E-Commerce and Privacy: Exploring What We Know and Opportunities for Future Discovery

Electronic commerce (e-commerce) has a built-in trade-off between the necessity of providing at least some personal information to consummate an online transaction and the risk of negative consequences from providing such information. This requirement and the increased sophistication of companies' personal information gathering have made e-commerce privacy a critical issue and have spawned a broad research literature that is reviewed in this paper. Key research issues and findings are organized, using a framework defined by four key stakeholder groups-companies, customers, privacy solution providers (PSPs), and governments-as well as the interactions among them. The review indicates that the published research on ecommerce privacy peaked in the early 2000s; thus, it has not addressed many of the technological advances and other relevant developments of the past decade. Potential research opportunities for researchers in Management Information Systems (MIS) and Accounting Information Systems (AIS) include: company privacy strategies, operations, disclosures, and compliance practices; customer privacy concerns arising from company practices such as Internet activity tracking, physical location tracking, personal information gathering by social networks, and information exchanges in cloud computing environments; privacy-enhancing technologies, controls, and assurance practices developed by PSPs; and privacy regulations relating to various industries, countries, and cultures. More use of experimental and archival research is encouraged.