Abstract
Recent scholarship in business ethics has revealed the importance of privacy expectations as they relate to implicit privacy norms and the business practices that may violate these expectations. Yet, it is unclear how and when businesses may violate these expectations, factors that form or influence privacy expectations, or whether or not expectations have in fact been violated by company actions. This article reports the findings of three studies exploring how and when the corporate dissemination of consumer data violates privacy expectations. The results indicate that consumer sentiment is more negative following intentional releases of sensitive consumer data, but the effect of data dissemination is more complex than that of company intentionality and data sensitivity alone. Companies can effectively set, and re-affirm, privacy expectations via consent procedures preceding and succeeding data dissemination notifications. Although implied consent has become more widely used in practice, we show how explicit consent outperforms implied consent in these regards. Importantly, this research provides process evidence that identifies perceived violation of privacy expectations as the underlying mechanism to explain the deleterious effects, on consumer sentiment, when company actions are misaligned with consumers’ privacy expectations. Ethical implications for companies collecting and disseminating consumer information are offered.
Similar content being viewed by others
References
Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8).
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514.
Altman, I. (1975). Environment and social behavior: Privacy, personal space, territory, and crowding. Monterey, CA: Brooks/Cole.
Baca-Motes, K., Brown, A., Gneezy, A., Keenan, E. A., & Nelson, L. D. (2013). Commitment and behavior change: Evidence from the field. Journal of Consumer Research, 39(5), 1070–1084.
Brenkert, G. G. (1981). Privacy, polygraphs and work. Business and Professional Ethics Journal, 1(1), 19–35.
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.
Cranor, L. F. (2012). Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10, 273.
Disney (2015). Privacy policy. https://disneyprivacycenter.com/privacy-policy-translations/english/#DIMGQuestion4. Accessed May 25, 2016.
Dommeyer, C. J., & Gross, B. L. (2003). What consumers know and what they do: An investigation of consumer knowledge, awareness, and use of privacy protection strategies. Journal of Interactive Marketing, 17(2), 34–51.
Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.
Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.
Easton, R. B., Graber, M. A., Monnahan, J., & Hughes, J. (2007). Defining the scope of implied consent in the emergency department. The American Journal of Bioethics, 7(12), 35–38.
Facebook (2013). Important message from Facebook’s white hat program. https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766. Accessed December 19, 2015.
Federal Trade Commission. (2009). The CAN-SPAM Act: A compliance guide for business. https://www.ftc.gov/system/files/documents/plain-language/bus61-can-spam-act-compliance-guide-business.pdf. Accessed December 1, 2016.
Federal Trade Commission. (2011). FTC charges deceptive privacy practices in Google’s rollout of its buzz social network. http://Ftc.Gov/Opa/2011/03/Googleshtm. Accessed December 1, 2016.
Federal Trade Commission. (2014). Data brokers: A call for transparency and accountability. Www.Ftc.Gov/System/Files/Documents/Reports/Data-Brokers-Call-Transparency-Accountabilityreport-Federal-Trade-Commission-may-2014/140527databrokerreport.Pdf. Accessed December 1, 2016.
Finkle, J. (2013). Adobe data breach more extensive than previously disclosed. Reuters, http://www.reuters.com/article/us-adobe-cyberattack-idUSBRE99S1DJ20131029. Accessed December 19, 2015.
Fredrix, E. (2005). Ameritrade loses backup tape containing 200 K client files. http://usatoday30.usatoday.com/tech/news/computersecurity/infotheft/2005-04-20-ameritrade-files-lost_x.htm. Accessed December 1, 2016.
Garcia, A. (2015). Target settles for $39 million over data breach. http://money.cnn.com/2015/12/02/news/companies/target-data-breach-settlement. Accessed September 1, 2016.
Google. (2016). Privacy policy. http://www.google.com/policies/privacy. Accessed December 1, 2016.
Harris, K. D. (2016). California Data Breach Report 2012-2015. https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Accessed May 25, 2016.
Hayes, A. F. (2013). Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Press.
Heide, J. B., Wathne, K. H., & Rokkan, A. I. (2007). Interfirm monitoring, social contracts, and relationship outcomes. Journal of Marketing Research, 44(3), 425–433.
Huh, Y. E., Vosgerau, J., & Morewedge, C. K. (2014). Social defaults: Observed choices become choice defaults. Journal of Consumer Research, 41(3), 746–760.
Janssen, A., & Gevers, S. (2005). Explicit or implied consent and organ donation post-mortem: Does it matter. Medicine and Law, 24(3), 575–583.
Johnson, E. J., Bellman, S., & Lohse, G. L. (2002). Defaults, framing and privacy: Why opting in-opting out. Marketing Letters, 13(1), 5–15.
Johnson, E. J., & Goldstein, D. (2003). Do defaults save lives? Science, 302(5649), 1338–1339.
Kang, J., & Hustvedt, G. (2014). Building trust between consumers and corporations: The role of consumer perceptions of transparency and social responsibility. Journal of Business Ethics, 125(2), 253–265.
Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91.
Kelly, E. (2017). Congress tackles major privacy, surveillance issues. USA Today https://www.usatoday.com/story/news/politics/2017/04/12/congress-tackles-major-privacy-surveillance-issues/100335168. Accessed April 16, 2017.
Kroft, S. (2014). The data brokers: Selling your personal information. CBS News. http://www.cbsnews.com/news/the-data-brokers-selling-your-personal-information/. Accessed October 5, 2015.
Lombrozo, T. (2010). Causal–explanatory pluralism: How intentions, functions, and mechanisms influence causal ascriptions. Cognitive Psychology, 61(4), 303–332.
Lowry, P. B., Posey, C., Roberts, T. L., & Bennett, R. J. (2014). Is your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuse. Journal of Business Ethics, 121(3), 385–401.
Luo, X., Raithel, S., & Wiles, M. A. (2013). The impact of brand rating dispersion on firm value. Journal of Marketing Research, 50(3), 399–415.
Madden, M. (2014). Public perceptions of privacy and security in the post-Snowden era. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions. Accessed December 1, 2016.
Martin, K. (2012). Diminished or just different? A factorial vignette study of privacy as a social contract. Journal of Business Ethics, 111(4), 519–539.
Martin, K. (2015). Privacy notices as tabula rasa: An empirical investigation into how complying with a privacy notice is related to meeting privacy expectations online. Journal of Public Policy & Marketing, 34(2), 210–227.
Martin, K. (2016). Understanding privacy online: Development of a social contract approach to privacy. Journal of Business Ethics, 137(3), 551–569.
Martin, K., & Shilton, K. (2015). Why experience matters to privacy: How context-based experience moderates consumer privacy expectations for mobile applications. Journal of the Association for Information Science and Technology, 67(8), 1871–1882.
Martin, K., & Shilton, K. (2016). Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society, 32(3), 200–216.
Micewski, E. R., & Troy, C. (2007). Business ethics–deontologically revisited. Journal of Business Ethics, 72(1), 17–25.
Milne, G. R. (2000). Privacy and ethical issues in database/interactive marketing and public policy: A research framework and overview of the special issue. Journal of Public Policy & Marketing, 19(1), 1–6.
Milne, G. R., & Bahl, S. (2010). Are there differences between consumers’ and marketers’ privacy expectations? A segment-and technology-level analysis. Journal of Public Policy & Marketing, 29(1), 138–149.
Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. Journal of Interactive Marketing, 18(3), 15–29.
Milne, G. R., Culnan, M. J., & Greene, H. (2006). A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2), 238–249.
Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing, 12(2), 206–215.
Mothersbaugh, L. D., Foxx, W. K., II, Beatty, S. E., & Wang, S. (2011). Disclosure antecedents in an online service context: The role of sensitivity of information. Journal of Service Research, 15(1), 76–98.
Newman, G. E., Gorlin, M., & Dhar, R. (2014). When going green backfires: How firm intentions shape the evaluation of socially beneficial product enhancements. Journal of Consumer Research, 41(3), 823–839.
Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79, 101–139.
Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford Law Books.
Nissenbaum, H. (2015). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics. doi:10.1007/s11948-015-9674-9
Nowak, G. J., & Phelps, J. (1997). Direct marketing and the use of individual-level consumer information: Determining how and when “privacy” matters. Journal of Interactive Marketing, 11(4), 94–108.
Nunan, D., & Di Domenico, M. (2015). Big data: A normal accident waiting to happen? Journal of Business Ethics. doi:10.1007/s10551-015-2904-x
Ohm, P. (2015). Sensitive information. Southern California Law Review, 88(5), 1125–1196.
Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.
Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27–41.
Pizarro, D., Uhlmann, E., & Salovey, P. (2003). Asymmetry in judgments of moral blame and praise the role of perceived metadesires. Psychological Science, 14(3), 267–272.
Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.
Quick, M., Hollowood, E., Miles, C., & Hampson, D. (2017). World’s biggest data breaches. Informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks. Accessed April 16, 2017.
Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.
Robinson, S. L., & Morrison, E. W. (2000). The development of psychological contract breach and violation: A longitudinal study. Journal of organizational Behavior, 21(5), 525–546.
Rousseau, D. M. (1989). Psychological and implied contracts in organizations. Employee Responsibilities and Rights Journal, 2(2), 121–139.
Russo-Spena, T., Tregua, M., & De Chiara, A. (2016). Trends and drivers in CSR disclosure: A focus on reporting practices in the automotive industry. Journal of Business Ethics, 1–16.
Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of privacy concern among online consumers. Journal of Public Policy & Marketing, 19(1), 62–73.
Smith, N. C., Goldstein, D. G., & Johnson, E. J. (2013). Choice without awareness: Ethical and policy implications of defaults. Journal of Public Policy & Marketing, 32(2), 159–172.
Stohl, C., Etter, M., Banghart, S., & Woo, D. (2015). Social media policies: Implications for contemporary notions of corporate social responsibility. Journal of Business Ethics. doi:10.1007/s10551-015-2743-9
Target. (2016). Privacy policy. http://www.target.com/spot/privacy-policy. Accessed May 25, 2016.
Tom, G., Barnett, T., Lew, W., & Selmants, J. (1987). Cueing the consumer: The role of salient cues in consumer perception. Journal of Consumer Marketing, 4(2), 23–27.
Veatch, R. M. (2007). Implied, presumed and waived consent: The relative moral wrongs of under-and over-informing. The American Journal of Bioethics, 7(12), 39–54.
Walker, K. L. (2016). Surrendering information through the looking glass: Transparency, trust, and protection. Journal of Public Policy & Marketing, 35(1), 144–158.
Zhou, W., & Piramuthu, S. (2015). Information relevance model of customized privacy for IoT. Journal of Business Ethics, 131(1), 19–30.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Electronic supplementary material
Below is the link to the electronic supplementary material.
Appendix
Appendix
Study 1: Example Companies by Industry
Industry | Companies |
---|---|
E-commerce | Ebay |
Amazon | |
Cardpool.com | |
Retail | Target |
Walmart | |
Costco | |
Finance | Bank of America |
USAA | |
Citibank | |
Electronics | Apple |
Samsung | |
Best Buy | |
Telecom/entertainment | Comcast |
Bravo | |
AT&T | |
Miscellaneous | US Air Force |
Kroger | |
Mary Kay |
Rights and permissions
About this article
Cite this article
Wright, S.A., Xie, GX. Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations. J Bus Ethics 156, 123–140 (2019). https://doi.org/10.1007/s10551-017-3553-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10551-017-3553-z