Information Privacy Assimilation

Abstract

This paper proposes a framework to understand organizations' perspectives while safeguarding customers' information privacy. Following a detailed literature review, a broad conceptual model was developed to build a theory based on a multi-site, multi-case study approach. The current manuscript treats information privacy as distinct from information security. From an organizational standpoint, this research reveals that legal policy, technology, and industry standards drive privacy assimilation. At a detailed level, adherence to compliance, competitive best practices, and data management controls significantly impact an organization's opportunistic perspective, resulting in higher-order assimilation (infusion) of organizational privacy practices. Resistance to compliance, investment cost, and reactive approach results in lower-order assimilation (adaptation) of organizational privacy practices. This study delivers practical implications related to how businesses perceive privacy practices while maintaining the right balance of privacy risks and opportunities.