Information privacy: Corporate management and national regulation

The 1990s have seen a resurgence of interest in information privacy. Public opinion surveys show that many citizens are becoming greatly concerned about threats to their information privacy, with levels of such concern reaching all-time highs. Perhaps as a response to the growing concerns of citizens, the media are devoting more attention to privacy issues, and governmental regulation of the corporate privacy environment is increasing in many countries. Almost all developed countries have grappled with the trade-offs between open access to information-which enables economic efficiency-and an individual's right to privacy. Consistent with these trade-offs, many recent incidents suggest that regulatory approaches to information privacy, corporate management of personal data, and consumer reactions are becoming tightly interwoven around the world. To provide some insights into these relationships, we develop a conceptual model and test it with a cross-cultural sample from 19 different countries. In general, we find that a country's regulatory approach to the corporate management of information privacy is affected by its cultural values and by individuals' information privacy concerns. In addition, as governments become more involved in the corporate management of information privacy, internal management of such issues seems to tighten. This result supports previous observations that most firms take a primarily reactive approach to managing privacy by waiting for an external threat before crafting cohesive policies that confront their information practices. Moreover, when corporations are not perceived to adequately manage information privacy issues, and/or when privacy concerns rise, individuals are more inclined to prefer government intervention and be distrustful of firm self-regulation. As such, citizens may look to lawmakers to enact stricter regulation to reduce their privacy concerns. These findings and several international trends suggest that the self-regulatory model of privacy governance may not be sustainable over the long term. Findings from this research constitute an important contribution to the emerging theoretical base of information privacy research and should be particularly enlightening to those managing information privacy issues. Several directions for future research are also discussed.