Title: An Empirical Examination of the Concern for Information Privacy Construct in the New Zealand Context
1An Empirical Examination of the Concern for
Information Privacy Construct in the New Zealand
Context
- Ellen Rose
- Institute of Information and Mathematical
Sciences - Massey University
- Auckland, New Zealand
2Overview
- Motivation drivers, external validity of CFIP
Instrument - Previous Studies
- Research Method
- Sample
- Data Collection Analysis
- Results Hypotheses Supported/Not-Supported
- Conclusions Implications
3Motivation
- Privacy of Personal Information is a key ethical
issue of Information Age (Mason, 1986) - Theories Relationship to Other constructs is
not yet well-developed - Surveys show increasing international concern
about the collection and management of personal
data driven by technological advances - IT efficiencies, increase the value of personal
information as a commodity for exchange (e.g.
direct marketing, personalization) - Globalization increases cross-border data flows
but legal protections vary (e.g. EU data
directive, US sector specific laws) - Privacy concerns fuelled by the media have led to
many new proposals for data protection legislation
4Previous Studies
- (Smith, Milberg Burke, 1996)
- Extensive review of the literature
- develop a 15 item, 4 scale survey instrument
- Rigorous testing of validity/reliability on
multiple US samples (students, professionals,
consumers) - Established 4 correlated first-order factors of
Concern for Information Privacy (CFIP)
.22
.26
.43
.61
.45
.64
5Previous Studies
- (Milberg, Burke, Smith Kalman, 1995)
- (Milberg, Smith Burke, 2000)
- First cross-cultural studies of privacy concern
- n706, 30 countries in 1995 n595, 20 countries
in 2000 - IS Audit Control Association Members, not
representative - Countries with moderate regulatory regimes (e.g.
US, NZ) had higher CFIP than those with strong or
weak regimes - 5 Regulatory Models (weak to strong) No
Policy/Self-Help (Thailand, India), Company
Self-Regulation (US, Japan), Data Commissioner
(NZ, Australia, Canada), Registration (UK,
Denmark, France), Licensing (Norway)
Ranking similar across country time(1greatest
concern)
6Previous Studies
- (Stewart Segars, 2002)
- CFIP is a second order factor, underlying 4
distinct first-order factors of concern - CFIP interpreted as concern about loss of
control as per Westins (1967) widely held
theory of Privacy as Control, being inseparable
concepts - Laws based on fair information principles/practice
s subscribe to this theory of privacy
.72
.69
.78
.71
- (Moor, 1997) Control/Restricted Access Theory
- Concept, justification management of privacy
are distinct, interrelated - Privacy defined in terms of restricted access
have a right to privacy despite loss of control
via disclosure control is part of management of
privacy
?
?
?
7New Zealand Context
- Privacy Commissioner
- Number of 2002 complaints up by 10
- Accessing info held by others (29.6)
- Worries about unauthorized disclosure (29.3)
- 2001 UMR Survey
- 86 concerned or very concerned about privacy but
- 47 concerned or very concerned if compared with
other issues such as environment, crime health
care - Annual costs NZD 2.2 million (USD 1.5)
- 96.5 of all claims handled out of court by the
commissioner
8CFIP FIPs and NZ
9Research Method
- Survey using NZ Electoral Roll (97.5 of 18
population)(2000 mail outs) - Random Sample n459 usable responses
- 25 response rate
- 15 CFIP questions from (Smith et al., 1996) plus
30 other questions - Analyzed with SPSS 12.0 and AMOS 5.0 Graphics
(SEM package) for Confirmatory Factor Analysis
(CFA)
10Research Method - Sample
11Research Method-Sample
37 of all NZ households have Internet access
12Results
- Confirmatory Factor Analysis
- Based on Westins theory of Privacy as Control
- H1a Consumer concern for information privacy can
be separated into concerns about unauthorized
access, errors, secondary use and collection
where a common concern about loss of control
underlies the four distinct concerns. - Based on Moors Privacy as Restricted Access
theory - H1b Consumer concern for information privacy can
be separated into concerns about unauthorized
access, errors, secondary use and collection
where a common concern about inadequate access
restrictions underlies the other three distinct
concerns. - Support for 4 distinct dimensions, with Access
underlying the other 3 was found (H1b)
13Results-Measurement Model
- Fit measures, factor loadings, validity
reliability - Composite Reliability (CR) gt .6 strong
convergent validity - Average Variance Extracted gt .5 shows adequate
but weak, discriminant validity as in the
aforementioned studies - Fit measures factor loadings are strong
significant - Question 3 removed (high error variance, low
individual item reliability of .28)
14Measurement Structural Models
All factor loadings strong significant, but
wide range of factor correlations implies they
may not all load on same second order factor.
Similar to (Smith et al. 1996) but differs from
moderate, similar correlations in (Stewart
Segars, 2002)
15Group Differences
- H2 Concerns about revealing personal
information in privacy zones perceived as having
normative protections will be significantly less
than in privacy zones which are not perceived as
having normative protections - Results (Supported)
- Friedmans test for k-related means paired
samples t-tests people were more at ease
revealing personal data in normatively private
zones (Q31, Q32) all means differ from
3indifferent except Q26 at plt .0001 - Supports Moors Theory, Normative Privacy Zones
16Group Differences
- H3 Consumers who perceive New Zealand privacy
regulation as being greater or less than it
actually is, will have lower levels of concern
than those who are aware of the current moderate
regulatory policy (not supported) - Results of Kruskal-Wallis test for k-independent
means and ANOVA pair-wise with Bonferri
correction for multiple comparisons showed no
significant differences ( 72 didnt know current
regulatory model in NZ, 12 did and 4 thought it
was registration or licensing)(8 self-reg., 4
No Policy/Self-help) - H4 High levels of concern for information
privacy will be associated with preferences for
higher levels of regulation and preferences for
strong laws over corporate self-regulation (some
support) - Results of ANOVA pair-wise comparisons provided
support for H4 - Respondents who preferred less regulation had
lower mean CFIP than both those with no stated
preference and those who preferred greater
regulation (mean diff of .3 at p.038, p.014
respectively) - Respondents who preferred stronger laws had
higher mean CFIP than those who did not prefer
stronger laws (mean difference.316, plt.0001)
17Group Differences
- H5 Consumers who have experienced privacy
violations will have significantly greater
information privacy concerns and a preference for
stronger regulation than those who have not
experienced privacy violations (supported) - Results of Mann-Whitney U Test (Z-2.133, p.033)
show those who have experienced either a public
(3) or private (30) privacy violation or both
(7) had greater concerns than those who had not
experienced any privacy violations - Those who had experienced a privacy violation had
significantly higher preferences for stronger
levels of regulation (Z-3.672, plt.0005) in
contrast to (Milberg et al., 2000) who found no
differences here. - H6 Consumers will have a significantly greater
preference for strong laws over corporate
self-regulation (supported) - Results of a Wilcoxon signed ranks test
(Z-9.407, plt.0005) comparing two related samples
on (Q19 Self-regulation Preference Q18 Strong
Laws Preference)
18Summary Conclusions
- Similar to (Milberg et al., 1995,2000), greatest
concerns in NZ were about unauthorized access
secondary use - Support for Moors Theory of Privacy as
Restricted Access in NZ in contradiction to
findings of (Stewart Segars, 2002) which
supported Westins Theory of Privacy as Control
in USA sample (CFA H2) - Most NZ consumers (88) were not aware of the
current regulatory model but had high concerns
education may be needed to alleviate fears - 30 indicated they had experienced some kind of
privacy violation and most (69) preferred
stronger laws and regulation - 28 preferred the current model of Privacy
Commissioner but 34 wanted Licensing or
Registration to be put in place (28 didnt know,
9 prefer self-regulation, 1 prefer no
policy/self-help)
19Implications
- Public Opinion Policy
- (Price, 1992) concluded public opinion is
shallow misinformed - (Metzger Doctor, 2003) claim policy should be
responsive to public opinion to meet the ideals
of a democratic society - This study found only 12 were aware of current
policy while 60 thought protections were too low
and 28 just right - Edelmans Theory of Symbolic Politics states that
legislation based on public opinion often has few
practical effects - Symbolic acts lull the public into a sense of
false security - OR consumers choose not to purchase online, to
use PETs or not to provide information - Centrist perspective consumer education about
existing levels of protection and means of
redress may help to reduce fears, ensure rights
are protected and lessen the need for omnibus
legislation such as the EU data directive role
of Privacy Commissioner