Ernest A. Kallman and H. Jeff Smith
An ethical issue of increasing importance in the age of computerization, information privacy (limits on access to identifiable information about individuals), is receiving much attention in both the press and in legislative agendas throughout the world. Unfortunately, however, research on the topic has been rather spotty in the past.
Computers and telecommunication networks are at once efficient expediters, sources of storage for vast amounts of information, and bases for significant strategic benefits in commercial enterprise. With these benefits, of course, come some societal issues–most notably, the effects of these vast amounts of information on institutions and individuals. With the new applications come significant policy questions at both corporate and public levels. Increasingly, executives are being forced to ask not “what can we do technically?” with information technologies but, rather, “what should we do ethically?”
One of the important “ethical issues of the information age” [Mason, 1986], information privacy is growing in prominence in the U.S. in both media coverage and in legislative reactions at the state and federal levels. But concerns are not limited to the U.S. International differences in cultural privacy perceptions [Westin, 1967] as well as in regulatory approaches to privacy problems [Bennett, 1992, Flaherty, 1989] are beginning to create real concerns for corporations that deal in global exchanges of personal information [Markoff, 1991]. The European Union’s plans for a consolidated set of privacy laws [DM News, 1992], as well as new laws in Japan [Srinivasan, 1992], are forcing corporations to consider their approaches to privacy in a new light.
But the research community has been somewhat slow in responding to the need for valid and objective studies on information privacy. Certainly, some attempts have been undertaken but they have been, for the most part, of an exploratory nature, relying more on anecdotal field studies and public opinion surveys of relatively uninformed respondents than on validated instrumentation and quantitatively tested assertions. This paper reports on an empirical study performed by the authors which surveyed the membership of four professional organizations to ascertain attitudes toward general information privacy concepts as well as their perceptions of actual corporate policies and practices. Though the professions were diverse, all had a common focus on information gathering and use: health care records professionals, information systems auditors, human resource systems professionals and telemarketers.
The results from the 3026 respondents provide an insight into worldwide practices in terms of the existence of privacy policies, policy adequacy, match between policy and practice, the causes of privacy problems, the importance of information privacy to senior management and the level and function of those responsible for information privacy in the organization. Methods of improving information privacy management were also explored.