Journal of the Association for Information Systems


This paper argues that in the current data-rich environment, organizations need formal policies for privacy as a way to avoid “privacy disasters”. Privacy disasters can occur when a company uses consumer data in a way that is legal, but violates public norms for acceptable use. The paper uses a case study to illustrate the elements that often characterize privacy disasters, and describes the principles and processes that can serve as the basis of a privacy policy capable of helping organizations avoid these negative events. The paper also highlights the implications of big data for privacy policy.