Do Privacy Statements Really Work? The Effect of Privacy Statements and Fair Information Practices on Trust and Perceived Risk in E-Commerce

Companies today collect, store and process enormous amounts of information in order to identify, gain, and maintain customers. Electronic commerce and advances in database and communication technology allow business to collect and analyze more personal information with greater ease and efficiency than ever before. This has resulted in increased privacy concerns and a lack of trust among consumers. These concerns have prompted the FCC to call for the use of Fair Information Practices in electronic commerce. Many firms have added privacy statements, formal declarations of privacy and security policy, to their e-commerce web sites in an attempt to reduce privacy concerns by increasing consumer trust in the firm and reducing the perceived risk associated with e-commerce transactions. This article describes an experiment designed to determine the efficacy of that strategy.

[1]  Roger Clarke,et al.  Internet privacy concerns confirm the case for intervention , 1999, CACM.

[2]  Robert Hauptman Encyclopedia of Information Ethics and Security , 2007, Encyclopedia of Information Ethics and Security.

[3]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[4]  F. Nelson Ford,et al.  Information Security Effectiveness: Conceptualization and Validation of a Theory , 2007, Int. J. Inf. Secur. Priv..

[5]  Athanasia Pouloudi Addressing Prescription Fraud in the British National Health Service: Technological and Social Considerations , 2001 .

[6]  Fei Peng,et al.  An Effective Reversible Watermarking for 2D CAD Engineering Graphics Based on Improved QIM , 2011, Int. J. Digit. Crime Forensics.

[7]  D. Gefen,et al.  E-commerce: the role of familiarity and trust , 2000 .

[8]  Heikki Karjaluoto,et al.  Consumer acceptance of online banking: an extension of the technology acceptance model , 2004, Internet Res..

[9]  John Hulland,et al.  Use of partial least squares (PLS) in strategic management research: a review of four recent studies , 1999 .

[10]  Amitai Etzioni,et al.  The Limits Of Privacy , 1999 .

[11]  Mary J. Culnan,et al.  Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys , 2002, Inf. Soc..

[12]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[13]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[14]  Bashar Nuseibeh,et al.  Arguing Satisfaction of Security Requirements , 2008 .

[15]  R. Kelly Rainer,et al.  The Influence of Individual Differences on Skill in End-User Computing , 1992, J. Manag. Inf. Syst..

[16]  Aryya Gangopadhyay,et al.  A Privacy Protection Model for Patient Data with Multiple Sensitive Attributes , 2008, Int. J. Inf. Secur. Priv..

[17]  Matthew K. O. Lee,et al.  A Trust Model for Consumer Internet Shopping , 2001, Int. J. Electron. Commer..

[18]  Hengdong Yang,et al.  Privacy Disclosures of Web Sites in Taiwan , 2002 .

[19]  Norman L. Chervany,et al.  What Trust Means in E-Commerce Customer Relationships: An Interdisciplinary Conceptual Typology , 2001, Int. J. Electron. Commer..

[20]  Lisa R. Klein,et al.  The Internet and International Marketing , 1996 .

[21]  Atreyi Kankanhalli,et al.  Investigation of IS professionals' intention to practise secure development of applications , 2007, Int. J. Hum. Comput. Stud..

[22]  M. Culnan,et al.  Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation , 1999 .

[23]  Yao-Hua Tan,et al.  Toward a Generic Model of Trust for Electronic Commerce , 2000, Int. J. Electron. Commer..

[24]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[25]  K. Fernow New York , 1896, American Potato Journal.

[26]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[27]  Viswanath Venkatesh,et al.  Gender and age differences in employee decisions about new technology: an extension to the theory of planned behavior , 2005, IEEE Transactions on Engineering Management.

[28]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[29]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[30]  C. R. Baker,et al.  Information Technology and the Social Construction of Information Privacy , 2001 .

[31]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[32]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[33]  Joline Morrison,et al.  Using a structured design approach to reduce risks in end user spreadsheet development , 2000, Inf. Manag..

[34]  I. Ajzen The theory of planned behavior , 1991 .

[35]  James R. Necessary,et al.  An Examination of Cognitive Dissonance and Computer Attitudes , 1996 .

[36]  C. Hart,et al.  Growing the Trust Relationship , 1999 .

[37]  Garry L. White,et al.  Global Information Security Factors , 2010, Int. J. Inf. Secur. Priv..

[38]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[39]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[40]  Sirkka L. Jarvenpaa,et al.  Consumer trust in an Internet store , 2000, Inf. Technol. Manag..

[41]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[42]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[43]  Geoff Skinner,et al.  A Projection of the Future Effects of Quantum Computation on Information Privacy , 2007, Int. J. Inf. Secur. Priv..

[44]  Joseph A. Cazier,et al.  The Role of Privacy Risk in IT Acceptance: An Empirical Study , 2007, Int. J. Inf. Secur. Priv..

[45]  P. Lunt,et al.  Privacy versus willingness to disclose in e-commerce exchanges: The effect of risk awareness on the relative role of trust and control , 2004 .

[46]  C. Ranganathan,et al.  An Exploratory Examination of Factors Affecting Online Sales , 2002, J. Comput. Inf. Syst..

[47]  Herbert Burkert,et al.  Privacy-enhancing technologies: typology, critique, vision , 1997 .

[48]  George R. Milne,et al.  Avoiding Misuse of New Information Technologies: Legal and Societal Considerations , 1994 .

[49]  Susan A. Brown,et al.  Do I really have to? User acceptance of mandated technology , 2002, Eur. J. Inf. Syst..

[50]  Malcolm Munro,et al.  Understanding and measuring user competence , 1997, Inf. Manag..

[51]  Hongmei Zhang,et al.  Life Cycle Pattern Study of Malicious Codes , 2008, Int. J. Inf. Secur. Priv..

[52]  Andrea L. Larson Network Dyads in Entrepreneurial Settings: A Study of the Governance of Exchange Relationships , 1992 .

[53]  G. Dhillon Information Security Management: Global Challenges in the New Millennium , 2000 .

[54]  V. Venkatesh,et al.  AGE DIFFERENCES IN TECHNOLOGY ADOPTION DECISIONS: IMPLICATIONS FOR A CHANGING WORK FORCE , 2000 .

[55]  Dionysios Politis,et al.  Socioeconomic and Legal Implications of Electronic Intrusion , 2009 .

[56]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[57]  R. Vallerand Toward A Hierarchical Model of Intrinsic and Extrinsic Motivation , 1997 .

[58]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..

[59]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[60]  David Gefen,et al.  Customer Loyalty in E-Commerce , 2002, J. Assoc. Inf. Syst..

[61]  Jane M. Howell,et al.  Influence of Experience on Personal Computer Utilization: Testing a Conceptual Model , 1994, J. Manag. Inf. Syst..

[62]  Steven Guan Secure Agent Roaming under M-Commerce , 2007, Encyclopedia of Information Ethics and Security.

[63]  Domenic Sculli,et al.  The role of trust, quality, value and risk in conducting e-business , 2002, Ind. Manag. Data Syst..

[64]  Santo Banerjee,et al.  Chaos Synchronization and Cryptography for Secure Communications: Applications for Encryption , 2010 .

[65]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[66]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[67]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[68]  Mary Ellen Zurko User-centered security: stepping up to the grand challenge , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[69]  Peter A. Todd,et al.  Assessing IT usage: the role of prior experience , 1995 .

[70]  M.S.M. Noorani,et al.  Mathematical Treatment for Constructing a countermeasure against the one time pad attack on the Baptista Type Cryptosystem , 2011 .

[71]  Jun Zheng,et al.  Handbook of Research on Wireless Security , 2008 .

[72]  Donna L. Hoffman,et al.  Building consumer trust online , 1999, CACM.

[73]  John P. Ceraolo Penetration Testing Through Social Engineering , 1996, Inf. Secur. J. A Glob. Perspect..

[74]  M. Angela Sasse,et al.  Pretty good persuasion: a first step towards effective password security in the real world , 2001, NSPW '01.

[75]  A. Langsford,et al.  OSI management and job transfer services , 1983, Proceedings of the IEEE.

[76]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[77]  Allen C. Johnston,et al.  Rootkits and What we Know: Assessing US and Korean Knowledge and Perceptions , 2007, Int. J. Inf. Secur. Priv..

[78]  Supriya Singh,et al.  What is your husband's name?: sociological dimensions of internet banking authentication , 2006, OZCHI '06.

[79]  Mohammad Rahim,et al.  A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security , 2005, PACIS.

[80]  Brent Waters,et al.  A convenient method for securely managing passwords , 2005, WWW '05.

[81]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[82]  Ming Yang,et al.  Cryptographic and Steganographic Approaches to Ensure Multimedia Information Security and Privacy , 2009, Int. J. Inf. Secur. Priv..

[83]  Judith Rauhofer,et al.  Intrusion in the Sphere of Personal Communications , 2009 .

[84]  David M. Kristol,et al.  HTTP Cookies: Standards, privacy, and politics , 2001, TOIT.

[85]  S. Hunt,et al.  The Commitment-Trust Theory of Relationship Marketing , 1994 .

[86]  Eric Maiwald,et al.  Network Security: A Beginner's Guide , 2001 .

[87]  James Bessen Riding the marketing information wave , 1993 .

[88]  Xianggui Qu,et al.  Multivariate Data Analysis , 2007, Technometrics.

[89]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[90]  Joseph Migga Kizza Securing the information infrastructure , 2007 .