Journal of Business Ethics

, Volume 111, Issue 4, pp 519–539

Diminished or Just Different? A Factorial Vignette Study of Privacy as a Social Contract



A growing body of theory has focused on privacy as being contextually defined, where individuals have highly particularized judgments about the appropriateness of what, why, how, and to whom information flows within a specific context. Such a social contract understanding of privacy could produce more practical guidance for organizations and managers who have employees, users, and future customers all with possibly different conceptions of privacy across contexts. However, this theoretical suggestion, while intuitively appealing, has not been empirically examined. This study validates a social contract approach to privacy by examining whether and how privacy norms vary across communities and contractors. The findings from this theoretical examination support the use of contractual business ethics to understand privacy in research and in practice. As predicted, insiders to a community had significantly different understandings of privacy norms as compared to outsiders. In addition, all respondents held different privacy norms across hypothetical contexts, thereby suggesting privacy norms are contextually understood within a particular community of individuals. The findings support two conclusions. First, individuals hold different privacy norms without necessarily having diminished expectations of privacy. Individuals differed on the factors they considered important in calculating privacy expectations, yet all groups had robust privacy expectations across contexts. Second, outsiders have difficulty in understanding the privacy norms of a particular community. For managers and scholars, this renders privacy expectations more difficult to identify at a distance or in deductive research. The findings speak directly to the needs of organizations to manage a diverse set of privacy issues across stakeholder groups.


Privacy Social contract theory Contractual business ethics Factorial vignette methodology Survey 


  1. Acquisti, A., & Gross, R. (2006). Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Privacy enhancing technology (pp. 36–58).Google Scholar
  2. Alder, G. S., Schminke, M., & Noel, T. W. (2007). The impact of individual ethics on reactions to potentially invasive HR practices. Journal of Business Ethics, 75(2), 201–214.CrossRefGoogle Scholar
  3. Allen, A. L. (1999). Coercing privacy. William and Mary Law Review, 40, 723.Google Scholar
  4. Angst, C. M., & Agarwal, R. (2009). Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion, MIS Quarterly, 33(2), 339–370.Google Scholar
  5. Appelbaum, L. D., Lennon, M. C., & Aber, J. L. (2006). When effort is threatening: the influence of the belief in a just world on Americans’ attitudes toward antipoverty policy. Political Psychology, 27(3), 387–402.CrossRefGoogle Scholar
  6. Ashworth, L., & Free, C. (2006). Marketing dataveillance and digital privacy: Using theories of justice to understand consumers’ online privacy concerns. Journal of Business Ethics, 67(2), 107–123.CrossRefGoogle Scholar
  7. Awad, N. F., & Krishman, M. S. (2006). The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly, 30(1), 13–28.Google Scholar
  8. Bailey, W., & Spicer, A. (2007). When does National Identity Matter? Convergence and divergence in international business ethics. Academy of Management Journal, 50(6).Google Scholar
  9. Beales, H. J., & Muris, T. J. (2008). Choice or consequences: Protecting privacy in commercial information. The University of Chicago Law Review, 75(1), 109–135.Google Scholar
  10. Bennett, C. (1992). Regulating privacy. Ithaca: Cornell University Press.Google Scholar
  11. Borna, S., & Avila, S. (1999). Genetic information: Consumers’ right to privacy versus insurance companies’ right to know a public opinion survey. Journal of Business Ethics, 19(4), 355–362.CrossRefGoogle Scholar
  12. Brenkert, G. (1981). Privacy, polygraphs, and work. Business and Professional Ethics Journal, 1, 23.Google Scholar
  13. Charters, D. (2002). Electronic monitoring and privacy issues in business-marketing: The ethics of the doubleclick experience. Journal of Business Ethics, 35(4), 243–254.CrossRefGoogle Scholar
  14. Coase, R. H. (1937). The nature of the firm. Economica, 4(16), 386–405.CrossRefGoogle Scholar
  15. Culnan, M. J. (1993). How did they get my name? An exploratory investigation of computer attitudes toward secondary information use. MIS Quarterly, 17, 341–364.CrossRefGoogle Scholar
  16. Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104–115.CrossRefGoogle Scholar
  17. Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: Balancing economic and justice considerations. Journal of Social Issues, 59(2), 323–342.CrossRefGoogle Scholar
  18. Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: Lessons from the choicepoint and tjx data breaches. MIS Quarterly, 33(4), 673–687.Google Scholar
  19. Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.Google Scholar
  20. Donaldson, T., & Dunfee, T. W. (2002). Ties that bind in business ethics: Social contracts and why they matter. Journal of Banking and Finance, 26(9), 1853–1865.CrossRefGoogle Scholar
  21. Donaldson, T., & Dunfee, T. W. (1999). Ties that bind: A social contract approach to business ethics. Cambridge, MA: Harvard Business School Press.Google Scholar
  22. Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.CrossRefGoogle Scholar
  23. Elgesem, D. (1999). The structure of rights in Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and the free movement of such data. Ethics and Information Technology, 1(4), 283–293.CrossRefGoogle Scholar
  24. Floridi, L. (2006). Four challenges for a theory of informational privacy. Ethics and Information Technology, 8(3), 109–119.CrossRefGoogle Scholar
  25. Fried, C. (1984). Privacy. In F. D. Schoeman (Ed.), Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge University Press.Google Scholar
  26. Ganong, L. H., & Coleman, M. (2006). Multiple segment factorial vignette designs. Journal of Marriage and Family, 69(2), 455–468.CrossRefGoogle Scholar
  27. Glac, K., & Kim, T. W. (2009). The “I” in ISCT: Normative and empirical facets of integration. Journal of Business Ethics, 88(4), 693–705.CrossRefGoogle Scholar
  28. Heugens, P. P. M. A. R., van Oosterhout, J., & Kaptein, S. P. (2006). Foundations and applications for contractualist business ethics. Journal of Business Ethics, 68(3), 211–228.CrossRefGoogle Scholar
  29. Husted, B. W. (1999). A critique of the empirical methods of integrative social contracts theory. Journal of Business Ethics, 20(3), 227–235.CrossRefGoogle Scholar
  30. Jasso, G. (1990). Factorial survey methods for studying beliefs and judgments. Sociology Methods and Research, 34(3), 334–423.CrossRefGoogle Scholar
  31. Jasso, G. (2006). Factorial survey methods for studying beliefs and judgments. Sociological Methods and Research, 34(3), 334–423.CrossRefGoogle Scholar
  32. Jasso, G., & Opp, K. (1997). Probing the character of norms: A factorial survey analysis of the norms of political action. American Sociological Review, 62, 947–964.CrossRefGoogle Scholar
  33. Jiang, X., Hong, J. L., & Landay, J. A. (2002). Approximate information flows: Socially based modeling of privacy in Ubiquitous Computing, Ubicomp 2002: ubiquitous computing (pp. 176–193).Google Scholar
  34. Johnson, D. (2001). Computer ethics (3rd ed.). Upper Saddle River, NJ: Prentice Hall.Google Scholar
  35. Johnson, D. (2004). Computer ethics. In L. Floridi (Ed.), The Blackwell guide to the philosophy of computing and information (pp. 64–75). Malden, MA: Blackwell.Google Scholar
  36. Katz, N., & Koenig, G. (2001). Sports teams as a model for workplace teams: Lessons and liabilities. Academy of Management Executive, 15(3), 56–69.CrossRefGoogle Scholar
  37. Kennedy, P. (2003). A guide to econometrics (5th ed.). Cambridge, MA: MIT Press.Google Scholar
  38. Kuo, F., Lin, C., & Hsu, M. (2007). Assessing gender differences in computer professionals’ self-regulatory efficacy concerning information privacy practices. Journal of Business Ethics, 73(2), 145–160.CrossRefGoogle Scholar
  39. Levitt, S. D., & List, J. A. (2007). What do laboratory experiments measuring social preferences reveal about the real world? The Journal of Economic Perspectives, 21(2), 153–174.CrossRefGoogle Scholar
  40. Lynch, J. (1982). The concept of external validity. Journal of Consumer Research, 9(3), 240–244.CrossRefGoogle Scholar
  41. Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.CrossRefGoogle Scholar
  42. Martin, K. (2010). Privacy revisited: From Lady Godiva’s Peeping Tom to Facebook’s Beacon Program. In D. E. Palmer (Ed.), Ethical issues in e-business: Models and frameworks. IGI Global: Hershey.Google Scholar
  43. Martin, K., & Freeman, R. E. (2003). Some problems with employee monitoring. Journal of Business Ethics, 43, 353–361.CrossRefGoogle Scholar
  44. Milberg, S. J., Smith, H. J., & Burke, S. J. (2000). Information privacy: Corporate management and national regulation. Organization Science, 11(1), 35–57.CrossRefGoogle Scholar
  45. Miller, S., & Weckert, J. (2000). Privacy, the workplace and the Internet. Journal of Business Ethics, 28(3), 255–265.CrossRefGoogle Scholar
  46. Moor, J. (1997). Towards a theory of privacy in the information age. Computers and Society, 27, 27–32.CrossRefGoogle Scholar
  47. Mossholder, K. W., Giles, W. F., & Wesolowski, M. A. (1991). Information privacy and performance appraisal: An examination of employee perceptions and reactions. Journal of Business Ethics, 10(2), 151–156.CrossRefGoogle Scholar
  48. Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1), 119–158.Google Scholar
  49. Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Standford, CA: Stanford University Press.Google Scholar
  50. Nock, S., & Gutterbock, T. M. (2010). Survey experiments. In J. Wright & P. Marsden (Eds.), Handbook of survey research (2nd ed.). Amsterdam: Elsevier.Google Scholar
  51. O’Connell, A. A. (2006). Logistic regression models for ordinal response variables. Thousand Oaks, CA: SAGE.Google Scholar
  52. Oz, E. (2001). Organizational commitment and ethical behavior: An empirical study of information system professionals. Journal of Business Ethics, 34(2), 137–142.CrossRefGoogle Scholar
  53. Pavlau, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective. MIS Quarterly, 31(1), 105–136.Google Scholar
  54. Persson, A. J., & Hansson, S. O. (2003). Privacy at work—ethical criteria. Journal of Business Ethics, 42(1), 59–70.CrossRefGoogle Scholar
  55. Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.CrossRefGoogle Scholar
  56. Phillips, R. A., & Johnson-Cramer, M. E. (2006). Ties that unwind: Dynamism in integrative social contracts theory. Journal of Business Ethics, 38(3), 283–302.CrossRefGoogle Scholar
  57. Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.CrossRefGoogle Scholar
  58. Rachels, J. (1975). Why is privacy important? Philosophy & Public Affairs, 4(4), 323–333.Google Scholar
  59. Robertson, D. C., & Ross, W. T. (1995). Decision-making processes on ethical issues: the impact of a social contract perspective. Business Ethics Quarterly, 5(2), 213–240.CrossRefGoogle Scholar
  60. Rosen, J. (2010). The Web means the end of forgetting. The New York Times, July 21, 2010.
  61. Rossi, P., & Nock, S. (Eds.). (1982). Measuring social judgments: The factorial survey approach. Beverly Hills: SAGE.Google Scholar
  62. Schoeman, F. (Ed.). (1984). Privacy: Philosophical dimensions of the literature. In Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge University Press.Google Scholar
  63. Shaw, T. R. (2003). The moral intensity of privacy: An empirical study of Webmaster’ attitudes. Journal of Business Ethics, 46(4), 301–318.CrossRefGoogle Scholar
  64. Singleton, S. (1998). Privacy as censorship. Cato Institute: Policy Analysis, 295, 1–32.Google Scholar
  65. Smith, H. J. (2004). Information privacy and its management. MIS Quarterly Executive, 3(4), 291–313.Google Scholar
  66. Smith, J. H., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review, MIS Quarterly, 35(4), 989–1015.Google Scholar
  67. Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quarterly, 20(2), 167–196.CrossRefGoogle Scholar
  68. Smith, N. C., Simpson, S. S., & Huang, C. (2007). Why managers fail to do the right thing: An empirical study of unethical and illegal conduct. Business Ethics Quarterly, 17(4), 633–667.CrossRefGoogle Scholar
  69. Smith, W. P., & Tabak, F. (2009). Monitoring employee e-mails: Is there any room for privacy? Academy of Management Perspectives, 23(4), 33–48.CrossRefGoogle Scholar
  70. Solove, D. J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154(3), 477.CrossRefGoogle Scholar
  71. Son, J. Y., & Kim, S. S. (2008). Internet users’ information privacy-protective responses: A taxonomy and a nomological model. MIS Quarterly, 32(3), 503–529.Google Scholar
  72. Soule, E. (2002). Managerial moral strategies—in search of a few good principles. Academy of Management Journal, 27, 114–124.Google Scholar
  73. Spicer, A., Dunfee, T. W., & Bailey, W. J. (2004). Does national context matter in ethical decision making? An empirical test of integrated social contracts theory. Academy of Management Review, 47(4), 610–620.CrossRefGoogle Scholar
  74. Straub, D. W., & Collins, R. W. (1990). Key information liability issues facing managers: Software piracy, proprietary databases, and individual rights to privacy. MIS Quarterly, 14(2), 143–156.CrossRefGoogle Scholar
  75. Strong, K. C., & Ringer, R. C. (2000). An examination of integrative social contracts theory: Social hypernorms and authentic community norms in corporate drug testing programs. Employee Responsibilities and Rights Journal, 12(4), 237–247.CrossRefGoogle Scholar
  76. Tavani, H. T. (2008). Floridi’s ontological theory of informational privacy: Some implications and challenges. Ethics and Information Technology, 10(2/3), 155–166.CrossRefGoogle Scholar
  77. Taylor, B. J. (2006). Factorial surveys: Using vignettes to study professional judgment. British Journal of Social Work, 36, 1187–1207.CrossRefGoogle Scholar
  78. Thompson, J. A., & Hart, D. W. (2006). Psychological contracts: A nano-level perspective on social contract theory. Journal of Business Ethics, 68(3), 229–241.CrossRefGoogle Scholar
  79. Thurman, Q. C., Lam, J. A., & Rossi, P. H. (1988). Sorting out the cuckoo’s nest: A factorial survey approach to the study of popular conceptions of mental illness. The Sociological Quarterly, 29(4), 565–588.CrossRefGoogle Scholar
  80. Van de Hoven, J. (2008). Information technology, privacy, and the protection of personal data. In J. Weckert & J. Van de Hoven (Eds.), Information technology and moral philosophy (pp. 301–321). Cambridge: Cambridge University Press.Google Scholar
  81. van Oosterhout, J., Heugens, P., & Kaptein, M. (2006). The internal morality of contracting: Advancing the contractualist endeavor in business ethics. Academy of Management Review, 31(3), 521–539.CrossRefGoogle Scholar
  82. Wallander, L. (2009). 25 years of factorial surveys in sociology: A review. Social Science Research, 38, 505–520.CrossRefGoogle Scholar
  83. Walzer, M. (2006). Thick and thin: Moral argument at home and abroad. South Bend, IN: University of Notre Dame Press.Google Scholar
  84. Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.CrossRefGoogle Scholar
  85. Weber, J. (1992). Scenarios in business ethics research: Review, critical assessment, and recommendations. Business Ethics Quarterly, 2(2), 137–160.CrossRefGoogle Scholar
  86. Wempe, B. (2005). In defense of a self-disciplined, domain-specific social contract theory of business ethics. Business Ethics Quarterly, 15(1), 113–135.CrossRefGoogle Scholar
  87. Westin, A. (1967). Privacy and freedom. New York: Atheneum.Google Scholar
  88. Winter, S. J., Stylianou, A. C., & Giacalone, R. A. (2004). Individual differences in the acceptability of unethical information technology practices: The case of Machiavellianism and ethical ideology. Journal of Business Ethics, 54(3), 275–296.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  1. 1.The Catholic University of AmericaWashingtonUSA

Personalised recommendations