Journal of the Association for Information Systems


This paper argues that in the current data-rich environment, organizations need formal policies for privacy as a way to avoid “privacy disasters”. Privacy disasters can occur when a company uses consumer data in a way that is legal, but violates public norms for acceptable use. The paper uses a case study to illustrate the elements that often characterize privacy disasters, and describes the principles and processes that can serve as the basis of a privacy policy capable of helping organizations avoid these negative events. The paper also highlights the implications of big data for privacy policy.





When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.