As information systems and data storage capacity become increasingly sophisticated, an important ethical question for organizations is “What can/will/should be done with the personal information that has been and can be collected?” Individuals’ privacy is certainly important, but so is less costly and more targeted business processes. As this conflict intensifies, consumers, managers and policy makers are left wondering: What privacy principles are important to guide organizations in self-regulation? For example, do consumers view the five rights originally stated in the European Data Protection Directive as important? Comprehensive? Is there a product discount point where consumers would forsake these principles? This project explored these questions using a survey of student consumers, first in 2006 and again in 2014. Results show that the consumers believe that not only are the five rights enumerated in the European Data Protection Directive appropriate, but they are also comprehensive. Consumers also would require a steep product discount to forsake these rights. These views have not changed significantly over time.