We develop a framework for understanding the mechanisms of information privacy assimilation in information technology (IT) organizations. Following neo-institutional theory, we develop a broad conceptual model and further build a detailed theory based on a multi-site, multi-case study of 18 organizations. We treat information privacy as a distinct dimension separate from information security. As in the case of information security, senior management support emerged as a mediator between the external influences of coercive, mimetic, and normative forces and information privacy assimilation. Privacy capability emerged as a distinct construct that had a moderating effect on the influence of coercive and normative forces on privacy assimilation. Similarly, cultural acceptability also moderated the effect of external forces on privacy assimilation. We produce a theoretical model that future research can empirically test. The findings would enable senior managers identify and respond to institutional pressures by focusing on appropriate factors in the organizations.