An Empirical Examination of the Concern for Information Privacy Construct in the New Zealand Context

1
An Empirical Examination of the Concern for
Information Privacy Construct in the New Zealand
Context

• Ellen Rose
• Institute of Information and Mathematical
  Sciences
• Massey University
• Auckland, New Zealand

2
Overview

• Motivation drivers, external validity of CFIP
  Instrument
• Previous Studies
• Research Method
• Sample
• Data Collection Analysis
• Results Hypotheses Supported/Not-Supported
• Conclusions Implications

3
Motivation

• Privacy of Personal Information is a key ethical
  issue of Information Age (Mason, 1986)
• Theories Relationship to Other constructs is
  not yet well-developed
• Surveys show increasing international concern
  about the collection and management of personal
  data driven by technological advances
• IT efficiencies, increase the value of personal
  information as a commodity for exchange (e.g.
  direct marketing, personalization)
• Globalization increases cross-border data flows
  but legal protections vary (e.g. EU data
  directive, US sector specific laws)
• Privacy concerns fuelled by the media have led to
  many new proposals for data protection legislation

4
Previous Studies

• (Smith, Milberg Burke, 1996)
• Extensive review of the literature
• develop a 15 item, 4 scale survey instrument
• Rigorous testing of validity/reliability on
  multiple US samples (students, professionals,
  consumers)
• Established 4 correlated first-order factors of
  Concern for Information Privacy (CFIP)

.22
.26
.43
.61
.45
.64
5
Previous Studies

• (Milberg, Burke, Smith Kalman, 1995)
• (Milberg, Smith Burke, 2000)
• First cross-cultural studies of privacy concern
• n706, 30 countries in 1995 n595, 20 countries
  in 2000
• IS Audit Control Association Members, not
  representative
• Countries with moderate regulatory regimes (e.g.
  US, NZ) had higher CFIP than those with strong or
  weak regimes
• 5 Regulatory Models (weak to strong) No
  Policy/Self-Help (Thailand, India), Company
  Self-Regulation (US, Japan), Data Commissioner
  (NZ, Australia, Canada), Registration (UK,
  Denmark, France), Licensing (Norway)

Ranking similar across country time(1greatest
concern)
6
Previous Studies

• (Stewart Segars, 2002)
• CFIP is a second order factor, underlying 4
  distinct first-order factors of concern
• CFIP interpreted as concern about loss of
  control as per Westins (1967) widely held
  theory of Privacy as Control, being inseparable
  concepts
• Laws based on fair information principles/practice
  s subscribe to this theory of privacy

.72
.69
.78
.71

• (Moor, 1997) Control/Restricted Access Theory
• Concept, justification management of privacy
  are distinct, interrelated
• Privacy defined in terms of restricted access
  have a right to privacy despite loss of control
  via disclosure control is part of management of
  privacy

?
?
?
7
New Zealand Context

• Privacy Commissioner
• Number of 2002 complaints up by 10
• Accessing info held by others (29.6)
• Worries about unauthorized disclosure (29.3)
• 2001 UMR Survey
• 86 concerned or very concerned about privacy but
• 47 concerned or very concerned if compared with
  other issues such as environment, crime health
  care
• Annual costs NZD 2.2 million (USD 1.5)
• 96.5 of all claims handled out of court by the
  commissioner

8
CFIP FIPs and NZ
9
Research Method

• Survey using NZ Electoral Roll (97.5 of 18
  population)(2000 mail outs)
• Random Sample n459 usable responses
• 25 response rate
• 15 CFIP questions from (Smith et al., 1996) plus
  30 other questions
• Analyzed with SPSS 12.0 and AMOS 5.0 Graphics
  (SEM package) for Confirmatory Factor Analysis
  (CFA)

10
Research Method - Sample

• NZ Sample (n459)

11
Research Method-Sample
37 of all NZ households have Internet access
12
Results

• Confirmatory Factor Analysis
• Based on Westins theory of Privacy as Control
• H1a Consumer concern for information privacy can
  be separated into concerns about unauthorized
  access, errors, secondary use and collection
  where a common concern about loss of control
  underlies the four distinct concerns.
• Based on Moors Privacy as Restricted Access
  theory
• H1b Consumer concern for information privacy can
  be separated into concerns about unauthorized
  access, errors, secondary use and collection
  where a common concern about inadequate access
  restrictions underlies the other three distinct
  concerns.
• Support for 4 distinct dimensions, with Access
  underlying the other 3 was found (H1b)

13
Results-Measurement Model

• Fit measures, factor loadings, validity
  reliability
• Composite Reliability (CR) gt .6 strong
  convergent validity
• Average Variance Extracted gt .5 shows adequate
  but weak, discriminant validity as in the
  aforementioned studies
• Fit measures factor loadings are strong
  significant
• Question 3 removed (high error variance, low
  individual item reliability of .28)

14
Measurement Structural Models
All factor loadings strong significant, but
wide range of factor correlations implies they
may not all load on same second order factor.
Similar to (Smith et al. 1996) but differs from
moderate, similar correlations in (Stewart
Segars, 2002)
15
Group Differences

• H2 Concerns about revealing personal
  information in privacy zones perceived as having
  normative protections will be significantly less
  than in privacy zones which are not perceived as
  having normative protections
• Results (Supported)
• Friedmans test for k-related means paired
  samples t-tests people were more at ease
  revealing personal data in normatively private
  zones (Q31, Q32) all means differ from
  3indifferent except Q26 at plt .0001
• Supports Moors Theory, Normative Privacy Zones

16
Group Differences

• H3 Consumers who perceive New Zealand privacy
  regulation as being greater or less than it
  actually is, will have lower levels of concern
  than those who are aware of the current moderate
  regulatory policy (not supported)
• Results of Kruskal-Wallis test for k-independent
  means and ANOVA pair-wise with Bonferri
  correction for multiple comparisons showed no
  significant differences ( 72 didnt know current
  regulatory model in NZ, 12 did and 4 thought it
  was registration or licensing)(8 self-reg., 4
  No Policy/Self-help)
• H4 High levels of concern for information
  privacy will be associated with preferences for
  higher levels of regulation and preferences for
  strong laws over corporate self-regulation (some
  support)
• Results of ANOVA pair-wise comparisons provided
  support for H4
• Respondents who preferred less regulation had
  lower mean CFIP than both those with no stated
  preference and those who preferred greater
  regulation (mean diff of .3 at p.038, p.014
  respectively)
• Respondents who preferred stronger laws had
  higher mean CFIP than those who did not prefer
  stronger laws (mean difference.316, plt.0001)

17
Group Differences

• H5 Consumers who have experienced privacy
  violations will have significantly greater
  information privacy concerns and a preference for
  stronger regulation than those who have not
  experienced privacy violations (supported)
• Results of Mann-Whitney U Test (Z-2.133, p.033)
  show those who have experienced either a public
  (3) or private (30) privacy violation or both
  (7) had greater concerns than those who had not
  experienced any privacy violations
• Those who had experienced a privacy violation had
  significantly higher preferences for stronger
  levels of regulation (Z-3.672, plt.0005) in
  contrast to (Milberg et al., 2000) who found no
  differences here.
• H6 Consumers will have a significantly greater
  preference for strong laws over corporate
  self-regulation (supported)
• Results of a Wilcoxon signed ranks test
  (Z-9.407, plt.0005) comparing two related samples
  on (Q19 Self-regulation Preference Q18 Strong
  Laws Preference)

18
Summary Conclusions

• Similar to (Milberg et al., 1995,2000), greatest
  concerns in NZ were about unauthorized access
  secondary use
• Support for Moors Theory of Privacy as
  Restricted Access in NZ in contradiction to
  findings of (Stewart Segars, 2002) which
  supported Westins Theory of Privacy as Control
  in USA sample (CFA H2)
• Most NZ consumers (88) were not aware of the
  current regulatory model but had high concerns
  education may be needed to alleviate fears
• 30 indicated they had experienced some kind of
  privacy violation and most (69) preferred
  stronger laws and regulation
• 28 preferred the current model of Privacy
  Commissioner but 34 wanted Licensing or
  Registration to be put in place (28 didnt know,
  9 prefer self-regulation, 1 prefer no
  policy/self-help)

19
Implications

• Public Opinion Policy
• (Price, 1992) concluded public opinion is
  shallow misinformed
• (Metzger Doctor, 2003) claim policy should be
  responsive to public opinion to meet the ideals
  of a democratic society
• This study found only 12 were aware of current
  policy while 60 thought protections were too low
  and 28 just right
• Edelmans Theory of Symbolic Politics states that
  legislation based on public opinion often has few
  practical effects
• Symbolic acts lull the public into a sense of
  false security
• OR consumers choose not to purchase online, to
  use PETs or not to provide information
• Centrist perspective consumer education about
  existing levels of protection and means of
  redress may help to reduce fears, ensure rights
  are protected and lessen the need for omnibus
  legislation such as the EU data directive role
  of Privacy Commissioner