Abstract
A growing body of theory has focused on privacy as being contextually defined, where individuals have highly particularized judgments about the appropriateness of what, why, how, and to whom information flows within a specific context. Such a social contract understanding of privacy could produce more practical guidance for organizations and managers who have employees, users, and future customers all with possibly different conceptions of privacy across contexts. However, this theoretical suggestion, while intuitively appealing, has not been empirically examined. This study validates a social contract approach to privacy by examining whether and how privacy norms vary across communities and contractors. The findings from this theoretical examination support the use of contractual business ethics to understand privacy in research and in practice. As predicted, insiders to a community had significantly different understandings of privacy norms as compared to outsiders. In addition, all respondents held different privacy norms across hypothetical contexts, thereby suggesting privacy norms are contextually understood within a particular community of individuals. The findings support two conclusions. First, individuals hold different privacy norms without necessarily having diminished expectations of privacy. Individuals differed on the factors they considered important in calculating privacy expectations, yet all groups had robust privacy expectations across contexts. Second, outsiders have difficulty in understanding the privacy norms of a particular community. For managers and scholars, this renders privacy expectations more difficult to identify at a distance or in deductive research. The findings speak directly to the needs of organizations to manage a diverse set of privacy issues across stakeholder groups.
Notes
For example, Smith et al’s (1996) concern for information privacy (CFIP) survey instrument is used as a measure of an individual’s concern for privacy in general and within particular contexts, the authors note, “As privacy increases in importance, it behooves [us] to consider the complexity of individual’s concerns, the factors that may cause increased levels of concerns, and the outcomes of those concerns” (1996, p. 191). While the latter two ideas have been empirically investigated, we have yet to tackle unpacking the factors that individuals’ take into consideration in forming expectations of privacy for specific situations. As Smith et al. note, CFIP is not only applicable to particular contexts and situations but also should be “used in interpretive research on what the meaning of information privacy is for individuals …apart from and prior to whether a positivist theory would define it to be” (1996 emphasis added).
A social contract approach to privacy offers three theoretical additions to analyze local privacy norms. First, locally negotiated, implicit social contracts are always beholden to structural, procedural, and (for some) substantive universal principles (van Oosterhout et al. 2006) to remain legitimate. Social contract approaches are multilevel, contextually rich frameworks allowing for specific contractors within a contracting community the moral free space to develop authentic and legitimate norms of behavior (Donaldson and Dunfee 1994). However, these local norms must also abide by the more universal and thin second order norms such as the rights of consent, voice, and exit (Donaldson and Dunfee 1994; Dunfee 2006; Heugens et al. 2006). As such, contracting has an internal morality without the need for external substantive guidance (van Oosterhout et al. 2006).
In addition, these locally negotiated privacy norms can be analyzed through both actual and hypothetical social contracts to address “norms of decency, etiquette, sociability, convention, and morality” (Nissenbaum 2004; see also, Tavani 2008). While privacy as contextual integrity focuses on the actual negotiated privacy norms, social contract approach would add a possible additional layer of analysis in the form of the hypothetical social contract which would have moral weight. We could ask, what norms would reasonable individuals agree to given minimal social contract standards of consent, voice, and exit? Finally, social contract theory would suggest the prescriptive value in protecting the integrity of the boundaries of the contracting community and their moral free space and not only the norms within the space. In other words, viewing these negotiated privacy norms as a social contract highlights the moral importance in protecting the bounds of the context in Nissenbaum’s privacy as contextual integrity. If outsiders were to dictate the privacy norms of a group of co-workers or between a husband and wife, their rights of negotiating privacy norms would be violated. In fact, such a privacy intrusion or violation is referred to as decisional privacy (Allen 1999) or passive privacy (Floridi 2006).
This is not the case for all examinations of social contract approach to ethical issues. For example, the claim of Bailey and Spicer (2007) is that different nationalities and nations have different local norms. As a social contract approach is used to explore more targeted communities, as has been called for in literature (Heugens et al. 2006; Dunfee 2006), the need for a ‘control’ community may be more necessary to isolate the impact of insider status on the particular community’s norms rather than a general change in disposition.
In comparison, in experiments, factors are designed orthogonal to each other but manipulated one at a time; however, in a traditional survey, many factors are examined but are not necessarily orthogonal to each other (Appelbaum et al. 2006). Such an experimental design is useful for a “clean” test of theory (Levitt and List 2007).
While the use of vignettes within surveys in business ethics is well established (Weber 1992), the factorial vignette survey methodology stems from sociology and is distinct in its methodology and analysis as explained below. See also Wallander (2009) for a review and Jasso (2006) for a technical article on the methodology; see Smith et al. (2007) for the single use of the methodology in business ethics.
Respondent fatigue was a factor for some respondent groups. I created two dummy variables to signify vignette ratings with a sequence number over 30 and over 20. If the ordinal regression model demonstrated a significant impact on the rating task by either dummy variable, those associated vignette ratings were discarded for that model. The regression was rerun without the offending data. However, a larger design issue came from the respondents’ learning curve—presumably from the novelty of the survey design. Once the first two vignette ratings for each respondent (sequence numbers 1 and 2) were discarded for all respondents, the model fit criteria and parallel lines assumptions improved dramatically. I discarded all vignette ratings with a sequence number of 1 or 2 for the entire analysis.
Statistically significant ORs are assessed by testing the significance of the regression coefficient using a Wald test. In addition, the fit of the model was determined using the goodness-of-fit statistics and the test of parallel lines.
Other combinations were examined including those who ever played a sport, those who played IM or varsity, and those who played varsity athletics but with only 10–20 h/week. In addition, initial analysis did not differentiate based on sex. However, goodness-of-fit metrics did not indicate the models illustrated any agreement among these alternative respondent groups.
For example, insiders see dating (∆β = −1.707), family (−1.163), and medical (−0.319) content as more “OK to Share” within the well-defined contracting scenarios as compared to the random team.
I wish to thank an anonymous reviewer for pointing out this relationship between universal principles and the privacy norms found in this study.
I wish to thank an anonymous reviewer for making this point.
References
Acquisti, A., & Gross, R. (2006). Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Privacy enhancing technology (pp. 36–58).
Alder, G. S., Schminke, M., & Noel, T. W. (2007). The impact of individual ethics on reactions to potentially invasive HR practices. Journal of Business Ethics, 75(2), 201–214.
Allen, A. L. (1999). Coercing privacy. William and Mary Law Review, 40, 723.
Angst, C. M., & Agarwal, R. (2009). Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion, MIS Quarterly, 33(2), 339–370.
Appelbaum, L. D., Lennon, M. C., & Aber, J. L. (2006). When effort is threatening: the influence of the belief in a just world on Americans’ attitudes toward antipoverty policy. Political Psychology, 27(3), 387–402.
Ashworth, L., & Free, C. (2006). Marketing dataveillance and digital privacy: Using theories of justice to understand consumers’ online privacy concerns. Journal of Business Ethics, 67(2), 107–123.
Awad, N. F., & Krishman, M. S. (2006). The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly, 30(1), 13–28.
Bailey, W., & Spicer, A. (2007). When does National Identity Matter? Convergence and divergence in international business ethics. Academy of Management Journal, 50(6).
Beales, H. J., & Muris, T. J. (2008). Choice or consequences: Protecting privacy in commercial information. The University of Chicago Law Review, 75(1), 109–135.
Bennett, C. (1992). Regulating privacy. Ithaca: Cornell University Press.
Borna, S., & Avila, S. (1999). Genetic information: Consumers’ right to privacy versus insurance companies’ right to know a public opinion survey. Journal of Business Ethics, 19(4), 355–362.
Brenkert, G. (1981). Privacy, polygraphs, and work. Business and Professional Ethics Journal, 1, 23.
Charters, D. (2002). Electronic monitoring and privacy issues in business-marketing: The ethics of the doubleclick experience. Journal of Business Ethics, 35(4), 243–254.
Coase, R. H. (1937). The nature of the firm. Economica, 4(16), 386–405.
Culnan, M. J. (1993). How did they get my name? An exploratory investigation of computer attitudes toward secondary information use. MIS Quarterly, 17, 341–364.
Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104–115.
Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: Balancing economic and justice considerations. Journal of Social Issues, 59(2), 323–342.
Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: Lessons from the choicepoint and tjx data breaches. MIS Quarterly, 33(4), 673–687.
Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.
Donaldson, T., & Dunfee, T. W. (2002). Ties that bind in business ethics: Social contracts and why they matter. Journal of Banking and Finance, 26(9), 1853–1865.
Donaldson, T., & Dunfee, T. W. (1999). Ties that bind: A social contract approach to business ethics. Cambridge, MA: Harvard Business School Press.
Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.
Elgesem, D. (1999). The structure of rights in Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and the free movement of such data. Ethics and Information Technology, 1(4), 283–293.
Floridi, L. (2006). Four challenges for a theory of informational privacy. Ethics and Information Technology, 8(3), 109–119.
Fried, C. (1984). Privacy. In F. D. Schoeman (Ed.), Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge University Press.
Ganong, L. H., & Coleman, M. (2006). Multiple segment factorial vignette designs. Journal of Marriage and Family, 69(2), 455–468.
Glac, K., & Kim, T. W. (2009). The “I” in ISCT: Normative and empirical facets of integration. Journal of Business Ethics, 88(4), 693–705.
Heugens, P. P. M. A. R., van Oosterhout, J., & Kaptein, S. P. (2006). Foundations and applications for contractualist business ethics. Journal of Business Ethics, 68(3), 211–228.
Husted, B. W. (1999). A critique of the empirical methods of integrative social contracts theory. Journal of Business Ethics, 20(3), 227–235.
Jasso, G. (1990). Factorial survey methods for studying beliefs and judgments. Sociology Methods and Research, 34(3), 334–423.
Jasso, G. (2006). Factorial survey methods for studying beliefs and judgments. Sociological Methods and Research, 34(3), 334–423.
Jasso, G., & Opp, K. (1997). Probing the character of norms: A factorial survey analysis of the norms of political action. American Sociological Review, 62, 947–964.
Jiang, X., Hong, J. L., & Landay, J. A. (2002). Approximate information flows: Socially based modeling of privacy in Ubiquitous Computing, Ubicomp 2002: ubiquitous computing (pp. 176–193).
Johnson, D. (2001). Computer ethics (3rd ed.). Upper Saddle River, NJ: Prentice Hall.
Johnson, D. (2004). Computer ethics. In L. Floridi (Ed.), The Blackwell guide to the philosophy of computing and information (pp. 64–75). Malden, MA: Blackwell.
Katz, N., & Koenig, G. (2001). Sports teams as a model for workplace teams: Lessons and liabilities. Academy of Management Executive, 15(3), 56–69.
Kennedy, P. (2003). A guide to econometrics (5th ed.). Cambridge, MA: MIT Press.
Kuo, F., Lin, C., & Hsu, M. (2007). Assessing gender differences in computer professionals’ self-regulatory efficacy concerning information privacy practices. Journal of Business Ethics, 73(2), 145–160.
Levitt, S. D., & List, J. A. (2007). What do laboratory experiments measuring social preferences reveal about the real world? The Journal of Economic Perspectives, 21(2), 153–174.
Lynch, J. (1982). The concept of external validity. Journal of Consumer Research, 9(3), 240–244.
Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.
Martin, K. (2010). Privacy revisited: From Lady Godiva’s Peeping Tom to Facebook’s Beacon Program. In D. E. Palmer (Ed.), Ethical issues in e-business: Models and frameworks. IGI Global: Hershey.
Martin, K., & Freeman, R. E. (2003). Some problems with employee monitoring. Journal of Business Ethics, 43, 353–361.
Milberg, S. J., Smith, H. J., & Burke, S. J. (2000). Information privacy: Corporate management and national regulation. Organization Science, 11(1), 35–57.
Miller, S., & Weckert, J. (2000). Privacy, the workplace and the Internet. Journal of Business Ethics, 28(3), 255–265.
Moor, J. (1997). Towards a theory of privacy in the information age. Computers and Society, 27, 27–32.
Mossholder, K. W., Giles, W. F., & Wesolowski, M. A. (1991). Information privacy and performance appraisal: An examination of employee perceptions and reactions. Journal of Business Ethics, 10(2), 151–156.
Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1), 119–158.
Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Standford, CA: Stanford University Press.
Nock, S., & Gutterbock, T. M. (2010). Survey experiments. In J. Wright & P. Marsden (Eds.), Handbook of survey research (2nd ed.). Amsterdam: Elsevier.
O’Connell, A. A. (2006). Logistic regression models for ordinal response variables. Thousand Oaks, CA: SAGE.
Oz, E. (2001). Organizational commitment and ethical behavior: An empirical study of information system professionals. Journal of Business Ethics, 34(2), 137–142.
Pavlau, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective. MIS Quarterly, 31(1), 105–136.
Persson, A. J., & Hansson, S. O. (2003). Privacy at work—ethical criteria. Journal of Business Ethics, 42(1), 59–70.
Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.
Phillips, R. A., & Johnson-Cramer, M. E. (2006). Ties that unwind: Dynamism in integrative social contracts theory. Journal of Business Ethics, 38(3), 283–302.
Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.
Rachels, J. (1975). Why is privacy important? Philosophy & Public Affairs, 4(4), 323–333.
Robertson, D. C., & Ross, W. T. (1995). Decision-making processes on ethical issues: the impact of a social contract perspective. Business Ethics Quarterly, 5(2), 213–240.
Rosen, J. (2010). The Web means the end of forgetting. The New York Times, July 21, 2010. http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html?pagewanted=all.
Rossi, P., & Nock, S. (Eds.). (1982). Measuring social judgments: The factorial survey approach. Beverly Hills: SAGE.
Schoeman, F. (Ed.). (1984). Privacy: Philosophical dimensions of the literature. In Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge University Press.
Shaw, T. R. (2003). The moral intensity of privacy: An empirical study of Webmaster’ attitudes. Journal of Business Ethics, 46(4), 301–318.
Singleton, S. (1998). Privacy as censorship. Cato Institute: Policy Analysis, 295, 1–32.
Smith, H. J. (2004). Information privacy and its management. MIS Quarterly Executive, 3(4), 291–313.
Smith, J. H., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review, MIS Quarterly, 35(4), 989–1015.
Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quarterly, 20(2), 167–196.
Smith, N. C., Simpson, S. S., & Huang, C. (2007). Why managers fail to do the right thing: An empirical study of unethical and illegal conduct. Business Ethics Quarterly, 17(4), 633–667.
Smith, W. P., & Tabak, F. (2009). Monitoring employee e-mails: Is there any room for privacy? Academy of Management Perspectives, 23(4), 33–48.
Solove, D. J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154(3), 477.
Son, J. Y., & Kim, S. S. (2008). Internet users’ information privacy-protective responses: A taxonomy and a nomological model. MIS Quarterly, 32(3), 503–529.
Soule, E. (2002). Managerial moral strategies—in search of a few good principles. Academy of Management Journal, 27, 114–124.
Spicer, A., Dunfee, T. W., & Bailey, W. J. (2004). Does national context matter in ethical decision making? An empirical test of integrated social contracts theory. Academy of Management Review, 47(4), 610–620.
Straub, D. W., & Collins, R. W. (1990). Key information liability issues facing managers: Software piracy, proprietary databases, and individual rights to privacy. MIS Quarterly, 14(2), 143–156.
Strong, K. C., & Ringer, R. C. (2000). An examination of integrative social contracts theory: Social hypernorms and authentic community norms in corporate drug testing programs. Employee Responsibilities and Rights Journal, 12(4), 237–247.
Tavani, H. T. (2008). Floridi’s ontological theory of informational privacy: Some implications and challenges. Ethics and Information Technology, 10(2/3), 155–166.
Taylor, B. J. (2006). Factorial surveys: Using vignettes to study professional judgment. British Journal of Social Work, 36, 1187–1207.
Thompson, J. A., & Hart, D. W. (2006). Psychological contracts: A nano-level perspective on social contract theory. Journal of Business Ethics, 68(3), 229–241.
Thurman, Q. C., Lam, J. A., & Rossi, P. H. (1988). Sorting out the cuckoo’s nest: A factorial survey approach to the study of popular conceptions of mental illness. The Sociological Quarterly, 29(4), 565–588.
Van de Hoven, J. (2008). Information technology, privacy, and the protection of personal data. In J. Weckert & J. Van de Hoven (Eds.), Information technology and moral philosophy (pp. 301–321). Cambridge: Cambridge University Press.
van Oosterhout, J., Heugens, P., & Kaptein, M. (2006). The internal morality of contracting: Advancing the contractualist endeavor in business ethics. Academy of Management Review, 31(3), 521–539.
Wallander, L. (2009). 25 years of factorial surveys in sociology: A review. Social Science Research, 38, 505–520.
Walzer, M. (2006). Thick and thin: Moral argument at home and abroad. South Bend, IN: University of Notre Dame Press.
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.
Weber, J. (1992). Scenarios in business ethics research: Review, critical assessment, and recommendations. Business Ethics Quarterly, 2(2), 137–160.
Wempe, B. (2005). In defense of a self-disciplined, domain-specific social contract theory of business ethics. Business Ethics Quarterly, 15(1), 113–135.
Westin, A. (1967). Privacy and freedom. New York: Atheneum.
Winter, S. J., Stylianou, A. C., & Giacalone, R. A. (2004). Individual differences in the acceptability of unethical information technology practices: The case of Machiavellianism and ethical ideology. Journal of Business Ethics, 54(3), 275–296.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
Vignette Factors
Attributes | Dimensions | Operationalized | ||
---|---|---|---|---|
1 | Space | 0 | Well defined—athletic team | On a varsity athletic team |
1 | Ill defined—randomly assigned group | On an assigned project team for a required class | ||
2 | Access | 0 | Give willingly | |
1 | Coerced | [NAME]’s teammate only shared the information reluctantly after being chided by other students on the team | ||
2 | Overheard | [NAME] was not sure that his teammate realized that he heard/received the information | ||
3 | Content | 0 | Public | Housing decisions for next semester |
1 | Role based | Who is going to start for the next game/how the projects were assigned | ||
2 | Personal I | A date that went horribly wrong | ||
3 | Family | Problems with his mom | ||
4 | Private | An embarrassing medical condition | ||
4 | Location | 0 | Verbal inside role-based space | While in the locker room/study room…heard |
1 | Verbal outside role-based space | While in the cafeteria…heard | ||
2 | While checking his messages….received an e-mail | |||
3 | Facebook newsfeed | While on Facebook…received a newsfeed | ||
4 | Facebook wall post | While on Facebook…saw a wall post | ||
5 | Distribution of information | 0 | Distributed within group | Other members of the team |
1 | Distributed to team leaders | Other members of the team including the coach | ||
2 | Distributed to captains | Other members of the team including the team captains | ||
3 | Distributed outside group | Students not on the team | ||
6 | Membership | 0 | New | New |
1 | Senior | Senior |
Sample Vignettes
I n general :
[NAME] is a [MEMBERSHIP] college student [SPACE]. [LOCATION A] [NAME] [LOCATION B] from a fellow team member talking about [CONTENT]. [ACCESS]. The next day, [NAME] shared the information with [DISTRIBUTION]
S ample 1:
Ryan is a senior college student on an assigned project team for a required class . While on Facebook , Ryan received a newsfeed from a fellow team member talking about problems with his mom . Ryan was not sure that his teammate realized that he saw the information. The next day, Ryan shared the information with other students on the project team, including the professor .
S ample 2:
Kevin is a new college student on a varsity athletic team . While on Facebook , Kevin saw a wall post from a fellow team member talking about a date that went horribly wrong . Kevin was not sure that his teammate realized that he saw the information . The next day, Kevin shared the information with other members of the team .
Rights and permissions
About this article
Cite this article
Martin, K.E. Diminished or Just Different? A Factorial Vignette Study of Privacy as a Social Contract. J Bus Ethics 111, 519–539 (2012). https://doi.org/10.1007/s10551-012-1215-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10551-012-1215-8