacy concern
Privacy concern is defined as the degree to which an individual is concerned about the collection and
use of his/her personal information (Hong and Thong, 2013). It also refers to customer concern about
threats to information privacy (Xu et al., 2013). Various studies have addressed the effect of privacy
concern on willingness to disclose personal information. For example, users with high levels of privacy
concern may be inclined to submit false information (Gross and Acquisti, 2005). Sheehan (1999) found
that as privacy concern increased, customers were more reluctant to register on websites asking for
personal information. Mothersbaugh et al. (2012) also studied the relationship between privacy concern
and willingness to disclose personal information. They found that privacy concern had a strong negative
effect on willingness to disclose sensitive personal information. Moreover, Zorotheos and Kafeza
(2009) found that privacy concern had a direct negative effect on the willingness to transact on the
Internet.
Privacy concern is a multidimensional construct that can be defined in terms of four dimensions:
collection, error, improper access, and unauthorized secondary use (Smith et al., 1996). In many cases,
online firms collect information about their customers. Customers then worry about such practices
because they are unsure how the collected information will be used. Customers usually are highly
concerned if their information is collected without consent and used for other purposes (i.e., secondary
use) such as promotion or selling to a third party. Many customers are also concerned about the accuracy
and currency of their information stored in the database of online firms. Information is dynamic by
nature; customer data may change over time such as mail address, marital status, preferences, and
education level. In order to understand the specific impact of the dimensions of privacy concern, we
postulate a hypothesis for each.
H1: Privacy concern (collection) has a negative effect on customers’ willingness to provide personal
information.
H2: Privacy concern (error) has a negative effect on customers’ willingness to provide personal
information.
H3: Privacy concern (improper access) has a negative effect on customers’ willingness to provide
personal information.

Electronic copy available at: https://ssrn.com/abstract=3759731

H4: Privacy concern (unauthorized secondary use) has a negative effect on customers’ willingness to
provide personal information.

Privacy assurance
In this study, privacy assurances refer to mechanisms that protect the personal information the
customers provide to online firms. Customers have confidence in websites that offer assurances about
protecting their personal information, thereby increasing their willingness to disclose their information.
In the context of information disclosure, customers assess the situation at the moment of disclosing their
personal information and try to strike a balance between the expected risks they might face and the
perceived privacy assurance that the website offers. This tradeoff between the expected risks and the
perceived privacy assurance is the risk-calculus or net privacy risk (Li, 2012).
The literature describes three privacy assurance mechanisms (Xu, 2010). These are individual,
institutional, and privacy-enhancing technology. Individual privacy assurance mechanisms include self-
efficacy and perceived privacy control. Perceived privacy control refers to “an individual’s beliefs in
his/her ability to manage the release and dissemination of personal information” (Xu et al., 2011, p.804).
This is stated in the literature as having a significant effect on reducing privacy concerns and increasing
willingness to disclose personal information (Xu et al., 2013). For example, an individual may opt out
of the use of her/his personal information in marketing campaigns like advertising or sales promotions
(Mothersbaugh et al., 2012). Dinev and Hart (2003) found that perceived control over personal
information positively affects Internet use. In line with the TPB, research shows that perceived control
affects the behavioral intention, which, in our case, is the willingness to disclose personal information
(Ajzen, 2002; Chen et al., 2009). Hence, we hypothesize the following:
H5a. Privacy control has a positive effect on customers’ willingness to disclose personal information.
H5b1. Privacy control reduces the negative impact of privacy concern (collection) on customers’
willingness to disclose personal information.
H5b2. Privacy control reduces the negative impact of privacy concern (error) on customers’ willingness
to disclose personal information.
H5b3. Privacy control reduces the negative impact of privacy concern (improper access) on customers’
willingness to disclose personal information.
H5b4. Privacy control reduces the negative impact of privacy concern (unauthorized secondary use) on
customers’ willingness to disclose personal information.
Institutional privacy assurance refers to the mechanism that a particular institutional entity (e.g.,
company, government, or industry) offers to ensure that the customer’s personal information is

Electronic copy available at: https://ssrn.com/abstract=3759731

protected. Institutional mechanisms include government regulation, technology-enhancing privacy, and
industry self-regulation.
A commonly used privacy assurance mechanism is government regulation, which relies on laws and
legislations that protect personal information (Xu et al., 2009, Xu, 2010). For location-based services,
many countries, such as the US, have formulated some laws that protect location privacy so that
consumers trust that their privacy rights are protected against information loss. Hence, we hypothesize
the following:
H6a. Government regulation has a positive effect on customers’ willingness to disclose personal
information
H6b1. Government regulation reduces the negative impact of privacy concern (collection) on customers’
willingness to disclose personal information
H6b2. Government regulation reduces the negative impact of privacy concern (error) on customers’
willingness to disclose personal information
H6b3. Government regulation reduces the negative impact of privacy concern (improper access) on
customers’ willingness to disclose personal information
H6b4. Government regulation reduces the negative impact of privacy concern (unauthorized secondary
use) on customers’ willingness to disclose personal information
Another privacy assurance mechanism is technology-enhancing privacy, which refers to the
technology that helps customers protect their information. For example, websites offer security options
for customers to enable/disable information sharing with third parties and to inform them about the use
of cookies. Such technology-based features empower customers to control how websites track and use
their personal information. The presence of these applications provides assurance to customers and
subsequently affects their willingness to disclose personal information. Based on the above, we
hypothesize the following.
H7a. Technology-enhancing privacy has a positive effect on customers’ willingness to disclose personal
information
H7b1. Technology-enhancing privacy reduces the negative impact of privacy concern (collection) on
customers’ willingness to disclose personal information
H7b2. Technology-enhancing privacy reduces the negative impact of privacy concern (error) on
customers’ willingness to disclose personal information
H7b3. Technology-enhancing privacy reduces the negative impact of privacy concern (improper access)
on customers’ willingness to disclose personal information
H7b4. Technology-enhancing privacy reduces the negative impact of privacy concern (unauthorized
secondary use) on customers’ willingness to disclose personal information
Industry self-regulation is another privacy assurance mechanism which ensures control over
information privacy (Tang et al., 2008; Xu et al., 2009; Xu, 2010). An example of industry self-
regulation is a privacy seal, such as TRUSTe, which can be used by firms to assure customers that
adequate privacy compliance is being followed. Keith et al. (2010) found that the availability of privacy
structural assurances or industry self-regulations (like privacy policies, seals, and guarantees) ensure a
high level of privacy and a low level of privacy concern. Hence, we hypothesize the following:
H8a: Industry self-regulation has a positive effect on customers’ willingness to disclose personal
information
H8b1. Industry self-regulation reduces the negative impact of privacy concern (collection) on
customers’ willingness to disclose personal information
H8b2. Industry self-regulation reduces the negative impact of privacy concern (error) on customers’
willingness to disclose personal information
H8b3. Industry self-regulation reduces the negative impact of privacy concern (improper access) on
customers’ willingness to disclose personal information
H8b4. Industry self-regulation reduces the negative impact of privacy concern (unauthorized secondary
use) on customers’ willingness to disclose personal information
Perceived disclosure benefits
Perceived benefits refer to what customers gain from information disclosure. According to the principle
of distributive justice, people care about the amount of information they release compared to the benefits
received (Malhotra et al., 2004), which means that customers will give information in exchange for
value after balancing the associated costs. The perceived benefits construct is derived from the privacy

Electronic copy available at: https://ssrn.com/abstract=3759731

calculus theory, which suggests that people’s intention to disclose personal information is based on a
calculus of behavior where a trade-off takes place between expected risks and benefits of disclosing
personal information. Based on that, customers will disclose their personal information to receive
benefits that outweigh the associated risks of information disclosure.
Previous studies have examined the relationship between perceived benefits and information
disclosure. For example, Xu et al. (2013) found that the perceived benefits of information disclosure
had a positive effect on the usage of social network sites. Chiu et al. (2014) found that utilitarian benefits
from disclosure, like financial rewards, convenience, and product offerings, were positively associated
with repeat purchase intentions in online stores. Sharma and Crossler (2014) found a positive effect of
perceived benefits of disclosure on intention to disclose personal information for customers engaging
in social commerce.
This study considers three important disclosure benefits: financial rewards, personalization, and
convenience. Financial rewards refer to monetary compensation, such as gifts, e-coupons, or discounts,
which encourage customers to disclose their personal information. For example, if customers buy a
mobile phone from an e-market, like Souq.com, they may save up to 20% off the price as compared to
buying from a showroom. Some e-markets, like pricena.com, make it easy for customers to compare
prices and accordingly enables them to get better deals. However, customers are asked to register in
such online markets to compare prices and get more options. This kind of saving or reward encourages
customers to do more shopping online. Previous research showed that financial compensation is
positively associated with the willingness to disclose personal information (Premazzi et al., 2010).
Hence, we hypothesize that:
H9: Financial reward has a positive effect on customers’ willingness to disclose personal information.
The second type of perceived disclosure benefit is personalization (Smith et al., 2011). This refers
“to tailoring and recommending products and services according to specific consumer characteristics
(e.g., browsing/purchasing preferences)” (Lee and Granage, 2014, p. 988). Although personalization
triggers privacy concerns about disclosing personal information, research shows that personalization
benefits outweigh privacy concerns (Chellappa and Sin, 2005). When online firms offer different online
personalization options, this will, first, increase the switching cost, which implies the need to fill-in
many forms again, and second, make it more difficult for a competitor to attract such “personalized”
customers. Consequently, the benefits of personalization will encourage customers to disclose their
personal information. Hence, we hypothesize that:
H10: Personalization has a positive effect on customers’ willingness to disclose personal information.
The third type of perceived disclosure benefits is convenience (Shan et al., 2010; Chiu et al., 2014).
Convenience refers to the comfort, and time and effort savings that customers enjoy while purchasing
online (Jiang et al., 2013). Convenience may include flexibility of payment as well. For example, when
dealing with Souq.com, the customer has the choice to pay online using a credit card or cash on delivery.
As long as customers are comfortable during online transactions, they are expected to be more willing
to disclose personal information, and thereby experience more perceived benefits. Hence, we
hypothesize that:
H11: Convenience has a positive effect on customers’ willingness to disclose personal information.

Research Methodology
Survey development
The survey instrument was developed based on previous literature. All measures were adapted from
previous studies to fit the context of the present study. The measures for privacy concerns were taken
from Malhorta et al. (2004). The measures of privacy assurance were taken, with slight modification,
from Xu et al. (2013) and Xu (2013). The measures of perceived benefits were taken from Chiu et al.
(2014) and Xu et al. (2009). The measures of willingness to disclose personal information were taken
from Malhotra et al. (2004) and Raschke et al. (2014). All survey items were measured on a five-point
Likert-type scale, where “1=Strongly Disagree,” “2=Disagree,” “3=Somewhat Disagree,” “4=Neutral,”
“5=Somewhat Agree,” “6=Agree,” and “7=Strongly Agree.”
The initial survey items were reviewed by a small sample of about 20 online customers. The purpose
of this panel was to review the survey items and make sure they were all clear and understandable by
survey respondents. The feedback from this panel was used to modify or rephrase some items before
making the survey available to the target population.

Electronic copy available at: https://ssrn.com/abstract=3759731

Data collection
An online survey was employed to collect data for testing the research model. The respondents were
invited through electronic mail messages, using a snowball sampling method (Heckathorn, 2011;
Biernacki and Waldorf, 1981). The subjects targeted were customers who had experience purchasing
goods or services from online firms. The online survey link was sent by email to a sample of online
firm customers in the fall of 2015. The first question in the survey was used to filter out respondents
who did not have any experience in online shopping. The first page of the survey stated the purpose of
the study and a short explanation of the study variables as well as ensuring the confidentiality of
individual responses. We received a total of 272 responses. After data cleansing, we obtained 253 valid
responses. Among them, 15.8% were female and 84.2% were male. Around 54% were married and
51% possessed college degree. About 85% of the respondents had experience with the Internet for more
than five years. Table 1 shows the overall characteristics of the valid sample.

Table 1. Sample characteristics

Characteristics N %
Gender Female 40 15.8
Male 213 84.2
Age 20 or younger 27 10.7
21-25 60 23.7
26-30 62 24.5
31-45 87 34.4
46 or older 17 6.7
Marital Status Married 136 53.8
Single 117 46.2

Monthly Income* Less than SR 4,000 72 28.5

SR 4,001 – 8,000 49 19.4
SR 8,001 – 12,000 26 10.3
SR 12,001 – 15,000 30 11.9
SR 15,001 or more 57 22.5
Missing 19 7.5

Highest Education High school 50 19.8

Some college/diploma 2 0.8
College/bachelor 130 51.4
Master/Doctorate 66 26.1
Other 5 2.0
Experience with Internet Use Less than 1 year 10 4.0
1 – 2 years 11 4.3
3 – 5 years 19 7.5
More than 5 years 213 84.2
Frequency of online buying Daily 2 0.8
Weekly 10 4.0
Monthly 45 17.8
Few times a year 150 59.3
Once a year 35 13.8
Never 11 4.0
*Monthly income measured in local currency Saudi Riyal (SR) 3.75 = 1USD

Research model validation

Before testing the hypothesis, the research model must be valid and reliable. For this, we performed
exploratory factor analysis (EFA) with principal component for extraction and oblimin for rotation.
Table 2 presents the loadings and cross-loading values of all measurement items. The EFA extracted
only nine factors with eigenvalue >= 1.0, explaining 70.8% of the total variance. Unauthorized
secondary use (USU) and improper access (IAC) were merged into one factor, which was named
improper access and Use (IAU). Government regulations (GVR) and technology-based privacy (TBP)
were also merged into one factor, named government and technology control (GTC). The industry self-
regulation (IRS) factor was dropped due to high cross-loading with the GTC factor. Based on the EFA

Electronic copy available at: https://ssrn.com/abstract=3759731

results, we merged the associated hypotheses H3 with H4, H6 with H7, and dropped H8. We also revised
the original research models as depicted in Figure 2.
Table 2. Exploratory factor analysis
Factor Loadings
Items and Factors
CNV GTC WTD COL ERR FNR IAU PCN PRS
Convenience (CNV)
CNV4 0.826 0.057 -0.296 0.093 0.115 -0.329 0.312 -0.086 -0.278
CNV3 0.816 0.130 -0.193 0.043 0.101 -0.214 0.351 -0.038 -0.252
CNV2 0.804 0.044 -0.236 -0.073 0.101 -0.286 0.335 -0.074 -0.462
CNV1 0.725 0.061 -0.170 -0.004 0.102 -0.284 0.298 -0.117 -0.352
Government & Technology Control (GTC)
TBP1 0.062 0.828 -0.092 -0.153 0.074 -0.049 -0.062 -0.361 -0.065
GVR2 0.161 0.826 -0.084 -0.101 0.177 -0.007 -0.105 -0.383 -0.060
GVR1 0.157 0.826 -0.059 -0.200 0.156 -0.080 -0.041 -0.445 -0.118
TBP2 0.006 0.778 -0.098 -0.092 0.062 0.010 -0.068 -0.346 -0.104
Willingness to disclose personal information (WTD)
WTD2 0.225 0.085 -0.894 -0.184 -0.015 -0.189 0.078 -0.077 -0.220
WTD3 0.255 0.064 -0.892 -0.175 -0.012 -0.187 0.026 -0.066 -0.291
WTD1 0.185 0.093 -0.881 -0.256 -0.064 -0.215 -0.033 -0.046 -0.225
WTD4 0.226 0.123 -0.804 -0.238 0.010 -0.235 -0.085 -0.054 -0.129
Collection (COL)
COL2 -0.052 -0.119 0.212 0.856 0.182 0.004 0.114 0.158 -0.038
COL1 0.009 -0.088 0.281 0.838 0.104 0.029 0.020 0.141 -0.002
COL3 0.097 -0.235 0.102 0.790 0.119 -0.096 0.191 0.106 0.022
COL4 0.035 -0.070 0.204 0.775 0.223 -0.001 0.202 0.169 -0.083
Error (ERR)
ERR4 0.068 0.107 0.026 0.092 0.870 -0.089 0.169 -0.051 -0.054
ERR3 0.023 0.098 0.050 0.123 0.846 -0.071 0.250 -0.124 -0.008
ERR2 0.157 0.082 -0.047 0.171 0.811 0.042 0.208 -0.072 -0.103
ERR1 0.144 0.123 0.053 0.199 0.721 0.018 0.240 -0.029 0.008
Financial Rewards (FNR)
FNR1 0.320 0.009 -0.236 0.049 0.018 -0.864 0.159 -0.101 -0.327
FNR3 0.152 0.011 -0.164 -0.077 0.037 -0.814 0.129 -0.104 -0.407
FNR2 0.297 0.029 -0.185 0.080 0.034 -0.808 0.135 -0.068 -0.272
Improper Access & Use (IAU)
USU4 0.369 -0.044 0.004 0.084 0.206 -0.124 0.901 0.009 -0.154
IAC1 0.365 -0.057 0.013 0.133 0.203 -0.148 0.894 0.059 -0.144
USU3 0.301 -0.032 0.018 0.126 0.221 -0.144 0.890 -0.019 -0.099
IAC3 0.326 -0.052 0.034 0.082 0.271 -0.163 0.835 0.039 -0.151
USU2 0.341 -0.086 0.017 0.222 0.348 -0.128 0.801 -0.086 0.031
IAC2 0.335 -0.022 0.070 0.145 0.192 -0.132 0.780 0.108 -0.022
USU1 0.233 -0.125 -0.144 0.117 0.189 -0.133 0.734 0.018 -0.058
Privacy Control (PCN)
PCN2 0.067 0.416 -0.081 -0.156 0.032 -0.110 -0.018 -0.886 -0.111
PCN1 0.017 0.305 0.027 -0.190 0.075 -0.037 -0.097 -0.835 -0.109
PCN3 0.027 0.602 -0.051 -0.161 0.094 -0.105 -0.115 -0.826 -0.042
PCN4 0.161 0.352 -0.097 -0.095 0.086 -0.155 0.024 -0.803 -0.129
ISR1* 0.225 0.624 -0.059 -0.312 0.123 -0.147 0.072 -0.666 -0.025
ISR2* 0.306 0.601 -0.107 -0.233 0.171 -0.132 0.128 -0.602 -0.073
Personalization (PRS)
PRS1 0.313 0.108 -0.246 0.048 0.056 -0.393 0.054 -0.140 -0.867
PRS2 0.435 0.149 -0.273 0.057 0.092 -0.385 0.145 -0.141 -0.855
PRS3 0.418 0.114 -0.245 -0.039 0.081 -0.398 0.211 -0.160 -0.827

Electronic copy available at: https://ssrn.com/abstract=3759731

 Eigen value 7.23 6.02 4.01 2.70 2.23 1.61 1.48 1.25 1.07
Variance explained (%) 18.54 15.44 10.29 6.92 5.72 4.13 3.80 3.22 2.75
Cumulative variance explained (%) 18.54 33.98 44.27 51.18 56.90 61.03 64.83 68.05 70.80
*Dropped items

The validity and reliability of the research model were assessed using average variance extracted
(AVE) and Cronbach’s alpha (CA). Table 3 presents the correlations, CAs, AVEs, and square roots of
the AVEs. The CAs ranged from 0.783 to 0.924, all above the cut-off value of 0.6 (Nunnally and
Bernstein, 1994), providing support for the reliability of the research model. The convergent validity
was confirmed since factor loadings loaded significantly (> 0.5) (Hair et al., 1998) on their intended
constructs and all AVEs exceeded the threshold of 0.50 (Fornell and Larcker, 1981). The discriminant
validity was also confirmed since the square roots of the AVEs were greater than the inter-correlation
for each construct (Fornell and Larcker, 1981). Hence, these findings indicate that the research model
was reliable and valid and all measures were psychometrically adequate.

Table 3. Correlations, Cronbach’s Alphas, AVEs and Square Root of AVEs*

Variable Mean SD IAU COL ERR GTC PCN CNV PRS FNR WTD AVE CA
IAU 6.531 0.871 0.836 0.698 0.924
COL 5.006 1.413 0.179 0.815 0.665 0.839
ERR 5.161 1.247 0.292 0.206 0.814 0.662 0.829
GTC 3.664 1.430 -0.085 -0.167 0.142 0.815 0.664 0.845
PCN 3.313 1.568 -0.061 -0.183 0.081 0.525 0.838 0.702 0.874
CNV 5.603 1.117 0.428 0.026 0.134 0.113 0.087 0.794 0.630 0.824
PRS 4.880 1.121 0.164 0.039 0.087 0.162 0.176 0.512 0.850 0.722 0.851
FNR 4.956 1.194 0.183 0.031 0.037 0.036 0.115 0.377 0.486 0.829 0.687 0.783
WTD 4.431 1.318 -0.007 -0.277 -0.027 0.129 0.077 0.300 0.320 0.256 0.868 0.754 0.894
*Diagonal elements are the Square Root of AVEs; SD: Standard Deviation; CA: Cronbach’s Alpha; IAU:
Improper Access & Use; COL: Collection; ERR: Error; GTC: Government & Technology Control; PCN:
Privacy Control; CNV: Convenience; PRS: Personalization; FNR: Financial Rewards; WTD: Willingness to
disclose personal information

Results
Hierarchical regression analysis was used to test the hypotheses since it tests the main effects and the
moderating effects separately. In block 1, we entered the main study variables: privacy concern

Electronic copy available at: https://ssrn.com/abstract=3759731

variables (COL, ERR, and IAU), privacy assurance variables (PCN and GTC), and perceived benefits
variables (FNR, PRS, and CNV). In block 2, we entered the interaction terms between the privacy
concern variables and privacy assurance variables. The interaction terms were PCN x COL, PCN x
ERR, PCN x IAU, GTC x COL, GTC x ERR, and GTC x IAU. It is important to note that for the
interaction terms, we multiplied the mean-centered values of the privacy concern variables by the mean-
centered values of the privacy assurance variables. The use of mean-centered values, as opposed to raw
values, avoids the possibility of having multi-collinearity issues among the predictor variables (Aiken,
West, and Reno, 1991). We also examined the presence of multicollinearity among predictor variables
using variance inflation factor (VIF) and tolerance. The VIF scores ranged from 1.183 to 3.765, below
the threshold value of 10; and the tolerance scores ranged from 0.321 to 0.845, above the threshold
value of 0.10. Hence, this diagnostic showed that there was no evidence of multicollinearity. Table 4
presents the results of the hierarchical regression analysis.

Table 4. Main and Moderating effects on willingness to disclose personal information

Block 1 Block 2 Collinearity statistics
Hypothesis Independent Variables
beta t-value Sig. beta t-value Sig. Tolerance VIF
Privacy concern dimensions
H1 Collection (COL) -0.282 -4.751 0.000 -0.298 -4.902 0.000 0.845 1.183
H2 Errors (ERR) 0.011 0.188 0.851 -0.005 -0.084 0.933 0.808 1.237
H3 Improper Access & Use (IAU) -0.103 -1.551 0.122 -0.102 -1.504 0.134 0.685 1.460
Privacy assurance dimensions
H5a Privacy Control (PCN) -0.075 -1.111 0.267 -0.025 -0.344 0.731 0.597 1.676
H6a Gov. & Technology Control (GTC) 0.053 0.784 0.434 0.027 0.387 0.699 0.626 1.599
Perceived benefits dimensions
H9 Financial Rewards (FNR) 1.121 1.843 0.067 0.102 1.546 0.124 0.714 1.401
H10 Personalization (PRS) 0.185 2.591 0.010 0.192 2.652 0.009 0.588 1.700
H11 Convenience (CNV) 0.210 2.892 0.004 0.202 2.770 0.006 0.586 1.706
Interaction terms
H5b1 PCN x COL 0.064 0.920 0.358 0.648 1.544
H5b2 PCN x ERR -0.083 -1.203 0.230 0.649 1.541
H5b3 PCN x IAU -0.157 -1.613 0.108 0.329 3.042
H6b1 GTC x COL -0.072 -1.034 0.302 0.643 1.556
H6b2 GTC x ERR 0.018 0.262 0.794 0.630 1.587
H6b3 GTC x IAU 0.067 0.675 0.500 0.321 3.117

R2 0.233 0.257
F (Sig.) 9.256 (0.000) 5.882 (0.000)
∆ R2 0.233 0.024
∆ F (Sig.) 9.256 (0.000) 1.294 (0.261)
Note: Dependent variable is Willingness to Disclose Personal Information

From Table 5, COL is the only privacy concern variable that had a significant relationship with
willingness to disclose personal information, thus, supporting H1 while H2 and H3 were not supported.
The privacy assurance variables (PCN and GTC) were not significant, thus, H5a and H6a were not
supported; however, the perceived benefits variables were significant, except for FNR; thus, H10 and
H11 were supported but not H9. The research model explained 23.3% (R2 = 0.233) of the variance. All
interaction terms did not show any significant relationships with the dependent variable. The R2, after
adding the interaction terms, was 0.257, which indicates that the interaction terms did not significantly
improve the explanatory power of the model (ΔR2 = 0.024 and ΔF = 0.261); thus, H5b1, H5b2, H5b3,
H6b1, H6b2, and H6b3 were not supported. In summary, the variables that had significant relationships
with willingness to disclose personal information were collection, personalization, and convenience.
Privacy assurance variables (PCN and GTC) appeared not to moderate the relationships between
privacy concern variables (COL, ERR, and IAU) and willingness to disclose personal information.

Table 5. Summary of the Hypothesis Testing Results

Hypothesis Relation Result
H1: Privacy concern (Collection) has a negative effect on customers’ COLL → supported
willingness to provide personal information WTD

Electronic copy available at: https://ssrn.com/abstract=3759731

H2: Privacy concern (error) has a negative effect on customers’ willingness ERR → Not
to provide personal information WTD supported
H3: Privacy concern (improper access) has a negative effect on customers’ IAU → WTD Not
willingness to provide personal information supported
H4: Privacy concern (unauthorized secondary use) has a negative effect on USU → WTD Merged with
customers’ willingness to provide personal information H3
H5a. Privacy control has a positive effect on customers’ willingness to PCN → WTD Not
disclose personal information. supported
H5b1. Privacy control reduce the negative impact of privacy concern PCN x COLL Not
(collection) on customers’ willingness to disclose personal information. → WTD supported
H5b2. Privacy control reduce the negative impact of privacy concern (error) PCN x ERR Not
on customers’ willingness to disclose personal information. → WTD supported
H5b3. Privacy control reduce the negative impact of privacy concern PCN x IAU Not
(improper access) on customers’ willingness to disclose personal information → WTD supported
H5b4. Privacy control reduce the negative impact of privacy concern PCN x USU Merged with
(unauthorized secondary use) on customers’ willingness to disclose personal → WTD H5b3
information
H6a. Government regulation has a positive effect on customers’ willingness GTC → WTD Not
to disclose personal information supported
H6b1. Government regulation reduces the negative impact of privacy concern GTC x COL Not
(collection) on customers’ willingness to disclose personal information → WTD supported
H6b2. Government regulation reduces the negative impact of privacy concern GTC x ERR Not
(error) on customers’ willingness to disclose personal information → WTD supported
H6b3. Government regulation reduces the negative impact of privacy concern GTC x IAU Not
(improper access) on customers’ willingness to disclose personal information → WTD supported
H6b4. Government regulation reduces the negative impact of privacy concern GTC x USU Dropped
(unauthorized secondary use) on customers’ willingness to disclose personal → WTD
information
H7a. Technology-enhancing privacy has a positive effect on customers’ TBP → WTD Merged with
willingness to disclose personal information H6a
H7b1. Technology-enhancing privacy reduces the negative impact of privacy TBP x COL Merged with
concern (collection) on customers’ willingness to disclose personal → WTD H6b1
information
H7b2. Technology-enhancing privacy reduces the negative impact of privacy TBP x ERR Merged with
concern (error) on customers’ willingness to disclose personal information → WTD H6b2
H7b3. Technology-enhancing privacy reduces the negative impact of privacy TBP x IAC Merged with
concern (improper access) on customers’ willingness to disclose personal → WTD H6b3
information
H7b4. Technology-enhancing privacy reduces the negative impact of privacy TBP x USU Dropped
concern (unauthorized secondary use) on customers’ willingness to disclose → WTD
personal information
H8a: Industry self-regulation has a positive effect on customers’ willingness ISR → WTD Dropped
to disclose personal information
H8b1. Industry self-regulation reduces the negative impact of privacy ISR x COL Dropped
concern (collection) on customers’ willingness to disclose personal → WTD
information
H8b2. Industry self-regulation reduces the negative impact of privacy ISR x ERR → Dropped
concern (error) on customers’ willingness to disclose personal information WTD
H8b3. Industry self-regulation reduces the negative impact of privacy ISR x IAC → Dropped
concern (improper access) on customers’ willingness to disclose personal WTD
information
H8b4. Industry self-regulation reduces the negative impact of privacy ISR x USU Dropped
concern (unauthorized secondary use) on customers’ willingness to disclose → WTD
personal information
H9: Financial reward has a positive effect on customers’ willingness to FNR → Not
disclose personal information WTD supported
H10: Personalization has a positive effect on customers’ willingness to PRS → Supported
disclose personal information WTD
H11: Convenience has a positive effect on customers’ willingness to disclose CNV → Supported
personal information WTD

Electronic copy available at: https://ssrn.com/abstract=3759731

Discussion and Implications
Unlike previous studies that considered privacy concern as an aggregate variable, this study
examined the relationships between the dimensions of privacy concern and the willingness to disclose
personal information. We argued that there were three major sets of factors that positively or negatively
affected customer willingness to disclose personal information to online firms. Each major factor
consisted of sub-factors or dimensions. The first major factor was privacy concern. It consisted of three
dimensions: collection (COL), errors (ERR), and improper access and use (IAU). The second major
factor was privacy assurance and it consisted of two dimensions: privacy control (PCN) and
government and technology-based control (GTC). The third major factor was perceived benefits; it
consisted of financial rewards (FNR), personalization (PRS), and convenience (CNV). Of all these
factors, only three dimensions (i.e., ERR, FNR, and CNV) had significant relationships with willingness
to disclose personal information. Table 5 summarizes the results of the research hypotheses.
The first finding was the negative relationship between collection and willingness to disclose
personal information. Collection of personal information is the starting point of privacy concern
(Malhotra et al., 2004). This is perhaps what makes customers very concerned about collection. Once
the information is collected it is out of one’s control and vulnerable to error and improper access and
use. Hence, collection is a potential mechanism for improper access and/or secondary use of personal
information. That is, the relationships between the error and improper access and use and the willingness
to disclose personal information could be mediated by collection. The implication for online firms is
that they should collect the minimum amount of information necessary for the customer transaction.
The second finding was the nonsignificant direct effect the privacy assurance dimensions (the PCN
and GTC) on the willingness to disclose personal information. Most customers felt that they did not
have control over their information once it was collected by the online firms. In addition, customers did
not believe that government regulations were protecting their personal information. This is evidenced
by the low mean of privacy control (mean = 3.313) and of the government and technology control (mean
= 3.664). This is an evidence that customers lack personal control in accessing and verifying their
collected information. By the same token, government and technology controls were not effective
mechanisms for privacy assurance. This can be attributed to the following reasons:
1) The Saudi anti-cyber crime law which was issued in 2007 missed specific provisions on
personal data protection (Saeed and Saleem, 2015).
2) The lack of clear legislations and rules to protect the privacy rights was a serious inhibitor of
e-commerce adoption in Saudi Arabia (AlGhamdi et al., 2012).
3) The lack of effective enforcement of information security policies and procedures (Alzamil,
2018).
This finding has implications for both online firms and governments. For online firms, customers
should be given the privilege to access, modify, and verify their personal information. Although this
would not safeguard against improper access and use, customers would be able to correct their
information for possible potential errors. Government control, however, should not only enact rules and
regulations but also enforce them in order to safeguard against improper access and use of customer
information.
The third finding was the nonsignificant moderating effect of privacy assurance on the relationship
between privacy concern and disclosure of personal information. The results imply that neither privacy
control nor government and technology control would relax the impact of privacy concern on the
willingness to disclose personal information. This is not surprising because the privacy assurance
mechanisms have no significant relationship with the willingness to disclose personal information, as
stated in the second finding above.
The fourth finding was the significant direct effect of personalization and convenience on the
willingness to disclose personal information. This means that personalization and convenience motivate
customers to disclose their personal information, which is in line with other studies (Karwatzki et al.,
2017). However, the surprising result was the nonsignificant relationship between financial rewards and
disclosure of personal information, which is not in line with previous literature (Yeh et al., 2018). This
finding suggests that online customers are willing to share their personal information for convenience,
but not for financial rewards. Hann et al. (2007) reported that some people, called “information sellers,”
were willing to exchange their personal information for financial rewards. Others, called “convenience

Electronic copy available at: https://ssrn.com/abstract=3759731

seekers,” were willing to exchange their information for convenience. Thus, one can conclude that
customers value convenience and personalization over financial rewards in disclosing personal
information. One possible explanation, with regard to financial rewards, is that customers did not realize
much saving when they made online purchases. Therefore, online firms are encouraged to persuade the
“information sellers” segment in sharing their personal information by offering attractive and
substantial saving incentives when buying via company’s website.

Limitations and Future Research

Although this study contributes to the literature on information privacy concerns and benefits of
disclosing personal information, it has some limitations that may open avenues for further research.
First, male and female respondents were not equally represented in our study sample. However, we
argue that the sample is suitable for this study since Saudi Arabia represents a male-dominated society.
Second, the dependent variable was the willingness rather than the actual disclosure of personal
information. People who expressed less willingness to share are more likely to actually disclose
personal information. This inconsistency of willingness to disclose private information and the actual
more restrictive behavior is often referred to as the “privacy paradox.” Third, the sensitivity of the
personal information is an important factor that was not considered in the sharing of information. For
example, customers may be willing to share their postal address but hesitant in sharing their credit card
information because they feel the latter is more sensitive than the former.
Conclusion
When disclosing personal information, customers encounter privacy concerns and receive
beneficial outcomes; this captures the concept of the privacy calculus. The most significant dimension
of privacy concern is collection. Other dimensions (i.e., errors and improper access & use) had a
nonsignificant relationship with disclosing personal information. This research differs from previous
studies as the privacy concern dimensions were examined individually rather than collectively. On the
disclosure benefits side, customers were willing to disclose personal information in exchange for
personalization or for shopping convenience. The assurance mechanisms did not attenuate the privacy
concerns. The results suggest that online firms should be cautious when collecting customer data
because they have a major concern with the privacy of their information. On the other hand, online
firms should capitalize on the factors that motivate customers to disclose personal information.

References
Aiken, L.S., West, S.G. and Reno, R.R. (1991), Multiple regression: Testing and interpreting
interactions, Sage, Thousand Oaks, CA.
Ajzen, I. (2002), “Perceived Behavioral Control, Self-Efficacy, Locus of Control, and the Theory of
Planned Behavior”, Journal of Applied Social Psychology, Vol. 32 No. 4, pp. 665–683.
AlGhamdi, R., Nguyen, J., Nguyen, A. and Drew, S. (2012), “Factors Influencing E-Commerce
Adoption by Retailers in Saudi Arabia: A Qualitative Analysis”, International Journal of
Electronic Commerce Studies, Vol. 3 No.1, pp. 83-100.
Alzamil, Z.A. (2018), “Information security practice in Saudi Arabia: case study on Saudi
organizations”, Information & Computer Security, Vol. 26 No. 5, pp. 568-583
Bansal, G., Zahedi, F. and Gefen, D. (2015), “The role of privacy assurance mechanisms in building
trust and the moderating role of privacy concern”, European Journal of Information Systems, Vol.
24 No. 6, pp. 624–644.
Biernacki, P. and Waldorf, D. (1981), “Snowball sampling: Problems and techniques of chain referral
sampling”, Sociological Methods and Research, Vol. 10 No.2, pp. 141–163.
Chellappa, R.K. and Sin, R.G. (2005), “Personalization versus Privacy: An Empirical Examination of
the Online Consumer’s Dilemma”, Information Technology and Management, Vol. 6 No. 2/3, pp.
181–202.
Chen, J., Ping, W., Xu, Y. and Tan, B. C.Y. (2009), “Am I Afraid of My Peers? Understanding the
Antecedents of Information Privacy Concerns in the Online Social Context”, paper presented at
the 30th International Conference on Information Systems, 15-18 December, Phoenix, Arizona,
USA. available at: http://aisel.aisnet.org/icis2009/174 (accessed 22 March 2017).

Electronic copy available at: https://ssrn.com/abstract=3759731

Chiu, C.-M., Wang, E.T.G., Fang, Y.-H. and Huang, H.-Y. (2014), “Understanding customers’ repeat
purchase intentions in B2C e-commerce: the roles of utilitarian value, hedonic value and perceived
risk”, Information Systems Journal, Vol. 24 No. 1, pp. 85–114.
Culnan, M.J. and Armstrong, P.K. (1999), “Information privacy concerns, procedural fairness, and
impersonal trust: An empirical investigation”, Organization Science, Vol 10 No. 1, pp. 104–115.
Desai, M.S., Desai, K.J. and Phelps, L.D. (2012), “E-commerce policies and customer privacy: a
longitudinal study (2000-2010)”, Information Management & Computer Security, Vol. 20 No. 3,
pp. 222–244.
Dinev, T. and Hart, P. (2003), “Privacy Concerns and Internet Use - a Model of Trade-Off Factors”,
paper presented at the Academy of Management, 1-6 August, Seattle, Washington, USA,
available at: http://proceedings.aom.org/content/2003/1/D1.6.full.pdf (accessed 16 Jun 2017).
Dinev, T. and Hart, P. (2006), “An extended privacy calculus model for e‑commerce transactions”,
Information Systems Research, Vol. 17 No. 1, pp. 61–80.
Fornell, C. and Larcker, D.F. (1981), “Evaluating structural equation models with unobservable
variables and measurement error”, Journal of Marketing Research, Vol. 18 No. 1, pp. 39–50.
Gross, R. and Acquisti, A. (2005), “Information Revelation and Privacy in Online Social Networks”, in
2005 Proceedings of the ACM Workshop on Privacy in the Electronic Society, New York, NY,
USA, ACM, pp. 71–80, available at: http://dl.acm.org/citation.cfm?id=1102214 (accessed 26
March 2017)
Gurung, A. and Raja, M.K. (2016), “Online privacy and security concerns of consumers”, Information
and Computer Security, Vol. 24 No. 4, pp. 348–371.
Hann, I., Hui, K., Lee, S. and Png, I. (2007), “Overcoming Online Information Privacy Concerns: An
Information-Processing Theory Approach”, Journal of Management Information Systems, Vol.
24, No. 2, pp. 13–42.
Heckathorn, D.D. (2011), “Comment: Snowball Versus Respondent-Driven Sampling”, Sociological
Methodology, Vol. 41 No. 1, pp. 355-366.
Hong, W and Thong, J. (2013), “Internet Privacy Concerns: an Integrated Conceptualization and Four
Empirical Studies”, MIS Quarterly, Vol. 37 No. 1, pp. 275-298.
Jiang, L., Yang, Z. and Jun, M. (2013), "Measuring consumer perceptions of online shopping
convenience", Journal of Service Management, Vol. 24 No. 2, pp.191-214.
Karwatzki, S., Dytynko, O., Trenz, M. and Veit, D. (2017), “Beyond the Personalization–Privacy
Paradox: Privacy Valuation, Transparency Features, and Service Personalization”, Journal of
Management Information Systems, Vol. 34 No. 2, pp. 369–400.
Keith, M.J., Babb, J.S.J., Furner, C.P. and Abdullat, A. (2010), “Privacy Assurance and Network Effects
in The Adoption of Location-Based Services: An Iphone Experiment”, paper presented at the 31st
International Conference on Information Systems, 12-15 December 2010, St. Louis, Missouri,
USA, available at: http://aisel.aisnet.org/icis2010_submissions/237 (accessed 26 March 2017).
Laufer, R.S. and Wolfe, M. (1977), “Privacy as a Concept and a Social Issue: A Multidimensional
Developmental Theory”, Journal of Social Issues, Vol. 33 No. 3, pp. 22–42.
Lee, C.H. and Granage, D.A. (2014), “Personalisation-privacy paradox: The effects of personalisation
and privacy assurance on customer responses to travel Web sites”, Tourism Management, Vol. 32
No. 5, pp. 987-994.
Li, Y. (2011), “Empirical Studies on Online Information Privacy Concerns: Literature Review and an
Integrative Framework”, Communications of the Association for Information Systems, Vol. 28,
pp. 453–496.
Li, Y. (2012), “Theories in online information privacy research: A critical review and an integrated
framework”, Decision Support Systems, Vol. 54 No. 1, pp. 471–481.
Lowry, P.B., Moody, G., Vance, A, Jensen, M., Jenkins, J. and Wells, T (2012), “Using an elaboration
likelihood approach to better understand the persuasiveness of website privacy assurance cues for
online consumers”, Journal of the American Society for Information Science and Technology, Vol.
63 No. 4, pp. 755–776.
Malhotra, N.K., Kim, S.S. and Agarwal, J. (2004), “Internet Users’ Information Privacy Concerns
(IUIPC): The Construct, the Scale, and a Causal Model”, Information Systems Research, Vol. 15
No. 4, pp. 336–355.

Electronic copy available at: https://ssrn.com/abstract=3759731

Mothersbaugh, D.L., Foxx, W.K., Beatty, S.E. and Wang, S. (2012), “Disclosure Antecedents in an
Online Service Context: The Role of Sensitivity of Information”, Journal of Service Research,
Vol. 15 No. 1, pp. 76–98.
Nunnally, J. C. and I. H. Bernstein, (1994). Psychometric theory, McGraw-Hill, New York.
Petronio, S.S. (1991), “Communication boundary management: a theoretical model of managing
disclosure of private information between marital couples”, Communication Theory, Vol. 1 No.
4, pp. 311–335.
Premazzi, K., Castaldo, S., Grosso, M., Raman, P., Brudvig, S. and Hofacker, C.F. (2010), “Customer
Information Sharing with E‑Vendors: The Roles of Incentives and Trust”, International Journal
of Electronic Commerce, Vol. 14, No. 3, pp. 63–91.
Raschke, R.L., Krishen, A.S. and Kachroo, P. (2014), “Understanding the Components of Information
Privacy Threats for Location-Based Services”, Journal of Information Systems, Vol. 28, No. 1,
pp. 227–242.
Rogers, R.W. (1975), “A Protection Motivation Theory of Fear Appeals and Attitude Change”, Journal
of Psychology, Vol. 91 No. 1, pp. 93-114.
Sacha Orloff Group (2014), “Beyond the Digital Divide: Evolving Digital Commerce in the Kingdom
of Saudi Arabia 2014”, available at:
http://media.wix.com/ugd/17fd63_f7f73aaa041b46fc8de638b8544402ab.pdf (accessed 27
August 2017).
Saeed, M.A. and Saleem, M.A. (2015), “Cyber security and data privacy law in Saudi Arabia”, available
at: https://www.financierworldwide.com/cyber-security-and-data-privacy-law-in-saudi-arabia/
(accessed 30 Jun 2018).
Shan, S., Hua, F. and Zeng, Q. (2010), “B2C e-Commerce Consumer Decision-making Model Based
on Perceived Benefit and Perceived Risk”, 2010 International Conference on E-Business and E-
Government, 7-9 May, Guangzhou, China, pp. 2222–2225.
Sharma, S. and Crossler, R. (2014), “Disclosing too much? Situational factors affecting information
disclosure in social commerce environment”, Electronic Commerce Research and Applications,
Vol. 13 No. 5, pp. 305–319
Sheehan, K.B. (1999), “An investigation of gender differences in on-line privacy concerns and resultant
behaviors”, Journal of Interactive Marketing, Vol.13 No. 4, pp. 24–38.
Smith, H.J., Dinev, T. and Xu, H. (2011), “Information Privacy Research: An Interdisciplinary
Review”, MIS Quarterly, Vol. 35 No. 4, pp. 989–1016.
Smith, H.J., Milberg, S.J. and Burke, S.J. (1996),” Information Privacy: Measuring Individuals’
Concerns about Organizational Practices”, MIS Quarterly, Vol. 20 No. 2, pp. 167–196.
Son, J.-Y. and Kim, S.S. (2008), “Internet Users’ Information Privacy-Protective Responses: A
Taxonomy and a Nomological Model”, MIS Quarterly, Vol. 32 No. 3, pp. 503–529.
Tang, Z., Hu, Y. and Smith, M.D. (2008), “Gaining Trust Through Online Privacy Protection: Self-
Regulation, Mandatory Standards, or Caveat Emptor”, Journal of Management Information
Systems, Vol. No. 4, pp. 153–173.
Xu, F., Michael, K. and Chen, X. (2013), “Factors affecting privacy disclosure on social network sites:
an integrated model”, Electronic Commerce Research, Vol. 13 No. 2, pp. 151–168.
Xu, H. (2010), “Locus of Control and Location Privacy: An Empirical Study in Singapore”, Journal of
Global Information Technology Management, Vol. 13 No. 3, pp. 63–87.
Xu, H. Dinev, T., Smith, J. and Hart, P. (2011), “Information Privacy Concerns: Linking Individual
Perceptions with Institutional Privacy Assurances”, Journal of the Association for Information
Systems, Vol. 12 No. 12 pp. 798-824.
Xu, H. Teo, H., Tan, B.C. and Agarwal, R. (2012), “Effects of Individual Self-Protection, Industry Self-
Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based
Services”, Information Systems Research, Vol. 23 No. 4, pp. 1342-1363.
Xu, H., Teo, H., Tan, B.C. and Agarwal, R. (2009), “The Role of Push-Pull Technology in Privacy
Calculus: The Case of Location-Based Services”, Journal of Management Information Systems,
Vol. 26 No. 3, pp. 135–174.

Electronic copy available at: https://ssrn.com/abstract=3759731

Yeh, C., Wang, Y., Lin, S., Tseng, T.H., Lin, H., Shih, Y. and Lai, Y. (2018), “What drives internet
users’ willingness to provide personal information”, Online Information Review, Vol. 42 No. 6,
pp. 923-939.
Zorotheos, A. and Kafeza, E. (2009), “Users’ perceptions on privacy and their intention to transact
online: a study on Greek internet users”, Direct Marketing, Vol. 3 No. 2, pp. 139–153.

Electronic copy available at: https://ssrn.com/abstract=3759731