Information technology and the Internet have added a new stakeholder concern to the corporate social responsibility (CSR) agenda: online privacy. While theory suggests that online privacy is a CSR, only very few studies in the business ethics literature have connected these two. Based on a study of CSR disclosures, this article contributes to the existing literature by exploring whether and how the largest IT companies embrace online privacy as a CSR. The findings indicate that only a small proportion of the companies have comprehensive privacy programs, although more than half of them voice moral or relational motives for addressing online privacy. The privacy measures they have taken are primarily compliance measures, while measures that stimulate a stakeholder dialogue are rare. Overall, a wide variety of approaches to addressing privacy was found, which suggests that no institutionalization of privacy practices has taken place as yet. The study therefore indicates that online privacy is rather new on the CSR agenda, currently playing only a minor role.