We develop a framework for understanding the mechanisms of information privacy assimilation in information technology (IT) organizations. Following neo-institutional theory, we develop a broad conceptual model and further build a detailed theory based on a multi-site, multi-case study of 18 organizations. We treat information privacy as a distinct dimension separate from information security. As in the case of information security, senior management support emerged as a mediator between the external influences of coercive, mimetic, and normative forces and information privacy assimilation. Privacy capability emerged as a distinct construct that had a moderating effect on the influence of coercive and normative forces on privacy assimilation. Similarly, cultural acceptability also moderated the effect of external forces on privacy assimilation. We produce a theoretical model that future research can empirically test. The findings would enable senior managers identify and respond to institutional pressures by focusing on appropriate factors in the organizations.
Attili, V., Mathew, S. K., & Sugumaran, V. (2018). Understanding Information Privacy Assimilation in IT Organizations using Multi-site Case Studies. Communications of the Association for Information Systems, 42, pp-pp. https://doi.org/10.17705/1CAIS.04204