Journal of the Association for Information Systems


Organizational information practices can result in a variety of privacy problems that can increase consumers’ concerns for information privacy. To explore the link between individuals and organizations regarding privacy, we study how institutional privacy assurances such as privacy policies and industry self-regulation can contribute to reducing individual privacy concerns. Drawing on Communication Privacy Management (CPM) theory, we develop a research model suggesting that an individual’s privacy concerns form through a cognitive process involving perceived privacy risk, privacy control, and his or her disposition to value privacy. Furthermore, individuals’ perceptions of institutional privacy assurances -- namely, perceived effectiveness of privacy policies and perceived effectiveness of industry privacy self-regulation -- are posited to affect the risk-control assessment from information disclosure, thus, being an essential component of privacy concerns. We empirically tested the research model through a survey that was administered to 823 users of four different types of websites: 1) electronic commerce sites, 2) social networking sites, 3) financial sites, and 4) healthcare sites. The results provide support for the majority of the hypothesized relationships. The study reported here is novel to the extent that existing empirical research has not explored the link between individuals’ privacy perceptions and institutional privacy assurances. We discuss implications for theory and practice and provide suggestions for future research.