.

Monday, January 28, 2019

Online Privacy as a Corporate Social Responsibility- an Empirical Study

person-to-person line of credit moralistic philosophy A European go off intensity 20 shape 1 January 2011 Online swindlecealing as a embodied affable indebtedness an empirical study Irene Pollach Aarhus School of commercial enterprise, University of Aarhus, Aarhus, Denmark t from each oneing technology and the cyberspace nisus added a spick-and-span position cle ber maintenance to the collective kind righteousness (CSR) agenda online cover. While theory suggests that online retirement is a CSR, single very few studies in the wrinkle ethical motive books view connected these 2.Based on a study of CSR disclosures, this article contri moreoveres to the active literature by exploring whether and how the largest IT companies hide online seclusion as a CSR. The ? ndings evince that except a sm whole masterportion of the companies catch worldwide concealing plans, although more than half of them sound honorable or relational motives for mouthing online covert. The covert stairs they contemplate got taken be primarily residence measures, while measures that molest a stakeholder dialogue atomic number 18 rargon.Over solely, a wide variety of approaches to addressing silence was plunge, which suggests that no institutionalization of concealing practices has taken place as yet. The study consequently repoints that online silence is rather new on the CSR agenda, currently playing yet a minor character reference. presentment Since the 1990s, companies striving to be intimately bodily citizens pay back had to devise strategies to address issues such(prenominal) as pollution, energy exercising, fumble production, animal testing, child labor, sweatshops, organiseforce diversity, or advertising to children.It has become a de-facto standard for very large corporations to publish companionable reports documenting how they address these issues in the marketplace, the swear outplace, the supply chain, and the community in coiffe to ful? ll their role as good corporeal citizens (Snider et al. 2003). The advent of the Internet has non except revolutionized many dividing line role models alone has as well rede? ned what it means to be a good bodily citizen (Post 2000), as approximately of the above issues argon of little rele cutting edgece to companies jackpoting with info and technology.One issue of public concern that has become highly applicable for IT companies is online retirement (De George 2000, Johnson 2006). doi 10. 1111/j. 1467-8608. 2010. 01611. x cultivation concealment denotes an individuals right to decide what instruction is made available to diametricals (Westin 1967). concealing is olibanum guaranteed only if individuals know that entropy be collected more or less them and if they state figure over this entropy compendium and the subsequent go for of the info (Foxman &038 Kilcoyne 1993, Caudill &038 Murphy 2000). In the United States, cove r-related legislation exists only for health c ar, ? ancial returns, and children on the Internet (Bowie &038 Jamal 2006), while many aspects of data collection and user sustain in electronic traffic atomic number 18 still unregulated (Fernback &038 Papacharissi 2007). Countries of the European Union, meanwhile, defend seclusion more strictly (Baumer et al. 2004), which has proven to be a hurdle for US technology companies operating in Europe. In 2008, for usage, technology giant Google encountered fusss in several European countries with its data let out over practices (OBrien 2008).Despite legislative efforts in Europe, data cover violations shed occurred in a yield of 88 r 2010 The former backup morals A European fall over r 2010 Black rewardously produce Ltd. , 9600 Garsington Road, Oxford, OX4 2DQ, UK and 350 Main St, Malden, MA 02148, USA bank line moral philosophy A European recap spate 20 Number 1 January 2011 large organizations, including, for st andard, the largest German bank, DeutscheBank (Neate 2009), or T-Mobile UK (Wray 2009). The problems with l unrivaledliness legislation be that it is dif? ult to identify violations of these laws and that the law may lag behind what is technologically feasible. For the above reasons, global companies start close to discretion over how more secretiveness they grant users and how much they collapse near their data handling practices to their users. This discretion adds extra complexity to the moral issue of whether companies take reward of their powerful position by collecting and using data from users to advertize their own argumentation interests, for example by sending out unasked promotional e-mails or selling user data (Pollach 2005).The discretion companies rump exercise when it comes to familiarity privateness and the honorable implications of this discretion entail that education secretiveness is a question of corporate morality. While theoretical work on c orporate companionable responsibility (CSR) suggests that silence could be a meaningful admittance to a corporate CSR program, little is known skilful roughly corporate practices. This paper and then sets out to explore whether and how companies whose totality teleph iodin circuit is found on data and technology be embracing knowledge concealment as a CSR. The ? dings suggest that culture loneliness is emergent as an piece of CSR programs, merely that there is a great deal of variety regarding the simulateion of retirement as a CSR. The paper ? rst discusses the moral issues behind information silence on the Internet, go offs the literature on corporate responses to peoples hiding concerns, and indeed looks at the literature on loneliness as a CSR. After describing the sample and the methodology central this study, the results argon presented and their implications ar discussed. The ethics of information privacyThe very core of electronic and mobile comm erce revolves around technology, digitization, and the exchange of information, which poses a number of honest problems (Zonghao 2001). A dampenicular quarrel to information handling in electronic commerce is the trade-off mingled with collecting data for the sake of enhancer and not collecting data for the sake of privacy (Introna &038 Pouloudi 1999). an some other(prenominal) challenge is the trade-off mingled with collecting data for the sake of pro? ts and not collecting data for the sake of privacy.As commercial trans natural processs on the Internet or by dint of mobile ph singles are commonly based on credit-card payments and the shipment of goods to the buyers home address, the agreement is tipped towards the contract for disclosure rather than the safeguard of privacy. However, companies collect not only in person identifying information (PII) from transactions but in addition collect PII when users register themselves, use online services, participate in sweeps takes or surveys, or send inquiries to the participation. In addition to PII, companies collect unnamed click-stream 1/2 data and compile anonymous user pro? es when Internet users navigate the companies websites (Kelly &038 Rowland 2000). Through the collection of IP addresses, PII coffin nail in addition be combine with anonymous click-stream data in baffle to obtain very comprehensive user pro? les (Payne &038 Trumbach 2009). The easier access to and increased mobility of data guide made information a commodity that is bought and sold by data brokers (Spinello 1998). It is therefore as well mathematical for companies to buy datasets of user information from data brokers and merge them with the data they have collected themselves.Companies may use the data they collect from customers and visitors on their websites besides to execute transactions, recognize users when they return to the site, and improve their website design based on users interests. But companies may eq ually use such data for purposes other than those they were collected for. For example, they may target banner ads at users, harass users with unrequested commercial e-mails, or share this information with third parties (Han &038 Maclaurin 2002). A maturation body of literature documents peoples concerns about privacy violations in online transactions (e. . Culnan &038 Armstrong 1999, P sustains et al. 2000, Sheehan 2002, Norberg &038 Horne 2007, Norberg et al. 2007). Essentially, these concerns stem from the im counterweight in power amid companies as data collectors and users as data providers. While companies have superior knowledge of what user data are collected and how they are r 2010 The germ crinkle morals A European check out r 2010 Blackwell produce Ltd. 89 logical argument ethics A European Review tawdriness 20 Number 1 January 2011 handled, users may not even offing be aware that data are collected, let alone that they are combined into user pro? les. hus no t suited to enhance user privacy or engender trust among Internet users. Corporate response to privacy At the turn of the century, some companies began to introduce chief privacy of? cers (Awazu &038 Desouza 2004). Their tasks implicate compileing information about tender and legal aspects of privacy, devising the participations privacy strategy, disseminating information about corporate data handling practices to subjective and external stakeholders, and representing the communitys shootment to privacy (Kayworth et al. 2005). Another corporate response to information privacy is privacy policies posted on commercial websites (Sama &038 Shoaf 2002).The original idea behind privacy policies on websites was that companies would transgress how they handle the data they collect from users, while users would care to the full take through the explanation of the connections data handling practices, register their consequences, and then accept an informed decision about divulgin g own(prenominal) data or not (Ciocchetti 2007). In reality, privacy policies contain legalese, tech-speak, and other obfuscating language patterns that dapple questionable data handling practices (Pollach 2005, Fernback &038 Papacharissi 2007).Internet users have been found not to read privacy policies for the above reasons (Milne &038 Culnan 2004). seclusion policies are sometimes supplemented with privacy seals awarded by private-sector institutions (e. g. BBBOnline, TRUSTe, WebTrust) or accounting ? rms. These seals indicate that companies comply with responsible standards of data handling, as de? ned by the awarding institution (Smith &038 Rupp 2004). bustlesumers still have to read and understand the privacy policy, as the seal alone does not guarantee that the data handling practices of the troupe comply with an individuals privacy preferences (Rifon et al. 2005).The problem with privacy seals is also that they do not effectively protect users from privacy breaches. The s ealawarding institution may not know about a privacy breach or, if it does learn about it, potful only revoke the seal, but has no means to garter people regain lost privacy (Shapiro &038 Baker 2001). These measures are knowledge privacy as a CSR Carroll (1979) categorised corporate social responsibilities into scotch, legal, estimable, and philanthropic responsibilities, arguing that making a pro? t is the quintessential responsibility of companies, together with their adherence to legal regulations. jibe to this classi? ation, information privacy croup be categorized as an honest responsibility, given that legislation is insuf? cient to govern corporate decision making in all regions of data handling. This is elaborated on by Mintzberg (1983), who suggested that areas where CSR comes into play are those where existing legislation needs compliance with its spirit as well as its letter and where the corporation stomach fool its customers or suppliers or the government th rough its superior knowledge (p. 12). If a company decides to address information privacy, it may not hardly do so because privacy is an ethical corporate responsibility. Rather, Aguilera et al. 2007) argue that companies accept responsibility for social issues for leash incompatible reasons (1) moral reasons determined by morality- compulsive values (2) relational reasons determined by the companys concern about stakeholder relationships and (3) instrumental reasons driven by corporate self-interest. Moral motives are enacted particularly by individuals with organisational decision-making power who have strong morality-based values. Relational motives are grounded in a companys lust to promote and balance stakeholder interests, thereby building trust, maximizing stakeholder wealth, and gaining social legitimacy (Aguilera et al. 007). Instrumental approaches are self-interest driven, seeking to achieve greater competitiveness and defend the corporate reputation (Aguilera et a l. 2007). The latter(prenominal) approach corresponds to Jones (1995) argument that companies that manage to earn the trust of their stakeholders will be able to secure a competitive ad wagon traintage through nest egg on monitoring costs, bonding costs, transaction costs, and search costs arising from managing the variant corporate stakeholder groups. Instrumental motives 90 r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd.Business Ethics A European Review Volume 20 Number 1 January 2011 fire also be driven by the desire to preempt pricy government regulations (Aguilera et al. 2007). The strategy literature follows the instrumental approach to CSR, arguing that companies to which a particular responsibility is highly rele new wavet can bene? t from incorporate this responsibility into their overall strategies. Burke &038 Logsdon (1996) list the following conditions in order for CSR to guide strategic ad wagon traintages to the ? rm the chose n CSR issue is central to the companys mission, is voluntarily embraced, brings bene? s to both the ? rm and to the public at large, is intercommunicate in a proactive manner, and is visible to external stakeholders. It has also been argued that CSR initiatives can bring sustainable competitive advantages in the form of a ? rst-mover advantage (Lieberman &038 capital of Alabama 1998). However, for this advantage to emerge, the company must(prenominal) not only be the ? rst one to address a particular CSR comprehensively but must also continuously seek to enhance what it has achieved in order to secure this advantage (Tetrault Sirsly &038 Lamertz 2008).The strategy literature therefore suggests that companies in the information technology pains could bene? t from embracing online privacy as a CSR, especially if they cast this commitment visible to external audiences. Although theory suggests that privacy could be a relevant CSR theme for particular companies, very few empirical studies have addressed the link between information privacy and CSR. They allow in Sharfman et al. s (2000) survey among managers on how important they consider a number of social issues, including the resistance of privacy.However, in the explorative factor abbreviation they conducted, privacy was eliminated from advance analyses. Fukukawa &038 Moon (2004) acknowledged information privacy as an exponent of CSR in their study of CSR activities reported by companies in Japan. In addition, Chaudhris (2006) effect study of global citizenship at Hewlett-Packard mentions privacy as one area the company has included in its CSR agenda. In anterior theoretical work, Carroll (1998) has highlighted the security measures of online privacy rights as one area where the law lags behind ethical thinking and morality comes into play.Finally, Post (2000) examined the changing role of corporate citizenship in the 21st century and pointed to customer privacy as a new issue of CSR. To date, th ere is no article that empirically studies in what modalitys information privacy is actually addressed as a CSR. look design This study explores whether and how companies are embracing online privacy as a social responsibility, focusing on what measures they claim to have taken and how they blow over these to their external stakeholders in their CSR disclosures.In view of the lack of previous interrogation in this area, this study is exploratory in nature. Accordingly, its goal is to identify the variety of corporate practices rather than to compare and contrast companies. The starting point for the analysis are the tierce processes of CSR included in Basu &038 Palazzos (2008) process model of sense-making (1) the reasons a company states for amiable in speci? c CSR activities, (2) the kind of behavior a company displays to live up to its CSR commitments, and (3) the way in which a company regards its relationships with its stakeholders.This contribution ? rst describes the sample and the data and then goes on to explain the methodology that was applied to analyze the data. Sample The sample consists of the largest companies from IT-related industries, as they are nigh closely intertwined with information through the hardware, software, or services they provide. To them, information privacy could be a meaningful strategic element of their CSR programs in cardinal different ways. First, they may embrace privacy as a social responsibility in the way they collect and use data.Second, technology does not just violate privacy, it can also enhance privacy. Accordingly, IT companies may plunge in corporate social innovation and develop privacy-enhancing products or commit themselves to educating consumers about privacy protection. Clearly, other large companies, such as retailers, break online as well, but were not considered for this study, as data and information are not at the core of their activities. Large companies were chosen, as these companies a re believed to action as lead innovators in their industries. whole IT-related companies from Europe 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 91 Business Ethics A European Review Volume 20 Number 1 January 2011 and the United States listed among the Fortune world-wide 500 and the ? rst 1,000 companies of the Forbes 2000 company rankings were included in the sample. Neither of the dickens rankings includes information technology as an pains. Rather, both include a number of industries that deal with information and technology. These include Computer and Data Services, Computer Software, Computers &038 Of? e Equipment, Network and Other communications Equipment, and Telecommunications from the Fortune globose 500 list and Software &038 Services, Technology ironware &038 Equipment, and Telecommunications Services from the Forbes 2000 list. A few IT companies listed in these two rankings could not be included in the analysis, as they had been acquired by another company since the consequence of the rankings. Also, the two rankings overlap to a substantial extent, so that the ? nal sample amounted to a total of 95 IT companies. On each companys website, the CSR section was accessed.If there was no such section, sections dedicated to the company background, mission and values, or ethics were accessed. The goal was to download all text editions pertaining at least in the main to CSR and, if available, the latest CSR report. An important criterion was that privacy-related information was collected only if it was close in as a CSR issue. loneliness policies, which are a standard element of every commercial website, were not collected, as their instauration alone does not represent a commitment to social responsibility. Of the 95 companies in the initial sample, 30 companies mention privacy in their CSR confabulation.The analysis is thus based on these companies (see Appendix A). Their texts range from 21 to 2,367 words in continuance. Methods This exploratory study draws on both a positivist approach and a constructivist approach in order to look at the data as holistically as possible (cf. Jick 1979). When studying textual data, the fundamental difference between the two traditions is that the positivist tradition sees language as a vector of information, while the social body structureist tradition holds that people consciously and unconsciously puddle social realities when they use language. Accordingly, the textual data were ? st studied using ternary-figure discipline analysis, which systematically records the frequency of particular sate features. Because of its quantitative, systematic nature, center analysis de-contextualizes the words from the discourse that is examined and therefore has no means to be its ? ndings within a wider context. The ? ndings of the electrical capacity analysis were therefore combined with a discourse analysis and are presented together. The comb ination of sate analysis and discourse analysis has also been suggested by seekers in linguistics (van Dijk 1985, Herring 2004), sociology (Markoff et al. 974), and information systems (Trauth &038 Jessup 2000). In this study, the results of both analyses together provide a much richer insure of corporate practices than one analysis alone could furnish. This is important, given the absence of previous research on privacy and CSR. Content analysis systematically condenses texts into content categories by contributeing a cryptanalysis scheme that produces quantitative indices of textual content (Krippendorff 1980, Weber 1985, Kolbe &038 Burnett 1991, Neuendorf 2002).The content analysis conducted as part of this study records in a systematic and exhaustive manner which companies in the sample have employ which measures to improve user privacy. The approach chosen for this analysis uses real codes, which capture precisely de? ned facts, as opposed to thematic codes, which captur e themes addressed in a prede? ned textual unit (Kelle &038 Laurie 1995). The factual codes pertain to privacy measures companies have actually taken, but exclude those that companies plan to implement in the future.With no existing coding scheme available, a preliminary coding scheme was developed from the data by examining the texts in the sample inductively (cf. Strauss &038 Corbin 1990) for measures that companies have taken to secure user privacy. Overall, 41 different measures were identi? ed. The measures were recorded dichotomously as being either present (1) or absent (0). They are listed in gameboard 2 together with the results. The soft approach chosen here was discourse analysis, following a social constructionist tradition, which views discourse as a social action that is shaped by and shapes the context in which it occurs (van Dijk 1997a).Discourse analysis is a 92 r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. Business Ethics A European Review Volume 20 Number 1 January 2011 method of textual analysis that focuses on how and why language is employ in a particular way (van Dijk 1997b). It is based on the effrontery that people intentionally and unintentionally construct social realities when they remove in discourse. They use language in their roles as members of particular social groups, professions, institutions, or communities but also construct such roles when they use language in social situations (van Dijk 1997a).Similarly, organizational texts can be constructive and constitutive of realities just like text or speech of individuals (Fairclough 2005). Discourse analysis typically pays attention to language features such as repetitions, pronouns, passive voice, nominalizations, modal verbs, factorpatient relations in sentences, and attitudinal lexis in order to study the roles assign to the participants in the discourse, the power relations between them, and the foregrounding or the downplay of c oncepts and events.The discourse analysis conducted here examines how companies present themselves as responsible companies when it comes to privacy and data handling. Basu &038 Palazzos (2008) process model of CSR has guided the analysis and therefore also provides the structure of the results section. Accordingly, the results section starts with the companies reasons for including privacy in their CSR programs, then presents privacy measures companies have taken as part of their CSR initiatives, and ultimately studies the relationships with the various stakeholders that are affected by the companys privacy practices.The reasons for including privacy and the stakeholder relationships are analyzed in the form of a discourse analysis. The analysis of the privacy measures is based on a content analysis, but enhanced with soft insights, as needed. Aguilera et al. s (2007) classi? cation of moral, relational, and instrumental CSR motives. Table 1 shows this categorization together with the text passages where these motives were show uped.The moral motives found include the understanding that Internet users have privacy rights, which the company wants to observe, and the acknowledgement that the company has the responsibility to protect the data they gather from Internet users. Relational motives include the recognition that customers have a desire for privacy, which the company seeks to meet, and the expectation that privacy protection will sponsor the company win customers trust. Ultimately, one company expects to bene? t from its privacy program in that it expects to gain a reputational advantage from privacy protection. CSR behaviorThe content analysis revealed 41 different measures companies had taken to support user privacy (see Table 2). They have been grouped into four categories, which are discussed below. One company has implement 19 of these measures, and nine companies have employ cardinal, nine, or 10 different measures. At the other end of the s pectrum, there are two companies that have not implemented a single measure, but still talk about privacy in the context of CSR. Further, eight companies have implemented one or two measures, and nine companies have implemented between triple and seven measures.Most commonly, a measure was taken by only one company (19 measures) or two companies (six measures). The measure taken well-nigh frequently was taken by 15 companies. Thus, there is a tolerant variety in how companies address privacy. It is also worth noting that it is not necessarily the biggest companies in the application that have taken lead roles in defend user privacy. When ranking all companies jibe to their ranks on the Forbes 2000 and the Fortune Global 500 lists, one can see that the company with the highest number of privacy measures ranks among the top three on both the Forbes and the Fortune list.The other two companies among the top three in the Fortune and Forbes rankings have implemented only one and t hree measures, respectively. The three companies Results Reasons for privacy as CSR The texts were examined for indications of why the companies include privacy in their CSR programs. Only 13 companies voiced their motivation for engaging in privacy protection, presenting different reasons why they apply in CSR. The communicated motives have been grouped according to r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 3 Business Ethics A European Review Volume 20 Number 1 January 2011 .. Table 1 Communicated motives for corporate privacy programs Motive Moral description Three companies acknowledge that people have a right to privacy Quotations To us, the right to privacy includes the right of individuals to have a voice in the use and dissemination of their individualized information. A person has the right to enclose what information about him or her is collected and to determine how that information is utilise. Con? dentiality and security o f consumer data . . . are areas safeguarded by PT in order to respect the freedom and basic rights of each individual We feel a strong responsibility to help ensure a safer, more gratifying Internet, while addressing the challenges to privacy and security posed by todays new media. Companies have a responsibility to ensure that the information they hold about their customers and employees is protected, stored, transferred, and used in a responsible manner. Microsoft takes seriously its responsibility to help address the security and privacy challenges of the information-based society, from viruses and spyware to spam and online identity theft. view for privacy is part of our commitment to observe high standards of integrity and ethical conduct in all our operations Protecting our customers privacy is a priority. We understand and respect your desire to protect your in the flesh(predicate) information. The protection of personal information is a very high expectation among our c ustomers, and to meet it, we . . .. Externally, saber is attached to building customer relationships based on trust, and that includes recognizing the importance of protecting personal information. Consumer trust and con? dence is critical to Ciscos business and to any technology and Internet-related business as a result, the industry must protect citizens privacy. We have to acquire a license to operate by conducting our business in a decent and responsible way. Security and dependableness form the basis of Telekom Austria Groups stable and successful customer relationships.The Group therefore gives top priority to protecting the integrity and con? dentiality of sensitive data. Main opportunities Enhance customer and employee trust, . . . support brand/reputation. quadruplet companies hold that they have a responsibility to protect the data they gather from Internet users Relational two companies recognize that customers have a desire for privacy that needs to be met Four companies view privacy protection as a means to winning customer trust InstrumentalOne company states that it expects to gain a reputational advantage from its privacy program .. that have implemented the second highest number of privacy measures occupy ranks 77, 87, and 173 on the Fortune Global 500 list and ranks 49, 518, and 782 on the Forbes 2000 list, which indicates that it is not necessarily the biggest companies in the IT industries that embrace information privacy.An investigation of the relationship between the number of measures taken and space of the privacy text on the corporate website revealed a correlation of 0. 77. This suggests that text length is an indicator of how important the issue is to a company. At the analogous time, it also shows that the companies generally do not talk at length about privacy without having taken relevant measures. One category of measures pertains to the companies inborn affairs. They address processes, employee conduct, and, to a sm all extent, suppliers.The measures mentioned most frequently are the 94 r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. Business Ethics A European Review Volume 20 Number 1 January 2011 .. Table 2 The content of corporate privacy programs Internal Physical protection of data procedural/administrative protection of data Electronic/technical protection of data covert policy concealing is part of the code of conduct Privacy of? e(r) Privacy board/working group Employee training Disciplinary action for employee misconduct Privacy newsletter for employees Employee monitoring Privacy included in employment contract Online resources for employees Ethics hotline for privacy questions Internal privacy attempt Limited employee access to data Online reporting of privacy incidents Regular review of systems and processes Regular review of privacy policy Binding third parties to privacy agreements Reviewing third-party privacy practices Privacy newsletter for customers Guidance/information for consumers Resources for parental control &038 child safety Privacy e-mail address Integrating privacy into product development Privacy blog Involving stakeholders in design of privacy policy Supporting IS education at schools and universities Publishing privacy research papers Supporting law making Supporting industry self-regulation working with industry Working with governments Working with NGOs, think tanks Political action commission (PAC) Compliance with laws Exceeding laws Compliance with Safe Harbor Compliance with GRI Privacy seal 6 2 3 15 8 7 3 9 1 1 1 1 1 1 1 3 1 5 3 5 2 1 10 5 2 8 1 1 1 1 2 1 5 6 10 1 11 1 4 1 4 79 External 30 Collaborations 25 Compliance 21 . existence of a privacy policy and privacy training, privacy being part of the code of conduct, privacy of? cers, physical data protection, and regular review of systems and processes. solely other measures taken internally were taken by one, two, or three companies each, for example measures encouraging employees to report privacy violations and to comply with relevant guidelines. Two different measures pertaining to suppliers or other third parties were identi? ed, namely that the company reviews privacy practices of those partners and that these outsiders are bound to a privacy agreement.The second category of measures contains those tell towards external stakeholders. They include r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 95 Business Ethics A European Review Volume 20 Number 1 January 2011 primarily guidance for consumers regarding Internet privacy. Five companies take measures that address parents concerns about their childrens privacy. In addition to providing information, companies also solicit consumer feedback on privacy matters. Two companies highlight that they have an e-mail address to which people can send privacy concerns and inquiries, and one company involves stakeholders in the design of its p rivacy policy.The inclusion of privacy considerations in product development was embraced by eight companies. Another group of measures pertain to the participation in industry initiatives and collaborations. cardinal companies mention a variety of privacy forums, centers, associations, think tanks, and institutes in which they are involved, including for example, the Electronic Privacy Group, the European Privacy Of? cers Forum, or the Liberty Alliance. few of them also state that they cooperate with other companies and governments. However, the nature of this cooperation remains un seduce, and in some places, the cooperating institutions are not even mentioned.Ultimately, a few US companies express their views on privacy legislation. As part of the measures they have taken, three companies take an active stance for either privacy legislation or self-regulation. Both of these viewpoints are visions at this point, as there is neither privacy legislation nor a functioning model of self-regulation in the United States. The two viewpoints are as follows We also believe that governments must ? nd improve ways to enforce laws against data breach, misuse and fraud, and help consumers pursue those who bilk their personal information. . . . HP was one of the ? rst companies to embrace the idea of a comprehensive U. S. privacy law. Because disparate and multiple privacy rules place a baleful burden on global companies, we support a model of industry self-regulation (as opposed to government intervention) in which innovative tools give consumers greater prize in both protecting their personal data and understanding how it may be collected and used. they comply with all relevant privacy laws. As compliance with laws is a legal rather than an ethical responsibility according to Carrolls (1979) classi? cation of corporate responsibilities, only going beyond the law can qualify as a CSR initiative. Dressing up a legal responsibility as an ethical responsibility casts doubt over the unassumingness of these efforts.In fact, one of these 11 companies has implemented no other privacy measure apart from legal compliance. There is only one company that vows to surmount legal requirements HP is pioneering an approach to the protection and responsible use of personal information. This effort goes beyond compliance with the law. Only a minority of companies have adopted the privacy standards of outside organizations, such as GRI or privacy seal programs. Stakeholder relationships The measures identi? ed above relate to a number of internal and external stakeholder groups, including employees, consumers, parents, industry, suppliers, governments, advocacy groups, and the community at large.However, the analysis of the measures does not reveal anything about the relationships with stakeholders, and in some field of studys, the stakeholder group to which a particular measure was addressed was not even mentioned. This section therefore focuses speci? cal ly on the stakeholder groups to which the companies express some form of consideration. This could be in the form of protection measures, information provision, cooperation, or merely by expressing an awareness of their stakes in privacy. In addition to an account of these overt commitments to stakeholders, a discourse analysis is used to uncover discursively constructed relationships with stakeholders. Table 3 lists the various stakeholder groups identi? d, together with their stake in privacy, the number of companies that made a commitment toward each stakeholder group, and an example of such a commitment. This table is different from the results presented in Table 2 in that it was not concrete actions that guided this analysis, but the awareness of stakeholder concerns. We ? nd that companies recognize primarily the stakes of their customers and employees, who exercise a direct and economic in? uence on the company and can therefore be labeled Even companies that do not take a st ance on the legislation vs. self-regulation debate emphasize compliance with legislation. Eleven companies state that 96 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. Business Ethics A European Review Volume 20 Number 1 January 2011 .. Table 3 Addressing stakeholder concerns Stakeholder GroupStake Primary Customers/ trade protection of 25 Users their data Employees Suppliers/ Vendors Training Guidelines 14 6 Example In order to help our customers address these issues, we have begun to develop guidance documents to help customers understand which parts of our technology may have privacy applications. We work hard to ensure that Sun employees have the information they need to apply our privacy protection standards in their work. When it is necessary for business reasons to share a persons information with third parties such as net income service providers and marketing campaign partners, we work together to ensure that we maintain the highest p rivacy standards. We met with government of? cials and regulators in all regions to understand their concerns and initiatives and to help them fully appreciate the potential implications for privacy of new technologies. We are working with other industry participants . . . to develop solutions that help us reach both of these objectives. In 2007, we formed our Stakeholder Advisory Council (SAC) comprising respected experts from a variety of nongovernmental organizations. Symantec is committed to parcel parents keep their kids cybersafe. We believe that in the kindred way that we educate our children about the risks of drugs, smoking, or violence, it is critical that we educate them about the importance of safe computing. We splatter this internal resource to offer programs that bene? t our local schools and communities. We are also in the process of implementing an employee-led education program. Secondary Government Industry protagonism groups Parents Compliance with laws e xpertise in data handling Cooperation Cooperation 6 6 3 Protection of 5 their childrens data Expertise 1 Schools/ communities . primary stakeholders according to Ansoff (1965). However, there are also companies that talk about privacy in a CSR context, but do not voice a commitment to these two primary stakeholder groups. Of the 30 companies, ? ve do not state that they do anything to improve the privacy situation of their customers and 16 do not make such a commitment toward their employees. Suppliers, who are also primary stakeholders, are addressed to a smaller extent. We can also see that the companies in the sample largely neglect their alternate stakeholders, i. e. those groups who do not directly in? uence a companys core business (Ansoff 1965).Only a maximum of six companies interact with each secondary stakeholder group, such as parents or governments. On the surface, all companies studied engage in a discourse characterized by care and concern for privacy. In particular, emotion-laden words like help, understand, respect, concern, and safe abound across all texts studied. For example Protecting our customers privacy is a priority. We understand and respect your desire to protect your personal information. And as the 24 A 7 demands of the Internet era threaten to overwhelm customers with complexity, they need trusted and reliable companies to help them make sense of technology and put it to use to make their lives better. The tone becomes even more concerned when companies address their relationship with parents and children We understand the responsibility and concern of parents who worry about their childrens exposure to inappropriate content and potentially dangerous interactions on the Web. Protecting our children . . . We believe that in the same way that we educate our children about the risks of drugs, smoking, or violence, it is critical r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 97 Business Ethics A European Review Volume 20 Number 1 January 2011 that we educate them about the importance of safe computing. In the second example, the pronoun we/our adds to the concerned tone by promoting a sense of collegiality and divided affection.The same is also achieved in other places, when companies use this inclusive form of we to reduce the distance between themselves and their outside stakeholders Our individual sensitivities about how our information is treated . . . are not uniform or Sun is committed to investigating and addressing the privacy challenges . . . associated with our increasingly digital way of life. In such statements, companies reduce the power distance between themselves and their stakeholders. The inclusive we is also an indicator of positive politeness (Brown &038 Levinson 1987), indicating how writers conceptualize their audiences and what kind of distance writers create between themselves and their audience.While some companies use the inclusive we, others talk about companies in general, e. g. all businesses are responsible for . . . , which includes themselves only implicitly and distances themselves from these events. Mostly, though, companies make themselves the causal agents we must address these concerns by helping to protect . . .. Notably, one company draws its audiences into the discourse by always addressing them directly, e. g. We understand and respect your desire to protect . . .. All together, the different voices present in these texts suggest that companies have different levels of self-awareness and different understandings of their role in this process.Less variety exists in the distance to the audience, which is apart from one exception not explicitly present in the discourse. This suggests that companies do not consider their CSR activities to be dialogic in nature. Another kind of discourse is found in 10 of the companies texts studied. This discourse reveals that some companies are actually concerned in ? ndi ng a balance between users privacy interests and their own business interests rather than protecting privacy unconditionally. They seek to achieve a balance between customers privacy interests and business priorities, business requirements, business needs, their values, or their superpower . . . to reap the bene? ts of online interactions. Business interests are also communicated implicitly our goal is straightforward to balance the interests and concerns of our customers private information with their interest in receiving quality service and information about useful new products. Alternatively, one company mentions only one weight of the balance, without saying what the other weight is that we are prominent the right balance for our customers and to reach balanced results. The discourse of balance is a manifestation of the companies power, given that it is they who decide when this balance is reached. Interestingly, this kind of discourse has naught to do with the motivation s they express.Two companies, for example, have voiced moral motives, but also engage in this discourse of balance, as does the one company that has indicated an instrumental motive. It is also worth noting that not a single European company in the sample engages in this discourse of balance. Discussion The literature review has highlighted that users are concerned about privacy and that companies do not respond in a manner that eases stakeholder concerns. The companies chosen for this study are all active in the hardware, software, or telecommunications industries, in which data play a essential role. Thus, information privacy, and in particular online privacy, is a central issue in their business conduct.The content analysis has revealed that only a small rest of the largest IT companies comprehensively address privacy as a social responsibility. In the sample, we ? nd both companies that have taken a number of relevant actions to address user privacy and companies that have only taken one or two concrete measures, but nevertheless present privacy as part of their CSR program. A substantial proportion of the measures they have taken fall into the area of compliance and employee conduct (e. g. guidelines, policies, monitoring, and reporting), while measures that stimulate a stakeholder dialogue or represent corporate social innovation are found less frequently.Further, some companies reveal that they seek to strike a balance between their own business interests and their stakeholders privacy needs. The sample even contains companies that 98 r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. Business Ethics A European Review Volume 20 Number 1 January 2011 voice moral motives for framing online privacy as a CSR, while at the same time indicating that they are interested in striking a balance between users privacy interests and their own business interests. We have also seen that some of the privacy measures are actually inten ded to ful? ll legal responsibilities rather than ethical ones.Thus, some companies in the sample voice concerns and a commitment to help, but do not take privacy to the level of an ethical responsibility (cf. Carroll 1991). At the same time, companies load their privacy discourse with emotive basis suggesting concern, commitment, and a desire to help. While this kind of language is typical of CSR messages and can almost be expected (cf. Pollach 2003), it is still in contrast to the results of the content analysis, which has shown that comprehensive privacy programs are for the most part non-existent. The ? ndings also indicate that companies have chosen a wide variety of approaches to information privacy. In fact, many of the different measures denti? ed were taken by one, two, or three companies only. Thus, little mimicry and no institutionalized practices have emerged yet. In iridescent environments, companies have a tendency to model themselves after other companies that are m ore successful or more respected. This mimicry leads to institutionalized practices that help companies to obtain legitimacy (DiMaggio &038 Powell 1983). The environment in which the sample companies operate can be characterized as uncertain, as there is no comprehensive privacy legislation as yet and privacy is, to some extent, at each companys discretion. For mimicry behavior to occur, it must be clear to the ? m that adopting a certain practice brings competitive advantages (DiMaggio &038 Powell 1983). In the case of privacy, an institutionalization of voluntary privacy practices could mean that privacy regulation is preempted. However, as not every company in the sample, and maybe in the industry as a whole, is pro self-regulation, some companies may decide not to adopt privacy practices voluntarily, despite the fact that they care about user privacy. Privacy may be on its way to mature from the ethics/compliance focus to a more responsive, proactive focus, but at the moment, it plays a minor role as a CSR. This point is also re? ected in the ? nding that companies address primarily consumer oncerns and step up employee training, while all other stakeholder groups in privacy play a subordinate role. Companies may not have recognized the bene? ts to be gained from engaging with secondary stakeholder groups, e. g. from cooperating with industry partners. At the same time, companies may have been too occupied with implementing privacy standards internally, so that their privacy efforts do not involve secondary stakeholders as yet. These internal compliance measures are clearly the sine qua non for a companys external privacy activities, such as participation in industry initiatives. This study is not without limitations. One clear limitation is that the data stem from corporate selfreports, which are problematic (cf.Podsakoff &038 Organ 1986) in that they are based on what the company reveals rather than what is actually true. This could mean that companies hyperbolize their activities. At the same time, companies may not have mentioned the particular measures they have taken, because they did not consider them important enough. Also, the sample size could have been larger, but the small sample size also serves to illustrate that privacy is just about to begin to play a role in CSR programs of technology-oriented companies. supplement A COMPANIES Adobe Agilent ATT Belgacom British Telecom Cisco Computer Associates dell Deutsche Telekom Electronic Data Systems France Telecom HP IBM Microsoft Motorola Nokia Oracle IN THE example 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 99 Business Ethics A European Review Volume 20 Number 1 January 2011 Portugal Telekom Royal KPN Sabre dah Sun Symantec Telefonica Telekom Austria Telia Sonera Verizon Virgin Vodafone Xerox References Aguilera, R. V. , Rupp, D. , Williams, C. A. and Ganapathi, J. 2007. Putting the S back in CSR a multilevel theory of social chang e in organizations. academy of anxiety Review, 323, 836863. Ansoff, I. 1965. Corporate Strategy. untested York, NY McGraw-Hill. Awazu, Y. and Desouza, K. C. 2004. The knowledge chiefs CKOs, CLOs and CPOs. European Management daybook, 223, 339344. Basu, K. and Palazzo, G. 2008. Corporate social responsibility a process model of sensemaking. Academy of Management Review, 331, 122136. Baumer, D. L. , Earp, J. B. and Poindexter, J. C. 2004. Internet privacy law a comparison between the United States and the European Union. Computers and Security, 235, four hundred412. Bowie, N. and Jamal, K. 2006. Privacy rights on the internet self-regulation or government regulation? . Business Ethics Quarterly, 163, 323342. Brown, P. and Levinson, S. C. 1987. Politeness. Cambridge Cambridge University Press. Burke, L. and Logsdon, J. M. 1996. How corporate social responsibility pays off. tenacious Range Planning, 294, 495502. Carroll, A. B. 1979. A three-dimensional conceptual model of corporate performance. Academy of Management Review, 44, 497505. Carroll, A. B. 1991. The pyramid of corporate social responsibility toward the moral management of organizational stakeholders. Business Horizons, 344, 3948. Carroll, A. B. 1998. The four faces of corporate citizenship. Business and rescript Review, 1001, 17. Caudill, E. M. and Murphy, P. E. 2000. Consumer online privacy legal and ethical issues. journal of human beings Policy and Marketing, 191, 719. Chaudhri, V. A. 2006. Organising global CSR a case study of Hewlett-Packards e-inclusion initiative. Journal of Corporate Citizenship, 23, 3951. Ciocchetti, C. A. 2007. E-commerce and information privacy privacy policies as personal information protectors. American Business Law Journal, 441, 55126. Culnan, M. J. and Armstrong, P. K. 1999. Information privacy concerns, procedural fairness, and impersonal trust an empirical investigation. composition Science, 101, 104115. De George, R. T. 2000. Business ethics and the challenge o f the information age. Business Ethics Quarterly, 101, 6372. DiMaggio, P. J. and Powell, W. W. 1983. The iron cage revisited the institutional isomorphism and collective rationality in organizational ? elds. American sociological Review, 482, 147160. Fairclough, N. 2005. Critical discourse analysis, organizational discourse, and organizational change. Organization Studies, 266, 915939. Fernback, J. and Papacharissi, Z. 2007. Online privacy as legal safeguard the relationship among consumer, online portal, and privacy policies. new(a) Media and Society, 95, 715734. Foxman, E. R. and Kilcoyne, P. 1993. Information technology, marketing practice, and consumer privacy ethical issues. Journal of Public Policy and Marketing, 121, 106119. Fukukawa, K. and Moon, J. 2004. A Japanese model of corporate social responsibility? A study of website reporting. Journal of Corporate Citizenship, 16, 4559. Han, P. and Maclaurin, A. 2002. Do consumers really care about online privacy? . Marketing Man agement, 111, 3538. Herring, S. C. 2004. Computer-mediated discourse analysis an approach to researching online behavior. In Barab, S. A. , Kling, R. and Gray, J. H. (Eds. ), conception For Virtual Communities in the Service of Learning 338376. New York, NY Cambridge University Press. Introna, L. D. and Pouloudi, A. 1999. Privacy in the information age stakeholders, interests and values. Journal of Business Ethics, 221, 2738. 100 r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. Business Ethics A European Review Volume 20 Number 1 January 2011 Jick, T. D. 1979. Mixing qualitative and quantitative methods triangulation in action. Administrative Science Quarterly, 24, 602611. Johnson, D. 2006. Corporate excellence, ethics, and the role of IT. Business and Society Review, 1114, 457475. Jones, T. M. 1995. Instrumental stakeholder theory a synthesis of ethics and economics. Academy of Management Review, 202, 404437. Kayworth, T. , Brocato, L. and Whitt en, D. 2005. What is a chief privacy of? cer? . Communications of AIS, 16, 110126. Kelle, U. and Laurie, H. 1995. Computer use in qualitative research and issues of validity. In Kelle, U. (Ed. ), Computer-Aided Qualitative Data Analysis. Theory, Methods and Practice 1928. London Sage. Kelly, E. P. nd Rowland, H. C. 2000. Ethical and online privacy issues in electronic commerce. Business Horizons, 433, 312. Kolbe, R. H. and Burnett, M. S. 1991. Contentanalysis research an trial run of applications with directives for improving research reliability and objectivity. Journal of Consumer Research, 182, 243250. Krippendorff, K. 1980. Content Analysis An Introduction to its Methodology. Beverly Hills, CA Sage. Lieberman, M. B. and Montgomery, D. B. 1998. Firstmover (dis)advantages retrospective and link with the resource-based view. Strategic Management Journal, 1912, 11111125. Markoff, J. , Shapiro, G. and Weitman, S. R. 1974. Toward the integration of content analysis and general method ology. In D. Heise (Ed. ), Sociological Methodology 158. San Francisco, CA Jossey-Bass. Milne, G. R. and Culnan, M. J. 2004. Strategies for reducing online privacy risks why consumers read (or dont read) online privacy notices. Journal of Interactive Marketing, 183, 1529. Mintzberg, H. 1983. The case for corporate social responsibility. Journal of Business Strategy, 42, 315. Neate, R. 2009. Deutsche Bank admits possible privacy breaches. The Telegraph, July 23. Neuendorf, K. A. 2002. The Content Analysis Guidebook. thousand Oaks, CA Sage. Norberg, P. A. and Horne, D. R. 2007. Privacy attitudes and privacy-related behavior.Psychology and Marketing, 2410, 829847. Norberg, P. A. , Horne, D. R. and Horne, D. A. 2007. The privacy paradox personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 411, 100126. OBrien, K. J. 2008. Privacy laws trip up Googles expansion in parts of Europe. New York Times, November 18. Payne, D. and Trumbach, C. C. 2009. Data mining proprietary rights, people and proposals. Business Ethics A European Review, 183, 241252. Phelps, J. , Nowak, G. and Ferrell, E. 2000. Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy and Marketing, 191, 2741. Podsakoff, P.M. and Organ, D. W. 1986. Self-reports in organizational research problems and prospects. Journal of Management, 124, 531544. Pollach, I. 2003. Communicating Corporate Ethics on the existence Wide Web A Discourse Analysis of Selected Company Websites. capital of Kentucky Peter Lang. Pollach, I. 2005. A typology of communicative strategies in online privacy policies ethics, power and informed consent. Journal of Business Ethics, 623, 221235. Post, J. E. 2000. Moving from geographic to practical(prenominal) communities global corporate citizenship in a dot. com world. Business and Society Review, 1051, 2746. Rifon, N. J. , LaRose, R. and Choi, S. M. 2005. Your privacy is sealed do of web privacy seals on trust and personal disclosures. Journal of Consumer Affairs, 392, 339362. Sama, L. M. and Shoaf, V. 2002. Ethics on the web applying moral decision making to the web. Journal of Business Ethics, 3612, 93103. Shapiro, B. and Baker, C. R. 2001. Information technology and the social construction of information privacy. Journal of Accounting and Public Policy, 204, 295322. Sharfman, M. P. , Pinkston, T. S. and Sigerstad, T. D. 2000. The effects of managerial values on social issues evaluation an empirical examination. Business and Society, 392, 144182. Sheehan, K. B. 2002. Toward a typology of internet users and online privacy concerns.The Information Society, 181, 2132. Smith, A. D. and Rupp, W. T. 2004. Online privacy policies and diffusion theory perspectives security or chaos? . Services Marketing Quarterly, 253, 5375. r 2010 The Author Business Ethics A European Review r 2010 Blackwell Publishing Ltd. 101 Business Ethics A European Review Volume 20 Number 1 January 2011 Snider, J. , Hill, R. P. and Martin, D. 2003. Corporate social responsibility in the 21st century a view from the worlds most successful ? rms. Journal of Business Ethics, 482, 175187. Spinello, R. A. 1998. Privacy rights in the information economy. Business Ethics Quarterly, 84, 723742. Strauss, A. L. nd Corbin, J. 1990. basic principle of Qualitative Research Grounded Theory Procedures and Techniques. Newbury Park, CA Sage. Tetrault Sirsly, C. A. and Lamertz, K. 2008. When does a corporate social responsibility initiative provide a ? rst-mover advantage? . Business and Society, 473, 343369. Trauth, E. M. and Jessup, L. M. 2000. Understanding computer-mediated banters positivist and interpretive analyses of group support system use. MIS Quarterly, 241, 4379. van Dijk, T. A. 1985. Levels and dimensions of discourse analysis. In van Dijk, T. A. Handbook of Discourse Analysis, Vol. 2 112. London Academic Press. van Dijk, T. A. 1997a. Discourse as interaction in society. In van Dijk, T. A. Disc ourse as Social Interaction 137. London Sage. van Dijk, T. A. 1997b. The study of discourse. In van Dijk, T. A. Discourse as twist and Process, Vol. 1 134. London Sage. Weber, R. P. 1985. Basic Content Analysis. Beverly Hills, CA Sage. Westin, A. F. 1967. Privacy and Freedom. New York, NT Atheneum. Wray, R. 2009. T-Mobile con? rms biggest phone customer data breach. The Guardian, November 17. Zonghao, B. 2001. An ethical discussion on the network economy. Business Ethics A European Review, 101, 108112. 102 r 2010 The Author Business Ethics A European Review r 2010 Blackwell

No comments:

Post a Comment