SEARCH

SEARCH BY CITATION

Abstract

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

This research reveals three perceptual themes or “rules of engagement” used by consumers when personal information is requested in online exchanges. The themes—the criticality of the exchange, felt invasion, and fair play—underlie the choice of responses from compliance to blatant falsification of information to company requests. Identified from consumers' in-depth interviews, these themes, along with the range and variations of response behaviors, reveal that consumers' motivations vary from very simple rules to more customized rules. Our findings may help firms understand consumers' interpretation of online informational requests better and identify factors that influence how consumers respond.

The exponential growth of the online marketplace and the enhanced capability of online companies to collect, store, transfer, and analyze consumer data have raised concerns about online privacy (FTC 2000). Although search and transaction data are easily collectible, acquiring visitor, shopper, and customer information is deemed by many marketers to be key to creating a competitive advantage in online environments (Andrade, Kaltcheva and Weitz 2002; Denise and Geoffrey 2002; Sijun, Beatty and Foxx 2004). Using information about consumers and their shopping habits and preferences, marketers seek to customize and personalize customer benefits to build stronger relationships (Bush, Venable and Bush 2000; Gauzente and Ranchhod 2001; Stead and Gilbert 2001). To gain this information, marketers need consumers to respond willingly to requests for personal information with honest and accurate answers.

In a cluttered marketplace, consumers would be expected to seek efficient, customized solutions to their needs. Yet some evidence indicates that large numbers of consumers deliberately falsify information in Web site exchanges (Fox 2005). Thus, it becomes vitally important to understand how consumers perceive and respond to such requests, particularly how they counterbalance the firms' desire for information with their own desire for privacy in the relationship (Carroll 2002; Charters 2002).

From a firm's perspective, the cost of not addressing this issue is quite high. According to Meister (2006), inaccurate data cost[s] the U.S. economy six hundred billion dollars annually—5% of the American GDP. “This is in real tangible costs such as unnecessary postage, printing and staff overhead” (p.1). As a result of bad information—deliberate or otherwise—Krill (2000) estimated that 75% of companies that use Consumer Relationship Management (CRM) systems are unable to create an accurate and comprehensive profile of customers, which limits their ability to provide promised personalized services. It is estimated that “more than 25 percent of critical data in Fortune 1000 companies will continue to be flawed, that is, the information will be inaccurate, incomplete or duplicated [and] three-quarters of large enterprises will make little to no progress towards improving data quality until 2010” (Gartner, Inc. 2007).

Krill (2000) estimated the average cost of data cleanup for a firm at about $1 million. Data cleanup involves making the data collected usable in form and nature and includes correcting or deleting data which is in an incorrect format and removing duplicate postings or data which is blatantly false (e.g., names like Mickey Mouse). This figure does not even cover the costs that companies may incur as a result of managing deliberately falsified data, which are harder to identify and correct. From a public policy perspective, the Federal Trade Commission (FTC), among other entities, is concerned with the collection and protection of consumer personal information. Their focus includes the implementation of privacy protection practices required of financial institutions under the Gramm-Leach-Bliley Financial Modernization Act of 1999, as well as pursuing actions against companies that do not adequately protect customer data (FTC 2007a; 2008).

Understanding how customers choose to negotiate the online environment with marketers (i.e., how they decide when and what information to share) is crucial to improving the delivered products, services, and experiences with online marketers, as well as informing public policy. The purpose of this research is to discover rules, if any, that consumers use in online exchanges. To do this, unstructured interviews were used rather than relying on the documentation of practices, as previous research has done.

The rest of the paper is organized along the following lines. We first briefly discuss the existing literature on consumer privacy concerns and consumer responses to those concerns. Then we introduce the overarching model of consumer response and discuss the method and the results. We conclude the paper with a discussion of the findings and their relevance to academic literature, public policy makers and consumers.

Dimensions of Consumer Privacy Concerns

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

The public's concern with the way businesses handle the personal information they collect about their customers has increased since 1999 and two-thirds believe they have lost control over how it is collected and used (Taylor 2003). Lawmakers cognizant of consumer concerns have passed laws like the Gramm-Leach-Bliley Financial Modernization Act of 1999, The Identity Theft and Assumption Deterrence Act (1998), and the Fair and Accurate Credit Transactions Act of 2003 (FACTA) (FTC 2007a, Linnhoff and Langenderfer 2004). Legislation such as this has arisen, in part, because of greater consciousness about the value and uses of personal data, concerns about identity theft, and the ease with which identity thieves have used the online environment to their advantage (Milne, Rohm, and Bahl 2004).

Online exchanges, by their very nature, are remote exchanges over which consumers have limited physical control and no physical access to those providing the service at the time. Privacy concerns for consumers have been categorized in two dimensions: environmental control and secondary use of information control (Goodwin 1991; Hoffman, Novak, and Peralta 1999). Environmental control is defined as “the consumer's ability to control the actions of other people during a market transaction,” whereas secondary use of information control is “the consumer's ability to control the dissemination of information related to or provided during such transaction or behaviors to those who were not present” (Hoffman, Novak, and Peralta 1999).

Environmental control, for example, includes the use of cookies. These remote programs, often placed on a person's computer hard drive without the user's knowledge or consent, may track his/her online behavior in addition to customizing his/her experience on specific Web sites (Marx 1999). This tracking of behavior without the explicit knowledge of the consumer is considered by many researchers to be a breach of an implied social contract (Miyazaki 2008). Recent revelations that these embedded programs in Web sites make it easier for hackers to capture personal data without the customer ever knowing about it have drawn significant attention (Acohido and Swartz 2008). To the extent that consumers are aware of and have concerns about their ability to control the transmission of their behavior online, they may be less willing to openly and honestly share their personal information (Zwick and Dholakia 2004).

Similarly, consumers may not be aware of actual secondary use of their data and any threat it could pose. However, media coverage of instances of data and identity theft, as well as legal uses, is likely to create a general awareness among consumers that data collected on one site may be used by others. As such, it would be expected to influence behavioral responses to online requests for personal information.

In previous research, consumers reported using a variety of tactics, including so-called “guerilla tactics” such as creating all sorts of online identities (Fox 2005). Such tactics are a response to increased feelings of a loss of control with respect to control over their own data in online exchanges (Hoffman, Novak and Peralta 1999). Equity theory suggests that when people feel a loss of control in a transaction, they use strategies that help them regain that lost balance in a relationship (Adams 1963; Douglas, Cronan and Behel 2007). Although previous research has documented some of the practices, the focus here is on revealing the strategies used by consumers to establish and maintain that balance. Of interest is whether consumers may have simple response rules or more elaborate rules of engagement, and how these may vary across contexts and what motives determine the responses.

Determining Responses to Online Requests for Personal Information

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

Online requests for personal information are expected to vary based upon the context of the request, the relationship with the firm, the specific information sought, and individual traits. The context, such as whether the consumer is engaged in a transaction or in a search, may determine the willingness or extent of consumer sharing. Prior experience with and level of trust in either the particular business or type of transaction should affect the interpretation of the request. If a consumer is transacting with a well-known company or believes that the business will truly deliver a better service based on personal information (e.g., Amazon.com), one would expect consumers to provide more truthful information than with an unknown business.

Individual traits, such as a higher need for privacy, may systematically affect the likelihood to provide complete and accurate information (Sheehan and Hoy 1999). Online behavioral responses have also been attributed to personal state traits, such as emotions experienced while engaged in online exchanges with a firm (Eroglu, Machleit and Davis 2003; Menon and Kahn 2002). Particular responses, such as information fabrication, have also been tied to perceived anonymity and moral obligation (Lwin and Williams 2003).

The goal of this study is to understand how consumers interpret online informational requests and whether their responses are simple or elaborate. Zwick and Dholakia (2004) suggest that consumers devise specific external informational strategies to maintain control over their digital representation. A consumer's response to online requests for personal information may be consistent across instances or may vary. The range of responses could include providing (1) complete and truthful information, (2) inaccurate and/or incomplete information, or (3) no information (Sheehan and Hoy 1999).

To understand how responses may vary and why, a more comprehensive model is used to explain these responses and their likely antecedents and moderators. We propose the stimulus–organism–response (S-O-R) model as the guiding framework for understanding the behavior of the consumers' response to online informational requests.

Framework: S-O-R Model

Environmental psychology researchers suggest that the S-O-R model provides a strong framework for understanding behavioral response to a physical environment (see Turley and Milliman 2000 for a review). Marketing-related studies applying the S-O-R framework in an online environment have used consumers' responses to variations in Web page stimuli as a proxy for approach and avoidance behaviors (Eroglu, Machleit and Davis 2003; Huang 2000; Menon and Kahn 2002). Within our study's context, a person providing complete and accurate information in response to an online request is an approach (positive) behavior. Alternatively, a person exiting a Web site without providing the requested information or providing false information is an avoidance (negative) response. Thus, the S-O-R model may serve as a guiding sequential framework of the factors that may influence a person's range of approach–avoidance behaviors based on their assessment of the stimulus and other context factors. This research attempts to understand the contexts and nuances that influence the way that consumers perceive online information requests that lead to different consumer behavioral responses.

Method

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

While prior research has used surveys to determine the degree to which people engaged in various types of known behaviors in Internet exchanges (Lwin and Williams 2003; Sheehan and Hoy 1999), this research relies on consumers' own descriptions of how they interpret and respond to online information requests. Using interviews allowed us to explore the precipitating cues and motivations for various behaviors rather than the extent of response (Lincoln and Guba 1985; Thompson, Locander, and Pollio 1989).

Consumers were recruited through personal and professional contacts to identify and solicit a variety of ages, genders, and Web experiences. Through purposive sampling in multiple cities, each was selected to represent a range of these characteristics. Initially, much younger and much older Internet users were interviewed because of the expected generational differences in experience with the advancement of technology and the degree of marketplace change. Specifically, older consumers have experienced firsthand the impact of technology on the marketplace and probably have evolved strategies from where and how they previously conducted an exchange or transaction to an online forum. Thus, we expected to elicit more varied responses by sampling older and younger Internet users. Similarly, differences in Web experience (i.e., the number of different activities for which they used the Web) were also sought. The described activities were categorized as information search, shopping, e-mail, online banking or financial transactions, social networking, blogging, gaming, or work-related use.

A sample of 21 Internet users allowed us to explore their experiences in-depth and develop a broad picture of how consumers interpret and respond to requests for information exchange (McCracken 1988). Repetitive themes emerged across multiple informants with later respondents providing little new information to expand on these themes. By standards suggested by McCracken (1988) and Lincoln and Guba (1985), the sample is considered adequate for the stated purpose.

As can be seen in Table 1, the final sample consisted of 10 men and 11 women, ranging from 20 to 74 years of age, with an average age of 43.4. Professions ranged from full-time students to retired persons and education averaged 15.5 years. The estimated number of years of Internet experience ranged from 3 to 15, with all respondents reporting using it for e-mail or information searches. Ten percent reported conducting no transactions online (i.e., shopping or financial management). Just over half reported doing banking, investing, or other financial management online and 80% reported shopping or making purchases online.

Table 1.  Purposive Sample Profile
NameAgeSexEducationProfessionInternet UsesaYears Online
  1. NOTE: Names of the respondents have been changed to protect their privacy.

  2. M, male; F, female.

  3. aS, Shopping; E, E-mail; IS, Information searches; G, Gaming; OF, Online banking/financial; B, Blogging; SN, Social networking (e.g., Facebook); W, Work-related.

Victor20M14StudentE, IS, OF, SN6
Rick23M15StudentS, E, IS, OF8
Marie26F13Working studentS, E, IS, OF3
Beth26F13Working studentS, E, IS, W5
Ryan27M13Full-time studentS, E, IS, G, B8
Sarani29F20Assistant professorS, E, IS, G, OF, W7
Marsha30F16IT consultantS, E, IS, OF, W8
Alicia31F16Artist/photographerS, E, IS, OF, W5
Tom32M18ArchitectE, IS, OF10
Marissa33F17Manager, higher educationS, E, IS, OF, W10
Don38M18Manager, higher educationS, E, IS, OF, W12
Lisa39F18Manager, pharmaceuticalsS, E, IS, W10
Deb39F18Admin-higher educationS, E, IS, SN, F,W10
Floyd41M12Web designer/hair stylistE, IS, B, SN, W10
Jody48F12Vet techE, IS3
Ed55M19AttorneyS, E, IS, W15
Adam67M18Retired teacherS, E, IS6
James68M16Semi-retired govt. officialS, E, IS, OF10
Bev71F12Retired officer managerS, E, IS, W10
Lance73M16Retired airline pilotS, E, IS7
Linda74F12Retired flight attendantS, E, IS6

Interviews averaged around 45 minutes in length, ranging from 20 minutes to more than an hour. Interviews began with asking informants about the various ways in which they use the Internet and then continued in a free-form manner. Informants were encouraged to recall and elaborate on actual experiences online where they were asked to provide personal information. Prompts and neutral probes were used to clarify and expand on what they thought and felt about requests across various types of information exchanges, as well as toward the Web sites and Web site providers. A general outline guided the interviews; however, actual discussions evolved based upon the informant's description and recall of personal experiences. A priori expectations were that consumers may not always be comfortable sharing personal information through Web sites and that, as reported in prior research and anecdotally, may adopt certain strategies to limit their exposure to potential known and unknown risks. It was expected that such strategies might vary from offline strategies, given that information shared online is always given to a virtual rather than an actual entity. Our focus was not just on strategies that might be used but on what precipitated those strategies.

The interviews were tape-recorded and transcribed, producing over 163 pages of single-spaced informant data. Using ATLAS.ti software, the transcripts were independently coded by two of the researchers using the S-O-R framework as a guide for initial stages of analysis and code categorization. Additional codes were identified and used as both researchers worked inductively and deductively through the data (Spiggle 1994) with stimuli cues, organism (consumer) reactions and response behaviors coded into the S-O-R framework, respectively.

An example of the deductive coding process was the initial classification of behavioral responses that depicted informants as providing “truthful information,”“false information,” or “no information.” Through inductive interpretation, informant interviews revealed an overarching construct referred to as “relational norms.” Relational norms characterize the interplay between the informant and Web site in terms of information requests. This interplay is positioned within the organism section because these emergent themes describe how the informants perceive the requests from a psychological perspective. Stated differently, the three codes—“criticality of exchange,”“felt invasion,” and “fair play”—describe how the informant felt and/or what he/she thought when presented with the information request. These three themes represent different properties that vary in dimensional ranges. The identification of properties and dimensions permits the researcher to explore and define relationships across categories and constructs (Spiggle 1994).

Once coding was complete, each researcher alone used the codes to determine the compatibility of the responses with the S-O-R model. The researchers analyzed the framework compatibility individually, and then collectively, providing dependability to the framework from a humanistic perspective (Hirschman 1986). Once the overall findings and constructs were finalized, the results, along with the code sheets, were provided to the third member of the research team for triangulation and independent verification of the findings.

Results

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

The results will be discussed in terms of the S-O-R structure, but starting with the behavioral responses (R), (the focal variable), followed by the stimuli (S), and finally the organism (O) factors, as outlined in Figure 1, with the emergent themes discussed in the organism section. Thus, the goal is first to explain how consumers respond, and then explain what makes the consumer respond in that manner and finally touch on why the consumer seems to respond in a certain manner.

image

Figure 1. Framework and Model of Online Information Exchanges

Download figure to PowerPoint

Responses

Respondents were asked to think of situations where they were actively searching for information or engaging in some transaction and then recall their responses when those Web sites requested some personal information. Behavioral responses described by consumers reflected experiences from a range of contexts and activities, such as online searches, shopping, banking, and online chats.

Responses were broadly categorized into three forms: disclosure, falsification, and exit. Consumers may respond truthfully, disclosing the information requested (Zwick and Dholakia 2004) in partial or complete fulfillment of the request. Alternatively, they may falsify some or all information, including creating false identities aimed at establishing a sense of distance between them and the company (Fox 2005; Lwin and Williams 2003). Finally, they may choose to simply end or exit the interaction, rather than engaging in other behaviors. Additional discussion of each type of behavior follows.

Disclosure

Disclosure often occurred when consumers recognized that Web sites sometimes ask for information so as to better serve them. As James (68, M) said, “They [marketers] have a job to do and they’re trying to be conscientious about it and if they want a straight answer to a straight question, we’ll give it to them.” For online purchases, consumers understand that providing information is a necessary part of the exchange, so under those circumstances, they are more likely to provide truthful information. Lance (73, M): “When you do business with somebody … it may require that [providing personal information]. In order to do business with them, you have to do that.” For example, when a Web site requires consumers to submit specific information in order to be able to provide them a quote for a mortgage or an insurance policy, informants were more willing to provide accurate information. James (68, M): “I may ask them what's behind the questions, but that's about it.”

If the consumer expected that the information would be used to educate the firm and enhance future communication between the consumer and the firm, he/she was more likely to provide truthful information. Deb (39, F) exemplifies this sentiment: “I typically am honest with them… . If I take the time to fill up the response … I will honestly answer the questions. Because clearly people are going to use that to market, so if I am going to spend the time, I am not going to lie. I am not going to up my income or lower my income, because I don't want to be marketed [inappropriately]. … [S]o I honestly answer the questions.” Implicit in this sentiment is the consumer's willingness to engage with the firm in the future.

Falsification

Respondents reported a range of falsification responses. Prior research suggests that different falsification behaviors emerge as one's privacy concerns escalate. These responses could range from providing some incomplete or incorrect information, such as a partial or fake name or e-mail address (Sheehan and Hoy 1999), to creating elaborate false identities or “pseudoidentities,” which may reflect a consumer's desire to retaliate (Hoffman, Novak, and Peralta 1999). The effect on the firm of these behaviors range from more benign effects (i.e., missing data), to more destructive efforts (i.e., blatantly falsifying information to create problems for firms who collect and use the information collected from the Web sites). These more extreme falsification responses seem to be driven by the same type of anger described in cases of strong customer dissatisfaction (Bougie, Pieters, and Zeelenberg 2003). Ryan (27, M): “… [I]f I am trying to get to my information and this is a hassle … I am not going to drum through their hoops. … I am just going to run through their hoops breaking them in my process.”

Informants described a range of simple to more complex strategies to hide their true information. Several informants reported using simpler strategies, like creating multiple e-mail addresses, some of which are used only on Web sites which require e-mail addresses during registration. Beth (26, F): “… [I]f they ask for an e-mail address, I will use that Hotmail account. Because I knew that I was not going to check it, and it was valid. So it was almost as if I had created it just for the junk stuff they were going to send me; it is a legitimate e-mail address.” In this case, this coping strategy allows the consumer to acquire the information, yet mitigate the other “costs” (e.g., spam) associated with disclosing actual personal contact information.

Marie (26, F): “… [B]ecause I know if I give them the e-mail address, they are going to share it with other Web sites as well. And I am going to get more spam. I don't like that; there is already plenty that I am getting. … But I don't wanna be getting anything back from them. That's why I put all that fake information there.”

Other consumers have more complex strategies, such as a deliberate plan for selecting profiles that are totally different from their true identity. One informant who described himself as a video game lover had a pseudoidentity as an Angolan woman. Ryan (27, M): “I’ll put in a fake name with a real … e-mail address … with fake information”’“ah … whatever name just pops into my head.”; “Whatever's first, just go down on the list, that's who I am … there's an Angolan … you know that's first on the list.”

The previous quotes provide insight into the thought processes behind the informants' motives to provide false information. As a group, these consumers understand that sharing truthful information may create consequences (i.e., unwanted communications or spam), and that such data may get used in different ways, reflecting cognizance of and concern for secondary use of information. For example, consumers realize that the firm collecting the data may use the data in an attempt to sell or engage them or that the data may be sold to third parties. The strategies seem to vary among consumers, with some providing only false information to avoid the unwanted communications while others might be worried about unintended consequences from their information ending up with third parties who may use it in ways unexpected by the consumer.

Informants indicated rules for the information they are willing to provide and under what circumstances. For example, some were very clear that “under no circumstances were they going to provide their phone numbers.” Marissa (33, F): “It's the same thing to me when you go to the grocery store, they give you a discount for being a member of their club, I won't be member of their club, but I use my best friend's phone number so I can get the discount.”

The strategy used to falsify telephone numbers also varied between two informants who admitted to using this strategy. Beth (26, F): “I don't have a problem giving out a ZIP code, that's not a problem to me, but if they ask for my phone number, I will give them my old phone number, because it's disconnected, because I don't want phone calls from the retailer. So I will give them a number, but it's not gonna work.” While Marie (26, F) said: “Because I don't want to give them my real number, I don't give my real number, I change the last digit or something [laughing] because I don't want someone calling.”

These quotes suggest that, under conditions where consumers feel a loss of secondary informational control (i.e., their information will be used for other unwanted solicitations), their perceived obligation to provide truthful information diminished (Lwin and Williams 2003). Falsifying information was described by most of the youngest respondents, those under 30, and less by those older than 30. In the 50+ age group, no one admitted to this practice. As one respondent, Lisa (39, F), said: “I typically do not fill out bogus information on a Web site. First of all, I am reluctant to give information and second, when I do give, I give accurate information and minimal information. … I can't keep up the false pretenses. If I did that, I would have to make a notebook of names and addresses that I have created and 15 Yahoo accounts. It is too complicated.” Similar sentiments were expressed by three other informants, all over the age of 60, Lance (73, M), Linda (74, F), and James (68, M). As opposed to providing false information, these respondents were more likely to simply exit the site—and never return.

Exit

Exiting the Web site was a response shared across all respondents, although it is a response less often discussed in previous literature. If informants perceived the information to be intrusive, some informants commented that they just gave up, preferring to end the transaction rather than providing truthful information or spending time and effort falsifying information.

Consumers seemed to demonstrate a mental threshold for sharing information—a personal privacy threshold per se. Beth (26, F): “… [I]f it was like something really personal, like, if they were to start asking me about, like, my credit history, or something personal along those lines. Even if sometimes they start asking me about when I was married, my spouse, his Social Security number, then I am not going to give it out. At that point in time, I am going to quit, like, exit out.” Similarly Marissa (33, F) mentions: “When you want to check the movie theatre, their Web site pops up, and … they want to know your gender, and definitely your age. So, I kept looking for another resource that would give me that information because I don't even want to give them that. I think it's minor, but I didn't want their information bad enough … but most of the time, I just shut the window and find the information that I am looking for [in] a different way.”

Respondents were more likely to exit from an unfamiliar firm's Web site, especially if their use required personal financial information, such as checking accounts or credit card numbers. Lisa (39, F): “… [Y]ou don't know the Web site and you are required to give your credit card number to make your purchase or your checking account number which I avoid.” Some respondents expressed an aversion to the registration process that is a mandatory feature of some very well-known Web sites. Interviewer: “Do you go to Web sites where they ask you to register … like if you go to the Washington Post, they will ask you for (your registration).” James (68, M): “No, I zap those guys—the heck with them!”

As reflected in the above quotes, the respondents' choice of how to respond to online information requests was affected by the perceived appropriateness of the information requests based on their experience with the requestor and the availability of other sources. Their descriptions also reflect emotions elicited by the request itself and/or the perceived effort to comply. These Stimuli and Organism factors are described in the next section.

Stimuli

Across all informants, three types of stimuli were identified as influencing their behavioral response to online information requests: physical Web site cues, relationship with the firm and the type of information requested. This supports previous research (Sheehan and Hoy 1999) that explained consumers' behavior as a function of the type of Web site visited, the cues that these Web sites provide, the amount or type of information requested by the firm's Web site and the relationship with the firm. Informants shared examples of these stimuli.

Several Web site cues that influenced behavioral responses were demonstrated across multiple informants. Although there are many Web site cues that make a difference, we are only listing the ones that were mentioned prominently by the informants.

Physical Web Site Cues

The primary cues that informants noted were the design and layout of the Web site. The colors, the presentation of the information, and the presence or absence of pop-up advertisements seem to play a particular role in determining the informant's response. Consistent with the findings of Eroglu, Machleit and Davis (2003), the means by which the informant landed on the site (e.g., referred to by a reputable search engine or surfing), also influenced informants' perceptions.

Specifically, the design and layout of the Web site creates an image of the firm for consumers. One informant's comments particularly conveyed several of these key points. Stated simply, Lisa (39, F) believed that a Web site that is not well designed is not worthy of her business. “I have biases towards neon colors (on the Web site). You know, how it is presented, the structure of it. The Web page, if it is way too busy for me. You got advertisements all over the page. Neon and you got, five different fonts going on. And you got pop [up] screens all over the page … neon stuff and dancing bears going across the screen. I don't like to give my credit card [to] you.”

The relative importance of these cues varied across informants. However, the use of these cues was consistent in their expectation that the Web site looked professionally designed. Victor (20, M) exemplified this: “Maybe when I don't know the website very well and it looks weird, I think I bought an international textbook and the website wasn't very nicely laid out, there weren't that many options, it was lame, so I figured it was kind of weird, the appearance of the website made me think that maybe it wasn't official or maybe some weird things going on.” Others mentioned looking for customer service numbers, some sort of security or symbol.

These informants appeared to be looking for cues that signal legitimacy. Lisa (39, F): “I don't want to give my credit card, Social Security or checking account information to just anyone who you know, just going to make a purchase, just give it to anyone whose site is not secure. … [Y]ou go to a Web site that has encryption.” Recent research (Schlosser, White, and Lloyd 2006) suggests that Web site investment cues, especially the professionalism of the Web site, has a big impact on trusting beliefs and, through that, on purchase intentions. According to them, a well-designed Web site signals that the Web site has the ability to satisfy the need of the consumer in the most proficient manner.

Interestingly, not a single respondent talked about looking for the Web site's privacy policy and none talked about whether the presence or absence of the privacy policy had any impact on their willingness to provide information. Some respondents indicated they understood what denoted security but admitted that rarely do they pay much attention. Marsha (30, F): “I don't feel any major concerns. I feel comfortable enough with the Internet if it provides you the security, you know that lock at the bottom, when you are on the site. … The HTTPS instead of the regular HTTP, that's a secure site and, honestly, I’ve never checked that for the lock at the bottom, because I just feel secure and protected.”

Relationship with Firm

The relationship that consumers develop with a particular firm or their Web sites does seem to impact the type and extent of information sharing that occurs between them. Consumers seem to develop a sense of trust with firms' Web sites with which they have been doing business for a long time (Culnan and Armstrong 1999). The more engaging and longer-lasting the relationship has been between the consumer and the firm, the more comfortable the consumer is with sharing information with the firm's Web site. Ryan (27, M): “… [A]mazon.com knows my real information. Paypal, eBay know my real information. Bank of America [knows my real information]—… I usually don't have a problem with [sharing the information]—if it's a service I would consider using on a regular basis.”

Trust seems to be built over multiple interactions with the firm and through reputation. Beth (26, F): “… [T]here are occasions when I will pull up a Web site and would think: ‘what is this?’ I don't believe everything I see on the Internet, that's for sure. … [W]hen I want good information, I go to, you know, major news Web sites, like cnn.com, you know, that I am going to trust over news.com. There are sources I trust more than others. …” Don (38, M): “… [I]t's a company name that I know. There is some comfort with having accountability with the reputation.”

They also felt more comfortable if the first interaction that they had with the Web site was preceded by an interaction offline. For example, Marissa (33, F) says: “If this is a company that you’ve shopped at in person and had great experiences, then the shift to online shopping isn't that challenging. I was very anti-Internet shopping for a long time until I realized that I could get more online and not pay for shipping, get a discount, never leave my house, and if I wanted to return it, I could return it to that store instead of having to ship.”

In other cases, initiating the contact made them more likely to provide personal information. Interviewer: “So if you’ve done business and you’ve initiated the contact, then you would be willing to give some more information?” Linda (74, F): “If that's what it took in order to consummate the deal, oh yeah, absolutely!” In this instance, Linda (74, F) was explaining why she preferred ordering from physical catalogs than from online sites. Consumers seem to take the physical encounter of receiving a catalog in the mail as a first step in developing a relationship. It also let them initiate the online relationship rather than vice versa.

Similarly, Marie (26, F) believed that a previous good experience with a Web site was sufficient to develop trust as a result of not experiencing problems before. “I do have a trusted store, if you want to call it, meaning that some store that I ordered from before and I didn't have any problems.” Consumers also seem to think that the pedigree of the online Web site determines the level of trust and relationship that is generated in the interaction. One informant who works in the medical field believes that only some Web sites generate enough confidence in her that she can trust those Web sites. According to Lisa (39, F): “In my work … I can come across Web sites with diametrically opposing opinions. So you have to look at your source of information. That's why I only go to legitimate sources. … [I]f it is a Web site associated with a think tank or a pharmaceutical manufacturer or an organization which works closely with the government. But if it is Days Health Care Assessment or Vermont Free Med or something, or Canada's free Pharmacy, then I question it, yes, absolutely!”

Type of Information Requested

The type of information requested in the online exchange determined the consumer's willingness to participate and the extent of the exchange. From the interviews, it was clear that some types of information were clearly off limits for all respondents (i.e., Social Security Number), and they judged the firm and its Web site for asking such information. Some were more leery while others were more trusting. According to Alicia (31, F): “… address, phone number, clearly Social Security number which even financial institutions shouldn't need… income things like that. Mostly I can't imagine why anyone would ever need that unless they are trying to sell me something or continue contact with you on their own time when you not asking for it, that doesn't make sense at all.”

Some informants defined conditions under which they would or would not share certain personal information. Don (38, M) said: “If it's not associated with my D.O.B. [date of birth] and an account number or my SSN [Social Security number], then I’ll pretty much answer anything, but when it's associated with my address, my individual name, [or] when it's tied to me as an individual, then I'm more likely to just provide a range on something. I'm less likely to provide a specific D.O.B. or my mother's maiden name or things like that.”

The willingness to exchange their information for specific value from the relationship was apparent from some. “I do have a Kroger Plus card and I gave them all my real information. One main reason is I want them to send me coupons in the mail. I want them to know who I am as a customer. Because I want better deals, want customized deals—things like that. I think that's to my benefit” Ryan (27, M).

Consumers understood that they could not complete online transactions (i.e., making purchases or getting coupons) or get customized offers (i.e., buying insurance) without providing personal information. Still there were limits “… [L]ike they ask you about your healthcare or your medical, if they start asking about that, of course, I will exit out of it.” Lisa (39, F). There is clear concern that information could be used for purposes other than the current exchange (i.e., junk mail), shared with others, and potentially misused (i.e., stolen identities). Thus, they recognize the concept of secondary use of information control (Hoffman, Novak and Peralta 1999). In all three situations, the consumers see a potential for harm, ranging from annoyance to real financial loss. The expressed concern is the loss of control over the information shared with a Web site. The point is brought out by the following quote from Marie (26, F): “I don't mind that [sharing information], as far as it is not asking me for name, address and Social Security, [meaning] anything that could lead to fraud. That could end up on [my credit] card or [someone could] steal my identity.”

Emergent Themes

The emergent themes reflect the informants' motivations to comply with, completely or in part, or deny the online information requests—the organism elements. These were higher-level themes that emerged in the analysis of the interviews that were not explicitly predicted by previous research. We labeled these themes criticality of exchange, felt invasion, and fair play.

One theme—criticality of exchange—was more cognitive, and the other two were more affective in nature. Criticality of exchange represents a benefit–risk assessment of the exchange. Felt invasion and fair play were based more on the emotions elicited than on calculating the gains and losses of undertaking that particular action.

Criticality of Exchange

Across all informants, criticality of the exchange is one theme that emerged. Even informants who reported creating pseudoidentities provided more truthful information when the information or transaction provided by the Web site was highly desirable. Illustrative is Marie's (26, F) comment: “Yes, if it is something that I wanna receive back, then I am giving them all the true information. If I don't want them to be getting back to me with anything, then, NO, I am not giving them true information.” Similarly, Deb (39, F) said: “I am more reluctant to give out information unless I am really involved or want access to whatever I am after.”

The more critical the information was to gaining the value, the more likely the consumers were to be truthful. As Lisa (39, F) indicates: “… [T]alking about the car insurance. You want to give accurate information, because you want to get an accurate quote. So what's the point [of providing inaccurate information]? And I want them to contact me with the quotes. And if I end up doing business with them and I give them false information in the first place, how does it look upon me?”

Though they received desired benefits, some respondents noted the inevitability of giving personal information, but expressed frustration with the associated hassle, (i.e., costs), of the exchange, and even, to some degree, duress. For example, Adam (65, M) said: “If I choose to buy from them, whether I do it online or by calling them, then I would give them my credit card number or whatever, in order to make a purchase.” Marissa (33, F) said: “I feel like that is what I am stuck with [the Web site] to get what I want. I kinda look it as the hassle factor that you have to endure in order to get the carrot that's out there. … I deal with it because I want the benefit.”

Felt Invasion

Felt invasion is the degree of privacy violation that consumers expressed while interacting with Web sites. The idea that companies can use the information given voluntarily for a certain purpose, and then use it for totally different purposes, played a role in the consumers' decision to comply with requests. Lisa (39, F): “Say I am on a Web site, say Best Buy. And say there is a survey there. And they are asking me about my interests, what are my hobbies, and this information may be used for marketing purposes. I don't provide that information, because I don't want to be solicited by marketing companies.” Asked how she felt when Web sites asked questions about things she classified as personal, she went on to say, “I would say violation … aah, I would just say intrusion of my personal property, my personal rights. My personal being. I feel intruded upon. Absolutely.” When consumers described feelings that wholly unwarranted questions were being asked for the context, their coping strategy was to simply exit. Not a single informant mentioned that they would be willing to provide true information or even create a false identity when they felt that the questions were too personal to be asked. Such reports were accompanied by a clear emotional response to perceived affronts. The following quote from Bev (71, F) illustrates this theme: “I don't want my information out there. I am somewhat resentful when someone asks me my income level, questions of that nature, I don't like filling out any kind of questionnaire anywhere with that field.”

Informants were asked specifically about the use of cookies by Web sites trying to offer better and customized services to consumers. Most of the informants were knowledgeable about cookies, but awareness of cookies' ability to track Web movements varied. Interviewer: “Do you think cookies harm you? Like when they collect information about what you buy?” Beth (26, F) responded: “When I think about cookies, I think about just a place where somebody can see everywhere you went. And I never thought about people on the Internet using that information. I always just thought of it as maybe my IT department being able to track it. I never thought of it from an Internet perspective.” One informant expressed concern over the fact that technology had reduced her anonymity. She mentioned telephone calls to stores: “Something that's even scarier … when you call to order something; And they say “oh, hello Linda … (look of surprise on her face)… hello?” It's like they have caller ID with 40 thousand million people calling in. How do they do that? That's kind of scary.”

Fair Play

Fair play is the fairness assessment of the information exchange. The fairness assessment is based upon what the consumer gains in return for what he/she is asked to provide. This sense of fair play may be explained by understanding how people perceive inequity. Equity theory (Adams 1963) suggests that people who perceive themselves to be treated inequitably will try to reduce the inequity by cognitively trying to distort the input required from their side by either deliberately changing the inputs (i.e., falsifying the data), or changing the outcome by leaving the transaction (i.e., exiting the Web site) (Carrell and Dittrich 1978). Equity theory asserts that, in general, consumers prefer situations in which all outcome/input ratios are equal. “I am willing to give my information in exchange to being able to use that Facebook thing and I am willing to exchange that information because Facebook needs to operate in order to make a profit or continue to operate, so I think if they can somehow use that information to make a profit … at no cost to me . . . then I can share that information” says Deb (39, F).

If the assessment is perceived to be unfair, then consumers may become distressed and reactive (Douglas, Cronan and Behel 2007). The responses chosen may be an attempt by some consumers to regain a sense of power balance with online firms. Ryan (27, M) gives an indication of this when he says: “I don't feel like I'm committing fraud or anything like that because I am not making any financial contracts with them or like that. I am not obligating myself to them on that basis. If I gave a fake name and what not to my bank with the intent to commit fraud, yes, that not only would be unethical but illegal. To these companies that I just give fake information, I feel no implicit ethics to giving them proper information; although I do see the argument that they’re providing me with this service of giving me information, the least I could do is give them my information in return. However, I don't feel that it's a fair exchange of information. They’ve given me information that's readily available on the Internet. I am giving them very specific information regarding myself that can be used to harm me. I can't take this newspaper article, quote a single sentence from it, and then act destructively at my whim on the New York Times, however I can give all my information to the New York Times, they know everything about me. The fair exchange would be, you give me your news article and the name, address, phone number of your CEO, I’ll give you my information. … They send me dollar-off coupons now [a Web site which got his true information] and I felt that was a fair deal—they gave me something and continue giving me coupons.”

Even informants who had created pseudoidentities in the past are more likely to reveal truths about themselves when they feel that they are taking part in a fair exchange. This finding that consumers do look at the fairness of the information exchange while deciding on their ultimate information sharing strategy is contrary to what previous research has claimed; namely, that fairness perceptions do not influence information fabrication (Horne, Norberg and Ekin 2007).

Consumers were asked whether they thought that providing false information to complete the exchange was acceptable. They clearly differentiated legal requirements from ethical responsibilities. In other words, as noted above, they acknowledged that certain circumstances legally required truthfulness, (i.e., dealing with certain entities such as banking or in other contractual relationships). However, many felt no obligation to comply fully with the firm's offer of exchange. Interviewer: “You think, that's a fair deal, they want information and you don't want to give something back?” Beth (26, F): “They are getting something back, might not be the right thing, I don't think there is anything wrong with it. You are not using false credit card numbers or something like that.” Thus, the terms of the offer made by the firm were changed by the informant, who exchanged information, but not necessarily truthful information.

Proposed Framework and Flowchart

The S-O-R model provided the initial structure for coding and the identification of key factors in how these consumers responded to online requests for personal information. Figure 1 captures the key concepts discussed previously, as well as the emergent themes that tempered specific responses. From the interviews, a flowchart of information exchange was developed (see Figure 2). This process model flowchart shows three distinct processes for assessing online information exchanges between a consumer and a firm's Web site: (1) processing of the stimulus information. This processing is determined by both situational and individual factors; (2) making assessments or evaluations regarding the stimulus information; and, finally (3) developing an appropriate response to the request. The flowchart is intended to illustrate the decision-making points in the consumers' interaction with a Web site and how the different behavioral reactions were decided. Certainly, the flowchart does not suggest that all consumers go through this process, or that the factors are always assessed in the order shown here. In fact, other research suggests that affective reactions (i.e., felt invasion) may create more automatic responses prior to the occurrence of cognitive assessments, (i.e., criticality of exchange) (Shiv and Fedorikhin, 1999). The framework and flowchart do set the stage for further inquiry using large-scale descriptive studies to determine the extent to which these factors may influence online behavior in an informational exchange setting.

image

Figure 2. A Simplified Flowchart of Online Information Sharing

Download figure to PowerPoint

Discussion

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES

This study set out to understand how customers choose when and what type of personal information to share with online marketers. Specifically, we were interested in the rules, if any, consumers used in evaluating online requests and deciding among behavioral options. Prior research had suggested a range of influencing factors on compliance and explored certain behavioral responses, such as falsification or the creation of pseudoidentities. The intent here was to explore the interpretation of, and responses to, online requests across a range of conditions to identify the key factors that determined or mediated their responses. Using personal interviews, the consumers' shared experiences drove the identification of factors related to the stimulus or situation, (i.e., Web site cues, relationship with the firm or type of information request), the interpretation of those by the respondent, (i.e., organism), that determined the ultimate response, (i.e., provision of truthful or false information or exiting exchange).

The study illuminated three factors or themes in the consumer's interpretation of the request situation that helped determine their behaviors. These three themes—criticality of exchange, felt invasion and fair play—were identified as common motivations for their behavior.

We noted that the rules or guidelines that elicited different behavioral responses required different degrees of effort and forethought on the part of the consumer. This effort was tied to the need to protect their personal information. As shown in Figure 3, complete disclosure can be a high effort investment because it requires the input of a great deal of information and collection of accurate information, such as credit card numbers. Because these were more often trusted sites (i.e., where the respondent had an account) or those that provide customized solutions (i.e., insurance quotes), consumers felt less need to protect their personal information in this exchange. The creation of false identities similarly required greater effort or thought than other strategies. This situation seemed to occur when the consumer felt the company had no need or right to their personal information in the exchange. Rather than simply exiting, the consumer was willing, either because of the value of the exchange or simply as a means for getting even, to invest in the crafting of multiple pieces of false information. In other instances, the consumers met the technical request for information with information that would misdirect any attempts to contact them, such as old telephone numbers or “junk” e-mail accounts. These choices reflected thought or effort on the informants' part to comply with the request but limit the ability to actually contact them.

image

Figure 3. Response Behaviors as a Function of Effort and Felt Need to Protect Personal Data

Download figure to PowerPoint

In terms of rules, some informants seemed to have simpler sets of rules (i.e., exit any site that requests the Social Security number), while others described differing rules depending on the circumstances. Simpler rules might include the use of perceived endorsements. These might include whether the site was identified through a search using a trusted search engine, such as Google, whether it was linked to a perceived legitimate source such as a trade association or government agency, or whether the site had an “https” URL or displays a lock symbol in the status bar of the browser window. (The latter are meant to indicate that the site uses Secure Socket Overlay, meaning it provides secure communication for payment transactions and such.)

The results clearly showed that these consumers knew there were limits to their environmental and secondary use control over personal information. They exercised many different tactics to gain the benefits of the online marketplace, while limiting the potential known and unknown costs of online exchanges of personal information (i.e., unwanted solicitations, identity theft). In applying their rules, they demonstrated some knowledge of the precise processes by which that information could be used to disadvantage them. Specifically, they were aware that the data they provided in their exchange with a particular firm or Web site might be used for other purposes by that entity, sold to others, or even stolen.

Implications for Consumers and Consumer Policy

From the study, it is clear that consumers struggle to maintain a sense of control over their identities in the online marketplace. In particular, they were concerned with information that might personally identify them. They showed a lack of trust in how their data would be used and by whom and created their own “rules” to decide what and with whom to exchange accurate information.

To maintain control, consumers need to be fully aware of the tools by which online entities, legally or otherwise, can monitor their behavior and capture their data. To make them aware and raise confidence, trade associations, such as The Direct Marketing Association (DMA), promote their own guidelines aimed at securing data, policies for handling personally identifiable marketing data and honoring requests from individuals not to solicit or transfer personal data (DMA 2008a). Still there are gaps in what personal information is covered under the guidelines and adherence is voluntary. Penalties such as fines by governing authorities may be needed to raise the costs to business of failing to comply.

The DMA efforts are intended to reduce the likelihood of increased regulation, but even they recognize the public demand for legislative action. Among the demand from privacy advocates is the establishment of a “Do Not Track” registry that would preclude the tracking of Web site activity by online advertisers (The Direct Marketing Association 2008b). The demand for action is heightened by events such as the proposed merger of Double-Click, the online advertiser, and the search engine Google, which demonstrates the difficulty of federal or international regulation to controlling global entities' consolidation and use of personal data (EurActive Network 2008).

When legislation or regulation cannot be effective, certification may provide consumers with tools to judge those with whom they will do business. One such program is the European Commission's EuroPriSe award, given to organization's that meet the high European Privacy Standards (EuroPriSe 2008). The first award winner, the search engine Ixquick, was acknowledged for minimizing the use of personally identifiable data, with policies such as these: “IP addresses are deleted within 48 hours, after which they are no longer needed to prevent possible abuse of the servers. The remaining (non-personal) data are deleted within 14 days … [and] IP addresses of users are not disclosed to other search engines” (EuroPriSe 2008). In addition to certifying the standards of such firms, actively promoting these best practices will raise the expectations of consumers in the online environment and set standards for others in an industry.

A particular concern raised by many respondents was the use of personally identifiable data by a third party for marketing purposes. Called affiliate marketing, current U.S. regulation does exist for financial institutions and their use of personal identifiers such as address, telephone number, driver's license, Social Security number, and credit report information to determine eligibility for solicitations. By October 1, 2008, financial institutions and their subsidiaries were expected to comply with additional provisions that affected their ability to target solicitations. These provisions require consumers to be “provided a clear notice of such use and a simple means for opting out of it. … Several exceptions apply, including when the consumer has a preexisting relationship with the entity” (Harris 2008).

Consumers should have greater control over secondary use of their data under these regulations. However, it is unlikely that the public is fully aware of these new rights. Campaigns similar to those used for the federal “Do Not Call” lists could make the public aware of their rights and the means to opt out and that such requests to opt out should be honored for five years.

Consumers should see changes, according to Harris (2008), because institutions will have to make substantial alterations in their marketing approaches to obtain clear permission to contact and solicit them. No longer will oral agreements and prechecked opt-in boxes meet regulators requirements for such permission. Explicit definitions of a “pre-existing relationship” and a thorough tracking of contracts that support such definitions will need to be established. Consumers may see higher costs from compliance and will raise marketing costs because appeals cannot be as targeted, resulting in lower acceptance rates, and higher information technology costs to maintain clear, credible records.

Interestingly, none of our respondents mentioned privacy policies. Perhaps this is because they have been so untenable. Still, the FTC and other federal agencies have been engaged in the establishment of model privacy notices, as required by the Gramm-Leach-Bliley Act, to provide a standardized form in plain English for financial institutions to disclose data sharing arrangements (Privacy Rights Clearinghouse 2007). Such statements, particularly with clear opt-in or opt-out processes, would be expected to make it easier for consumers to choose how their personal data are used. Although these policies will apply only to the governed financial institutions, they may serve as models for other industries.

It is noteworthy that there was relatively less concern from the informants about data theft, as compared to misusing data, despite the spate of news stories about such breaches (Milne, Rohm and Bahl 2004). Though the FTC has established an Identity Theft Data Clearinghouse for complaints in support of law enforcement efforts (FTC 2007b), enforcement of compliance with standards, such as PCI compliance for credit card data, could reduce the threat by increasing the difficulty of such thefts. With some firms experiencing undetected thefts for over five years, there is clear need for both compliance oversight and stronger penalties (FTC 2008). This should also be followed up with increased consumer education to make consumers aware that data theft poses a great threat to consumer privacy than just data misuse.

The ability to protect one's personal information online does appear greatly limited. The only clear option is not to engage in the online marketplace. A by-product of consumers' attempts to protect themselves may create such high business costs from poor quality data that businesses rethink their online data collection processes, choosing to collect only what is necessary and likely to be shared honestly and being transparent in that process. This result is consistent with the FTC's report (FTC 2000), which noted that consumers liked, respected, and/or admired companies that demonstrated one or more of the fair information practices recommended. This included a privacy notice readily promoted and displayed, consumer choice to opt out of secondary affiliate marketing efforts, and cues of security with online exchange. Comparative data collected by the FTC suggested that the most frequently visited Web sites are more proactive in their online fairness practices than the general random Web site sample. This competitive advantage and the escalating costs of bad data may precipitate better business response.

Businesses, online and off, will have to address the issues raised by these respondents because of growing pressure from advocacy, legislative, and regulatory officials. Businesses can be proactive by participating with groups like the Future of Privacy Forum, which brings together representatives from academia, law, and corporate America to “shape standards … and give consumers more control over how personal information is used for behavioral-targeted advertising” (Hart 2008 p.A06). They can also join the ranks of businesses, such as Yahoo! and Intuit, that have established Chief Data Officers in recognition of the challenges associated with making business decisions on good data about consumers that does not disadvantage or bring harm to them.

REFERENCES

  1. Top of page
  2. Abstract
  3. Dimensions of Consumer Privacy Concerns
  4. Determining Responses to Online Requests for Personal Information
  5. Method
  6. Results
  7. Discussion
  8. REFERENCES