Recently, several researchers provided overarching macromodels to explain individuals' privacy-related decision making. These macromodelsÑand almost all of the published privacy-related information systems (IS) studies to dateÑrely on a covert assumption: responses to external stimuli result in deliberate analyses, which lead to fully informed privacy-related attitudes and behaviors. The most expansive of these macromodels, labeled ÒAntecedentsÐPrivacy ConcernsÐOutcomesÓ (APCO), reflects this assumption. However, an emerging stream of IS research demonstrates the importance of considering principles from behavioral economics (such as biases and bounded rationality) and psychology (such as the elaboration likelihood model) that also affect privacy decisions. We propose an enhanced APCO model and a set of related propositions that consider both deliberative (high-effort) cognitive responses (the only responses considered in the original APCO model) and low-effort cognitive responses inspired by frameworks and theories in behavioral economics and psychology. These propositions offer explanations of many behaviors that complement those offered by extant IS privacy macromodels and the information privacy literature stream. We discuss the implications for research that follow from this expansion of the existing macromodels.
Information systems researchers frequently face quandaries in their professional lives. We present the results of a study of academic IS researchers that assesses their judgments and the prevalence of 29 questionable research-related behaviors. We find that the focus and stages of researchers' careers influence their judgments of these behaviors. Membership in the Association for Information Systems (AIS) and adherence to the AIS Code of Research Conduct are also associated with IS researchers' judgments. There is strong evidence to suggest that IS researchers expect to engage in questionable behaviors more in the future than they report having done in the past. As a result of the study, we recommend that the IS community revisit the AIS Code of Research Conduct on a regular basis and take active steps to both educate its members on professional normative standards and to uphold the standards of our community.
To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual,group, organizational, and societal.Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships.As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive-could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents ? Privacy Concerns ? Outcomes).
This study investigates selective reporting behaviors that are pursued by project managers when communicating the status of their information system initiatives to their executives. To understand the types, motivations, impacts, and antecedents of such behaviors, a message-exchange perspective is adopted and the prior literature on IS project status reporting is reviewed. This study incorporates an empirical investigation that examined the influence of five dyadic factors on selective reporting using a survey of 561 project managers. The findings of the study reveal a positive effect of reporting quality on project performance and indicate that a specific type of selective reporting behavior (optimistic biasing) has a degrading effect on reporting quality. Moreover, the findings show that all five antecedents have a significant influence on the propensity of project managers to report selectively. Specifically, the project executive's power, the project manager's trust in the executive, and the executive's quality of communication impact selective reporting directly; the executive's familiarity with the IS development process and the executive's organizational affiliation vis-à-vis that of the project manager have an indirect influence (it is mediated through other factors). The effects of each of these factors on the two types of selective reporting (optimistic and pessimistic biasing) are examined, and the implications of these findings for both researchers and managers are discussed in this article.
The problem of "runaway" information systems (IS) projects can be exacerbated by the reluctance of organizational members to transmit negative information concerning a project and its status. Drawing upon relevant bodies of literature, this paper presents a model of the reluctance to report negative project news and develops hypotheses to be tested. An experiment, which was designed to test these hypotheses for both internal and external reporting alternatives, is then described. Two factors are manipulated: (1) the level of impact associated with project failure should an individual fail to report negative information, and (2) the level of observed behavioral wrongdoing associated with the project. The results explain a significant portion of the variance in the reluctance to report negative information and suggest that some differences in internal and external reporting behavior. Implications for research and practice are discussed.
IS-related ethical quandaries are receiving an increasing amount of attention. However, linkages to the normative theories of business ethics, which can be used in resolving these quandaries in the corporate domain, have been lacking. This paper enumerates and explains the three major normative theories. The stockholder theory holds that managers should resolve ethical quandaries by taking actions which increase the long-term profits to the stockholders without violating the law or engaging in fraud or deception. The stakeholder theory claims that managers should resolve ethical quandaries by balancing stakeholder interests without violating the rights of any stakeholder. The social contract theory states that managers should increase social welfare above what it would be in the absence of the existence of corporations without violating the basic canons of justice. The application of these theories to IS-related ethical quandaries is discussed and a specific quandary dealing with a real-world example--Blockbuster Video's reported plans to market customer lists--is explored in depth. The managerial challenges associated with the theories are then explored.
Information privacy has been called one of the most important ethical issues of the information age. Public opinion polls show rising levels of concern about privacy among Americans. Against this backdrop, research into issues associated with information privacy is increasing. Based on a number of preliminary studies, it has become apparent that organizational practices, individuals' perceptions of these practices, and societal responses are inextricably linked in many ways. Theories regarding these relationships are slowly emerging. Unfortunately, researchers attempting to examine such relationships through confirmatory empirical approaches may be impeded by the lack of validated instruments for measuring individuals' concerns about organizational information privacy practices. To enable future studies in the information privacy research stream, we developed and validated an instrument that identifies and measures the primary dimensions of individuals' concerns about organizational information privacy practices. The development process included examinations of privacy literature; experience surveys and focus groups; and the use of expert judges. The result was a parsimonious 15-item instrument with four sub-scales tapping into dimensions of individuals concerns about organizational information privacy practices. The instrument was rigorously tested and validated across several heterogenous populations, providing a high degree of confidence in the scales' validity, reliability, and generalizability.