Introduction

Privacy is a subject of substantial interest to management scholars and practitioners. One need not look far to find organizations grappling with the privacy expectations of potential customers, employees, or end users. And scholarship has recognized the role of privacy in such stakeholder relationships: privacy is integral to organizational trust (Pavlau et al. 2007) and fairness (Culnan and Armstrong 1999) and can be a strategic advantage (Smith 2004; Culnan and Armstrong 1999). As such, privacy is a pervasive management issue that crosses management disciplines in addition to business ethics including corporate governance (Beales and Muris 2008; Milberg et al. 2000), strategy (Culnan and Armstrong 1999), and information technology (Smith et al. 1996; Son and Kim 2008; Straub and Collins 1990).

While all agree that privacy is important, disagreement exists on what privacy means and what it encompasses (Charters 2002; Van de Hoven 2008). Definitions of privacy vary—from private information being that which is inaccessible (Warren and Brandeis 1890; Elgesem 1999; Persson and Hansson 2003), controlled (Westin 1967; Alder et al. 2007), or fairly gathered (Bennett 1992; Ashworth and Free 2006; Peslak 2005)—and the concept remains “fuzzy” (Van de Hoven 2008). This is problematic in that performing research on the strength of privacy norms becomes an exercise in testing the presence of an analyst’s conception of privacy in a given population, for a given stakeholder, or within a given issue. For example, actions, such as background checks or Internet monitoring, are positioned as violations of privacy because the actions are not in conformance with an analyst’s definition of privacy (Alder et al. 2007). Similarly, individual’s who do not agree with the analyst’s definition of privacy are presumed to not find privacy important (e.g., Acquisti and Gross 2006) or unethical (Winter et al. 2004).

A growing body of theoretical scholarship has focused on privacy as being contextually defined, thereby defining and examining privacy norms within relationship, situation, or context (Brenkert 1981; Nissenbaum 2004; Solove 2006; Moor 1997; Jiang et al. 2002). Contextual approaches view privacy expectations as the negotiated information norms within a particular community or situation. Individuals are privacy pragmatists (Beales and Muris 2008) who exchange information for specific benefits, i.e., better relationships, power, team cohesion, etc., and these exchanges carry forth actual and hypothetical social contracts (Culnan and Bies 2003). A contextual approach to privacy may explain why management research and practice struggle to identify a universally accepted, static definition of privacy.

In addition, such a contextually defined understanding of privacy could produce more practical guidance for managers and organizations who face a range of privacy issues across stakeholders. Organizations and managers have employees, users, and future customers all with possibly different conceptions of privacy across contexts: employee monitoring (Smith and Tabak 2009; Persson and Hansson 2003; Martin and Freeman 2003; Miller and Weckert 2000), behavioral marketing (Charters 2002), online commerce (Pollach 2005; Shaw 2003; Awad and Krishman 2006), RFID technology (Peslak 2005), data storage (Culnan and Williams 2009), and social networking (Martin 2010)—to name only a few—each contain their own contextual influences on privacy expectations. Tactics in managing employee information may not translate to the expectations of potential customers, and static approaches to privacy do not guide managers across relationships, situations, or contexts.

This article validates a social contract approach to privacy through an experimental empirical study. As explained more fully below, a social contract approach to privacy extends current work within context-dependent approaches and allows individuals within a particular community to develop local privacy norms about what, why, how, and to whom information flows, while respecting universal social contract principles such as consent, voice, and exit among others (Donaldson and Dunfee 1994; van Oosterhout et al. 2006).

A social contract approach to privacy is supported theoretically (Culnan and Armstrong 1999), and would be particularly well suited to the stakeholders and issues of organizations and managers. However, little empirical work has been done to test a social contract approach to privacy as social contract approaches, in general, remain empirically challenged (Dunfee 2006; Glac and Kim 2009; van Oosterhout et al. 2006; Soule 2002): allowing for locally defined norms renders contextual approaches to privacy difficult to test empirically.

Factorial vignette survey methodology is used to examine the possibility of locally negotiated authentic privacy norms within particular communities (Rossi and Nock 1982; Jasso 1990). Rather than test for the presence of a static definition of privacy, the factorial vignette method supports identifying the privacy factors and their relative importance—the privacy norms—that respondents take into consideration in making a judgment about privacy within particular communities (Jasso 2006; Wallander 2009). This study is a theoretical examination, and the findings will support or not support the use of social contract approaches to explain privacy norms. Such research seeks the generalizability of ideas rather than the generalizability of data patterns within a specific population (Lynch 1982).

This study builds on and contributes to both privacy literature and contractual business ethics (CBE) scholarship. First, I extend existing literature on contextual approaches to privacy that suggest privacy norms are dependent upon particular relationships and context. Finding empirical evidence of a social contract approach to privacy would suggest that rather than developing a singular litmus test for privacy, practitioners, and scholars would focus on identifying relevant contracting communities and the factors and their relative importance those individual take into consideration in their privacy expectations.Footnote 1

In addition, social contract approaches comprise an important movement in business ethics and management with both theoretically robust hypothetical narratives and critiques within CBE generally as well as the highly cited integrative social contract theory (ISCT) (Donaldson and Dunfee 1994; Heugens et al. 2006; Dunfee 2006; Phillips and Johnson-Cramer 2006; Husted 1999). The identification of the relevant community and local authentic norms is “partially if not entirely” an empirical task (Husted 1999). Yet, local authentic norms have proven difficult to empirically examine (Glac and Kim 2009). The quasi-experimental methodology employed here allows for the inductive generation of implicit privacy norms agreed upon within a contract community through statistical analysis. This research not only builds on CBE but also contributes to CBE by meeting the call to for more task-directedness and domain-specificity in social contract empirical work to focus on a precise issue the contract is supposed to fulfill (Wempe 2005).

Theoretical Foundation and Hypotheses Development

A social contract approach to privacy is an outgrowth of current contextual approaches to defining privacy in philosophy. Relationship-based privacy scholars justify or define privacy based on inter-personal relationships and view privacy as an agreement between individuals (Brenkert 1981). Privacy has long been seen as necessary for social exchanges: discriminately sharing information allows us to form different relationships with different people (Fried 1984; Rachels 1975) and is useful to converse and trade (Singleton 1998). Situation-based scholars, on the other hand, allow for privacy rules to be context dependent regardless of the individuals involved (Jiang et al. 2002; Solove 2006). Combining the two approaches, Moor (1997) views privacy as attached to a situation or zone where different people may be given different levels of access for different kinds of information at different times (Moor 1997), thus making privacy simultaneously more realistic yet more difficult to empirically examine or to develop specific guidance for managers.

However, the most thoroughly context-dependent approach to privacy is perhaps Nissenbaum’s privacy as contextual integrity (2004, 2009). Nissenbaum views privacy as the negotiated agreements about how information is accessed and distributed. Maintaining privacy norms entails the “information gathering and dissemination be appropriate to that context and obey the governing norms of distribution within it” (Nissenbaum 2004, p. 101). In doing so, Nissenbaum ties privacy expectations to norms within specific contexts and incorporates both the relationship and the situation in defining privacy.

Nissenbaum suggests privacy norms are based on our expectations governing a particular piece of information being passed between particular individuals within a context. For example, for a medical professional, information such as medical history and overall medical concerns are expected to be transmitted to the doctor and her staff. However, in a different context, such as the workplace, the same information would be considered inappropriate for the individuals in that space. Even a question about medical history is deemed inappropriate and a violation of privacy expectations when at work. Within a context, for every given set of individuals and information, there exists an expectation about how information will flow and whether or not the information is expected, appropriate, or inappropriate.

Key to Nissenbaum’s privacy as contextual integrity is how the main components work together—individuals, information, and how information flows—within a particular context. Privacy norms vary based on specific relationships and situations; individuals decide not only the type of information that is allowable, expected, or demanded, but also where, why, and how the information is to be used. Shopping online, talking in the break room, and divulging information to a doctor are governed by the information norms of that particular social context. Contextual approaches that take into consideration the relationships and situation in the definition of privacy are particularly attractive to organizations and management scholars given the range of stakeholder concerns which change on a regular basis.

Nissenbaum and other contextual approaches are a seismic shift to approaching privacy given the predominance of static, universally applied definitions of privacy in the access-view and control-view of privacy (Nissenbaum 2009; Schoeman 1984; Johnson 2004). Where the access-view of privacy would have privacy norms defined as a function of the accessibility of information (privacy norms = f(access, information)), and the control-view of privacy would have privacy norms defined as a function of the degree of control of the information (=f(control, information), context-dependent approaches assume privacy norms are a function of the individuals, information, and context (=f(information, individuals, context)). In other words, “the crucial issue is not whether the information is private or public, gathered from private or public settings, but whether the action breaches” the contextually understood information norms (Nissenbaum 2004, p. 134). Individuals do not hold universally applicable, substantive definitions of privacy; rather individuals disclose information within a particular context with an understanding of the privacy rules that govern that context.

By allowing for context-dependent privacy norms, Nissenbaum’s theory of privacy is consistent with a social contract approach to privacy. First, similar to social contract approaches, such as integrated social contract theory (Donaldson and Dunfee 1994) or CBE more generally (van Oosterhout et al. 2006), context-dependent definitions of privacy are positioned as an alternative to universally defined norms. Rather than privacy expectations being set by a context-independent definition, such as when privacy is defined as the degree of access to or control over information, Nissenbaum’s theory suggests that the definition of privacy—whether information is expected, appropriate, or inappropriate to be shared—are developed, negotiated, and understood based on the context. Access may be important in a particular context but immaterial in another. In other words, individuals have highly particularized judgments about the appropriateness of what, why, how, and to whom information flows. Similarly, CBE has been found to be particularly well suited for managers and organizations by addressing ethical issues which vary based on communities rather than universally applicable norms (van Oosterhout et al. 2006; Spicer et al. 2004).

Second, Nissenbaum’s use of context is closely related to the use of community within a social contract approach. Context is defined as “structured social settings characterized by canonical activities, roles, relationships, power structures, norms (or rules), and internal values (goals, ends, purposes)” (Nissenbaum 2009, p. 132) and shares facets of ISCT’s communities, which are self-circumscribed group of people with shared tasks, values, goals, who are capable of establishing norms (Donaldson and Dunfee 1994; Glac and Kim 2009). Important to both theories, individuals are given the space to develop norms that fit the particular requirements of their community or context given the shared goals, norms, and values. This moral free space within the contract community corresponds to the context in Nissenbaum’s privacy as contextual integrity.

These contexts and communities are particular. Both theories place the focus on identifying relevant communities and their local norms, and both approaches attempt to move from the abstract to the highly particularized. In fact, social contract theory has been termed a theory in search of an application (Heugens et al. 2006) with future research to be both task and domain specific (Wempe 2005). Using a social contract approach to privacy meets the need for CBE to have informing applications and empirical enrichment (Heugens et al. 2006) and addresses the identified problem that social contract approaches in business ethics are at too high a level (Thompson and Hart 2006).

Finally, social contract approaches extend Nissenbaum’s insightful theory. A social contract approach to privacy addresses some of the concerns of relativism endemic to context-specific definitions of privacy while supporting the contextually defined privacy norms and expectations, which are the strength of Nissenbaum’s privacy as contextual integrity (2004). As noted by Nissenbaum, a concern of context-specific definitions of privacy is the lack of moral authority associated with norms developed internal to a given group or context (2004, p. 125). Without a universally recognized definition of privacy, privacy rules could be considered completely relative to the situation, where privacy is defined as what people in a particular society and at a particular time are prepared to disclose (Miller and Weckert 2000). A social contract approach adds structural and procedural norms to provide a mechanism to evaluate local norms.Footnote 2

Empirical Examination of Social Contract Approach

A social contract approach to privacy is not only supported by context-dependent definitions of privacy in theory but also offers a research platform to study context-dependent privacy norms. Social contract approaches include multiple levels of contracting rules (Donaldson and Dunfee 1999): authentic norms negotiated within the contracting space, which are fluid and continually up for negotiation (Phillips and Johnson-Cramer 2006), and universal, second-order contract norms that transcend contract spaces (van Oosterhout et al. 2006). The variance in local norms across communities renders social contract approaches theoretically interesting yet empirically difficult. The empirical examination of a social contract approach to ethical issues consists of identifying both convergent norms that are possible candidates for substantive second-order norms, as well as divergent norms that are possible candidates for local, authentic norms.

Examining divergence across contexts and contractors has taken different forms in empirical work on social contract theory within management and business ethics scholarship. First, analyzing differences in norms across contracting communities, as in the difference between business norms in Russia and the US (Spicer et al. 2004), validates a social contract approach by identifying local norms within previously defined communities. Studies compare responses in one community to responses in a different community to identify whether and how norms diverge. Alternatively, identifying the difference in norms across contractors also validates a social contract approach to ethical issues (e.g., Bailey and Spicer 2007). Insiders to a community are theorized to understand local, authentic norms better than outsiders and comparing insiders to outsiders’ judgments about a particular community examines a social contract approach to a particular ethical issue.

Importantly for a social contract perspective, insiders have a different perspective on the local norms of the particular community and not in general. The first two measurements of divergence—across communities and across contractors—narrow in on how to empirically validate a social contract approach to an ethical issue, while leaving open the possibility that insiders have a generally different approach to ethics or decision making that manifests in their judgment about a particular community under study. Yet, insider status should only impact local norms within contract community to validate a social contract approach. For example, in an examination of business norms within the sales, insiders with experience in sales have divergent norms from outsiders (Robertson and Ross 1995). The possibility remains that individuals with sales experience have a different understanding of business norms in general, including within sales.

Two options further isolate the role of insider status on understanding local norms to validate a social contract approach to an ethical issue. The first option is to study a range of contractors and non-contractors—as in the difference between norms of local Russians, Americans working in Russia, and Americans working in America (Bailey and Spicer 2007)—to examine how individuals might have learned local norms within a community. By comparing the responses of Americans working in America with Americans working in Russia, the analysis isolates the impact of contractor status from the impact of nationality. Similarly, isolating the impact of insider status from common demographic characteristics can also be achieved by controlling for gender, age, and student-status in any analysis. Both tactics attempt to parse out the impact of being a contractor from demographic attributes that may explain divergent norms and expectations.Footnote 3

The second tactic involves ensuring insider status impacts only local norms using a control group. In order to isolate the effect of insider status on understanding the local norms, the divergence in norms in reference to a control community must also be included. For example, proximity to a particular community, such as doing business in Russia (Bailey and Spicer 2007) or sales (Robertson and Ross 1995), could cause a general shift in normative judgments and values rather than a specific learning of the norms of the particular community.

Hypothesis Development

Social contract research in management and business ethics outlines a methodology to study communities and local norms that can be leveraged to develop hypotheses about whether and how privacy norms vary based on context. The focus here is on the possibility of local authentic privacy norms based on a particular community. The definition of what is and is not a privacy norm is regularly assumed to be consistent across contexts and universally understood across individuals; in other words, the current default theoretically is the convergence of privacy norms across individuals and across communities. In fact, a social contract approach “cannot be used to select a single set of action guiding norms” (van Oosterhout et al. 2006, p. 534), but is best used to explore divergence in norms. Therefore, to explore if contractors have different negotiated authentic norms about privacy within specific contracting communities, divergence across communities and across individuals is theoretically interesting as the divergence of norms illustrates boundaries of social contract spaces or the difference between contractors and non-contractors (Bailey and Spicer 2007).

Individual-Level Drivers of Privacy Norms: Proximity to Contracting Community

Social contract theory is designed to be helpful with community-specific moral norms (Husted 1999), and first-level contracting norms are negotiated within the moral free space of a specific contracting community. Those within a contract community—contractors or insiders—best understand the implicit understandings of local authentic norms (Donaldson and Dunfee 2002), where outsiders struggle to identify definitive norms (Dunfee 2006). Insiders differ from outsiders not due to their demographic information or their actual participation in negotiating social contract norms. Rather, insiders are knowledgeable (Strong and Ringer 2000) and are different from those “who have little knowledge of local practices” (Spicer et al. 2004, p. 611). Even actual contractors vary in their “deeper knowledge of cultural differences and stronger personal affiliations and commitments” to a given community (Bailey and Spicer 2007, p. 1467).

Insider status is but one mechanism to measure the degree of knowledge of local norms. Insiders are usually designated by their membership status within a community, yet knowledge rather than membership is the pertinent characteristic of these individuals. Previously, commitment, or the degree to which an individual is included in a particular community, has been used as a measurement of the strength of the attachment to the community and presumed to influence the strength of the effect of the local norms on ethical beliefs and behavior (Bailey and Spicer 2007). The key facet of interest is not the degree of commitment, which could be conflated with the strength of the community norms, but the individual’s ability to understand the local norms (van Oosterhout et al. 2006).

Knowledge or understanding of local norms need not emanate from membership status in a particular community. For example, experience in a particular industry’s sales organization would constitute closeness to a sales community under study, but those with general sales experience may also have a close affiliation and knowledge, and those in business may have a better understanding of the norms of a sales group than those who have never worked in an organization.

While individuals’ range of knowledge and understanding of local norms has been operationalized as insiders and the degree of commitment, the pertinent characteristic of knowledge of local norms can be gained by proximity to the contracting community more generally. Proximity is the closeness of the individual to the norms, goals, and values based on experience or exposure. Those with insider status have more experience and knowledge, and constitute a theoretical extreme in a range of individuals with proximity. Similarly, those with a greater commitment through tenure or exposure would have close proximity in comparison to newcomers or outsiders. Insiders and outsiders constitute one bifurcation of the range of proximity, but multiple points along a proximity continuum may be studied. For example, comparing individuals with sales experience to students without any experience offers two theoretically interesting groups with extreme variance in proximity. However, other groups with limited business experience or sales experience in a different industry could also constitute two points along the proximity continuum between the theoretical extremes.

Therefore, the first hypothesis tests the degree to which the understanding of local privacy norms diverge based on the individuals’ proximity to a contracting community. The understanding of privacy norms should diverge between inside contractors and outsiders to the community if a social contract approach to privacy holds.

Hypothesis 1

Within a particular contracting community, insiders have different authentic norms about privacy—the factors and their relative importance—from outsiders to the contract community.

Community-Level Drivers of Privacy Norms: Contracting Scenarios

The second source of divergence is across communities. Social contract theory would suggest that both the situation and the actual contractors influence authentic norms (Donaldson and Dunfee 1999), and the contracting scenario provides a unique logical vantage point from which to view an ethical quandary such as privacy expectations. Contract communities are self-defined groups of individuals who interact in the context of shared tasks, values, or goals and are capable of negotiating norms behavior (Donaldson and Dunfee 1994). Social contracts depend on specific relationships within the contracting community, where some communities have stronger relationships with codified goals, boundaries, and norms that may even be institutionalized. Similarly, Nissenbaum notes, contexts vary in their articulation of characteristics such as norms, roles, activities, power structures, goals, and values. More defined communities would have more characteristics recognized explicitly or implicitly with a greater amount of institutionalization (Nissenbaum 2009). Such well-defined communities are similar to families, whereas less-defined communities are looser affiliations and may be closer to neighborhood groups (Bailey and Spicer 2007).

To ensure divergent local norms are not due to individual differences within the contractors, the degree to which privacy norms change due to the contracting community must also be tested. Therefore, not only do insiders have different authentic norms than outsiders based on the proximity to the contracting community but also individuals will have different authentic norms in a well-defined community as compared to a control group of individuals. In other words, for a social contract approach to privacy to hold, individuals should not have consistent privacy norms across contracting communities. Local norms should be specific to the particular contracting community.

Hypothesis 2a

Individuals hold different authentic norms about privacy—the factors and their relative importance—within a particular contracting community as compared to a control contract community.

If the claim is that individuals develop different norms based on the specific contracting community, as is the case with social contract approach to privacy and Nissenbaum’s privacy as contextual integrity, the individuals should change norms across contexts or communities. To ensure the impact of insider status is specific to the particular community, the role of insider status on the differential local norms can also be examined. Controlling for the ethical judgments of a generally understood control community allows the analysis to isolate the impact of insider status on the particular community apart from any impact on a general disposition. In other words, the incremental or differential privacy norms afforded to a well-defined community should differ based on proximity. Specifically in regards to privacy, Beales and Muris (2008) note that consumers within a specific information exchange are best positioned to identify any additional (or reduced) privacy expectations in that relationship.

Insiders should diverge in their understanding of local, authentic norms in comparison to outsiders relative to a control community. Here, the privacy norms of a well-defined team would be examined in comparison to the norms of a less-defined and commonly understood community. Any differential privacy expectations afforded to contractors within a well-defined contracting scenario is best understood by actual contractors. In other words, across contracting communities, insiders and outsiders should diverge on the differential privacy norms afforded to well-defined contracting communities above and beyond a control group.

Hypothesis 2b

The differences between authentic privacy norms within a particular contracting community and less-defined contracting scenarios will be moderated by the individual’s proximity to the contracting community.

Methods

This study examines the theoretical suggestion that individuals develop highly contextualized privacy norms within contract communities. This research is a theoretical examination, which seeks the generalizability of ideas rather than the generalizability of data patterns within a specific population (Lynch 1982). The findings from this experimental study will or will not support the use of CBE to understand privacy to research and practice (Levitt and List 2007, p. 153).

The objective of this study is to identify and compare individuals’ privacy norms across contracting communities. Namely, what are the factors and their relative importance that contribute to an expectation that information should or should not be shared? Toward this end, the factorial vignette survey methodology was employed. The methodology was developed to investigate human judgments (Rossi and Nock 1982), and supports the theoretical investigation into if privacy norms can be explained using a social contract approach as developed in the hypotheses. In a factorial vignette survey, a set of vignettes is generated for each respondent, where the vignette factors or independent variables are controlled by the researcher and randomly selected, and respondents are asked to evaluate these hypothetical situations. Factorial survey methodology allows for the simultaneous experimental manipulation of a large number of factors through the use of a contextualized vignette (Ganong and Coleman 2006).Footnote 4

While established within sociology (Rossi and Nock 1982; Jasso 2006; Wallander 2009), the factorial vignette survey technique is less established within business ethics or management.Footnote 5 The methodology has been used in sociology to study such issues as political action (Jasso and Opp 1997), conceptions of mental illness (Thurman, Lam, and Rossi 1988), and fairness of compensation (Jasso 2006). The factorial vignette approach allows the researcher to examine (a) the elements of information used to form judgments, (b) the weight of each of these factors, and (c) how different subgroups of the respondents agree on (a) and (b) (Nock and Gutterbock 2010). Factorial vignette methodology assumes “some level of agreement among people in a small group/community as to a combination of factors that is important to take into consideration when making a judgment” (Wallander 2009, p. 514), which renders the methodology particularly well suited to the examination of a social contract approach to privacy where norms should vary based on subgroups of the respondents. These factors and their associated coefficients are the equations-inside-the-head (Jasso 2006) of respondents and, herein, would constitute the negotiated authentic norms of privacy.

Generalizability for theoretical research, as compared to effects application research, investigates relationships among ideas or constructs, and the researcher “seeks to understand those constructs that have influence on a variety of behaviors in a variety of situations.” (Lynch 1982). As such, naturally occurring stimuli and responses are often ill-suited to testing hypotheses of interest to theoretical researchers leading such researchers into the laboratory “where manipulations and measures can be concocted that have relatively simple mappings onto the constructs of concern” (Lynch 1982, p. 233). In a similar argument by Strong and Ringer (2000), social contract research need not model reality precisely, but should be designed to test the principles of ISCT within a context.

Therefore, in order to examine a social contract approach to privacy based on the hypotheses developed, the study must include (a) community-level drivers (different contract communities), (b) individual-level drivers (insiders and outsiders), and (c) privacy factors impacting privacy expectations that may vary based on (a) and (b) to examine whether and how individuals have highly particularized judgments about the appropriateness of what, why, how, and to whom information flows.

Privacy Factors

The primary explanatory variables in this study are the privacy factors that constitute the vignettes. The number and levels of factors combine to create the universe of possible vignettes (Nock and Gutterbock 2010) and should be guided by theory, reasoning, and wisdom (Jasso 2006; Wallander 2009). Previous factorial vignette survey research has been limited by the mode of administration as researchers relied upon face-to-face administration of paper or oral vignettes. Here, the use of computer programming to design and create the vignettes and web-based tools to administer the survey alleviated many of the logistical limitations on the number of factors and levels to include. The “Appendix” contains a table of factors as well as a sample vignette.

The privacy factors are based on Nissenbaum’s privacy as contextual integrity (2004) as well as privacy theory to examine the hypotheses around whether and how individuals have highly particularized judgments about the appropriateness of information flows around what, why (the community), where, how, and to whom. The analysis centers on whether and how the importance or weight of these factors diverge across individuals and across communities rather than the weight of one particular factor as being generalizable to a larger population. The importance of what, where, how, and to whom information is shared should vary across communities and contractors.

What: Content

Rather than have general rules on privacy based solely on the physical location or the individuals in a relationship, Nissenbaum (2004) suggests that individuals construct different expectations based on the type or attribute of information rather than a label of public or private; what is considered personal or sensitive may vary based on the respondent and the context of the exchange (Nissenbaum 2009). Five levels of content were systematically varied in the vignettes from (1) information that is independently knowable by individuals outside community to simulate that which is usually deemed “public” (e.g., “Housing decisions for next semester”), information necessary for the community goals since privacy norms support the goals of the context (Nissenbaum 2009) (e.g., “Who is going to start for the next game/how the projects were assigned”), and information traditionally labeled sensitive or private such as family or medical information (“A date that went horribly wrong “or “Problems with his mom” or “An embarrassing medical condition”). A wide range of information allows respondents to identify highly particular privacy expectations about each piece of information and to inductive indentify through the analysis the importance of family or medical information relative to a known standard of easily accessible information (“housing decisions for next semester”).

How: Access

Traditional approaches to privacy posit restricting access to information as foundational to protecting privacy (Martin 2010). Consistent across definitions and justifications of privacy is a minimal standard of privacy that allows individuals and their information to remain inaccessible (Moor 1997; Johnson 2001). Information that is not intentionally disclosed—as in overheard or coerced information—is regularly regarded as receiving greater privacy expectations based on both the control-view and the access-view of privacy. To test the impact of information that is willingly shared as compared to that which is coerced or overheard, vignettes varied on how the information was disclosed. Information was willingly shared, overheard, or reluctantly shared to capture a range of how information was disclosed.

Where: Location

Some attempts to parse privacy are based on the location, information form, or technology (Johnson 2004), others view location as a tertiary factor in our social norms about sharing information (Nissenbaum 2009). Nissenbaum’s contextual theory of privacy does not emphasize technology or location as an important factor in determining privacy expectations by context. Yet, as noted by Smith et al. (2011), a general assumption underlying information privacy scholarship is that new technology applications lead to different privacy norms and expectations. To allow for this theoretical ambiguity, physical location of the vignette scenario varied including a small, enclosed, role-based physical space such as a locker room and a large, easily accessible space such as a cafeteria. In addition, technological platforms—e-mail and Facebook—were included to identify if technology is a factor to privacy norms. The communication technologies parallel the physical locations of the information exchange in the vignettes.

To Whom: Distribution

According to Nissenbaum’s theory of privacy, who receives the information is a factor in our privacy expectations. As noted by Nissenbaum, specific individuals are taken into consideration when assessing the privacy expectations of a context. Individuals may consider sharing information with other contractors to be expected, whereas sharing information outside the contract space may be considered wrong (Nissenbaum 2004; Jiang et al. 2002). Therefore, vignettes included scenarios where information was shared inside the community with peers and supervisors as well as with individuals outside the contracting community.

Social Contracting Factors

Contracting Communities

Within CBE, the contracting community is a self-defined, self-circumscribed group of people who interact in the context of shared tasks, values, or goals. They are capable of establishing norms of ethical behavior for themselves (Donaldson and Dunfee 1994). Communities may differ in the types of forces they exert on individuals. For example, families exert more pressures for inclusion than neighborhood organizations (Bailey and Spicer 2007). In order to identify changes in privacy expectations across contracting communities, the vignette scenarios were set in either a well-defined, norm-generating community (a varsity collegiate athletic team) or an less-defined group (a randomly assigned student group). Athletic teams have been compared to business teams previously (Katz and Koenig 2001): they are similar in structure and motivation and, importantly for this study, membership and stability are important. Athletic teams are well-defined, goal-oriented, norm-generating communities of individuals who have the opportunity and need to develop authentic norms; these groups fit the definition of contracting communities from Donaldson and Dunfee (1994).

Membership

Social contract approaches place an emphasis on contractors understanding authentic local norms before being held accountable for them (Donaldson and Dunfee 1999). Therefore, new members of a team may be held to a different standard compared to more senior members who are fully knowledgeable of the authentic norms of the community.

Insiders and Outsiders

In order to identify subgroups who understand and identify with the given contracting community, respondents were asked the level of membership on an athletic team and their associated hours per week with the team. As has been noted, individuals have different levels of experience and exposure in communities, which influences the strength of the community effects on ethical beliefs and behavior (Bailey and Spicer 2007). The respondent’s proximity to the contracting community (varsity athletic teams) delineated insiders versus outsiders to the contract space in the analysis below and represent end points of a range of proximity to the contracting community. Additional control variables included sex, degree earned, years post-college, and undergraduate status allow for a more granular parsing of proximity to the contracting community—male varsity athletic team.

The Vignettes

The vignettes were constructed by varying several factors along dimensions or levels. A deck of vignettes for each respondent was randomly created with replacement as the respondent was taking the survey from a vignette universe of 1,200 possible factor combinations (1,200 = 2(community) × 3(access) × 5(content) × 4(distribution) × 2(new member)). For factorial vignette surveys, the number of vignettes is typically set at 10–60 vignettes for each respondent to answer. However, the survey was designed to give participants the option to opt out of the survey at 10, 20, and 40 vignettes in an attempt to mitigate the recurring issue of respondent fatigue or respondent burden (Nock and Gutterbock 2010), i.e., when the judgments and associated errors cannot be assumed to be independent due to correlation within a single respondents’ answers, whereas typically vignettes are pooled as is independent. For each rated vignette, the associated rating, factor levels, and the vignette script was preserved as well as the vignette sequence number.Footnote 6 See “Appendix” for sample vignettes as well as the factors.

Sample

The sample was recruited via e-mail within a single institution using a snowball technique: heads of departments and teams were the primary contacts who forwarded the survey to their members. Both students and non-students were recruited to represent a range of proximity to the contracting space described in the vignette. Of the 831 respondents, undergraduate students comprised only 50.6% of the sample.

Dependent Variable: Privacy Expectation

Respondents were asked to judge the named protagonist in the story who shared information with others. After each vignette, the same question was asked the respondent “Should [NAME] have shared the information with others?” with the computer program inserting the randomly chosen male name which matched that chosen for the associated vignette. The rating task remained consistent throughout the survey as per factorial vignette survey methodology. The rating task was an ordinal scale, with the dependent variable ranging from 0 (Expected to Share information) to 4 (Wrong to Share Information) (Nissenbaum 2004).

Analysis

The data in this study was in two levels: the vignette level factors and the respondent level control variables. For this survey, 831 respondents rated a range of 0–40 vignettes resulting in 21,187 rated vignettes or observations. If N is the number of the respondents with Level 2 demographic variables and K is the number of vignettes answered with Level 1 factor variables, the general equation is:

$$ \ln \left( {P\left( {Y \le j} \right)} \right) = \ln \left( {Y_{j} } \right) = \alpha_{j} + \beta X $$
(1)
$$ Y_{nk} = \beta_{0} + \Upsigma \beta_{j} V_{jk} + \Upsigma \gamma_{h} R_{hn} + u_{n} + e_{k} $$
(2)

where Y nk is the rating of vignette k by respondent n, V jk is the jth factor of vignette k, R hn is the hth characteristic of respondent n, β0 is a constant term, β j and γ h are regression coefficients, u n is a respondent-level residual (random effect), and e ik is a vignette-level residual. The model conceptualizes the ratings as a function of the factors of the situation described in the vignette and the characteristics of the respondent. Therefore, the analysis below focuses on these factors and their relative importance, which constitute the privacy norms for that individuals, and not the mean privacy expectation or the ordinal rating that the information should or should not be shared.

In testing the hypotheses, ordinal regression was used to identify the factors that influence the privacy expectations of respondents. Ordinal regression compares the odds of an event occurring compared to the odds of that event not occurring, rather than absolute changes in the dependent variable itself as in traditional Ordinary Least Squares (OLS) regression models.Footnote 7 Strong associations between explanatory variables and ratings are represented by coefficients farther away from 0.0 and odds ratios (ORs) farther away from 1.0 (since OR = exp(β)). A negative (positive) coefficient would have an OR less (greater) than one and would signify the associated explanatory variable would have a upward (downward) impact on the rating task.

Results

To explore the current null hypothesis–that respondents hold a static and universal definition of privacy—a general model was developed by regressing the rating task against all vignette level variables. This model assumed all respondents will have similar models for privacy, yet this general equation did not pass any goodness of fit statistics.Footnote 8

The data was divided into vignettes based on contracting communities. This permitted the identification of important factors within a particular well-defined community (varsity athletic team scenarios) and within a less-defined contracting community (the assigned student team) as per factorial vignette survey methodology (Wallander 2009). For hypothesis testing, insiders and outsiders to the contracting community were identified by running several ordinal regressions based on demographic variables. The degree subgroups agree or disagree on those factors was assessed using goodness-of-fit measures of the regression equations. Four groups proved to be theoretically and statistically different in their assessments of privacy: male varsity athletes with high hours per week (Insiders), female varsity athletes with high hours per week (Outsiders 1), male respondents who never played a sport (Outsiders 2), and female respondents who never played a sport (Outsiders 3).Footnote 9 Table 1 reports the sample size of each contracting group as well as the mean privacy expectations for each contracting scenario. Each group rated information as more likely to be “Ok to Share” in the well-defined team and more likely to be “Wrong to Share” in the less-defined team. However, as is analyzed below, the factors each take into consideration when making that determination varied across individuals and across scenarios.

Table 1 Comparison of mean privacy expectations across proximity to contracting community and across contracting scenarios
Full size table

Table 2 shows the effects of the vignette factors as independent variables on the dependent variable with both significant standard βs and ORs provided to illustrate the relative importance of the vignette factors on the rating task. For example, while the categories of dating, family, and medical information are consistently associated with higher categories on the privacy rating, the amount of influence varies based on both the contracting group and the contracting community. The use of ORs permits the comparison of factors and their importance across models: we can say, all things being equal, vignettes with medical content raise the odds of finding information Wrong to Share by 8.8 times for the third outsider group in Model 4b as compared to vignettes without medical information.

Table 2 Ordinal regression models organized by vignette scenarios
Full size table

Hypothesis 1 predicts that within a defined contracting scenario, such as the varsity athletic team vignettes, inside contractors will have a different understanding of the authentic privacy norms from individuals outside the contract community. To test the first hypothesis, I performed ordinal regression analysis for each of the contracting groups as depicted in Table 2. Models 1a–4a demonstrate that within well-defined contracting scenarios, these different respondent groups did not agree on either the expectations of privacy (dependent variable) or the privacy norms (factors and relative importance). Perhaps most strikingly, insiders did not take into consideration how the information is accessed—if it was coerced or overheard—in their expectations of privacy. In other words, coerced and overheard information is treated the same as that which is willingly shared. In comparison, three outsider groups placed considerable emphasis on coerced and overheard information as both factors have positive coefficients with coerced information raising the odds of finding the information Wrong to Share by 1.9–4.5 times. All other factors held constant, the third outsider group—female respondents who never played a sport—were 4.5 times as likely to find coerced information more Wrong to Share compared to lower rating categories, whereas insiders—who matched the demographics of the vignette scenario and would be considered actual contractors in this contracting space—do not take access into consideration at all when assessing privacy expectations inside the well-defined scenario. Figure 1 depicts the different priority given to coerced information for the different groups: the further the group was away from the contracting community, the more the norms of coerced information diverged from authentic norms of community insiders.

Fig. 1
figure 1

Divergence of relative importance of coerced information: insider versus outsiders

Full size image

Similarly, the type of content plays a different role in assessing privacy expectations based on the individual’s proximity to the contract community as shown in Table 2. For those closest to the contracting space, dating information was not a factor in assessing a privacy violation and was treated the same role-based information, whereas outsiders were between 2.3 and 3.3 times as likely to find the information Wrong to Share if the information was about dating. In other words, the content matters more to those well outside the contracting community when assessing expectations within the contracting space than those actually within the contract community. The findings support the prediction in Hypothesis 1 that actual contractors will have different authentic norms about privacy from individuals outside the contract community. Further, those farthest outside the contract community diverged the most from the authentic privacy norms of the community as defined by insiders to that space as illustrated in Fig. 1.

Hypothesis 2a predicts individuals hold different authentic privacy norms across contracting scenarios. To test the second hypothesis, I calculated the relative change in coefficients between well-defined contract scenarios and less-defined team scenarios (∆β = β a  − β b ) in Table 3. This signifies the additional (if ∆β > 0) privacy expectations afforded to close colleagues.

Table 3 Additional privacy expectations afforded to defined contract space
Full size table

For example, the content of the information had different levels of importance across scenarios. Outsiders were consistent in assigning the role of “family” content in both an athletic team and less-defined team scenario, however, the weight of dating information changed significantly with an additional privacy expectation for less-defined team scenarios. While all content is associated with higher categories on the rating scale (more likely to rate closer to “Wrong to Share”), the coefficients for the less-defined team scenarios were 1.153 greater than those for the well-defined team thereby having greater expectations of privacy in a less-defined team contract space as compared to well-defined, norm-generating contract community.Footnote 10 A similar analysis can be done on the outsider groups who consistently give greater protections to dating, family, and medical information for less-defined team vignette scenarios as compared to well-defined team scenarios.

The findings support the prediction in Hypothesis 2a that individuals hold different authentic norms about privacy across contracting scenarios. Each contracting group appears to have taken into consideration different authentic norms about privacy for the well-defined contracting community as compared to the less-defined contract community vignette scenarios as illustrated in Table 3.

Hypothesis 2b predicts the difference between authentic norms within well-defined and less-defined contracting communities will vary between inside and outside contractors. To examine the third hypothesis, I compared the additional privacy expectations (∆β) in well-defined contracting communities as illustrated in Table 3. Aside from personal information, which is consistently given less protection in a well-defined contracting community, respondents do not project similar authentic norms onto a hypothetical contracting community—or do the differences even trend in a similar direction. In other words, insiders and outsiders diverge on the relative importance of privacy factors within the well-defined community.

More specifically, according to those most outside the community, insiders should have greater protections from coercion—the sharing of information is more likely to be considered wrong. Yet, insiders do not take coercion into consideration in either scenario as is illustrated in Fig. 2. Figure 2 shows the additional (if ∆β > 0) protections given to well-defined community for each contracting group. The findings support the prediction in Hypothesis 2b that the difference between authentic norms within well-defined and less-defined contracting communities will vary between inside and outside contractors. In fact, those farthest away from the contracting community projected the greatest additional protections on coerced information and diverged the most from insiders of that contracting community.

Fig. 2
figure 2

Additional privacy protections within defined contract space

Full size image

Discussion and Conclusion

The findings of this study contribute to the literature on managing privacy expectations by examining whether and how authentic norms of privacy vary across particular contexts and groups of individuals. As such, the findings speak directly to the needs of organizations to manage a diverse set of privacy issues across stakeholder groups.

A social contract approach to privacy was supported by the findings in this study. As hypothesized, authentic privacy norms were shown to vary based on a respondent’s proximity to the contract community. These findings illustrate the different privacy norms generated within communities as understood by insiders and outsiders and support the concept of a different set of privacy norms understood within a particular contract community. In addition, the results suggest contractors have distinct authentic privacy norms for particular groups of people or exchanges as privacy expectations varied across different contracting communities.

The results reported here challenge conventional views of how individuals form privacy expectations. Traditionally, management research has chosen a static definition of privacy across individuals and situations, wherein individuals, information, or locations could be declared either private or not private. However, in this study, individuals formed privacy norms dependent upon the contracting communities and relationships and always held expectations of privacy. These findings suggest that privacy can be more completely understood only when specific contract communities and authentic privacy norms are identified or “what the meaning of information privacy is” (Smith et al. 1996).

The results support two general conclusions. First, individuals hold different privacy norms without necessarily having diminished expectations of privacy. In other words, just because an individual—a stakeholder, customer, user, employee, or a survey respondent—diverges from a predefined concept of privacy does not necessarily require the stakeholder to have no or diminished expectations of privacy. Individuals differed on the factors they considered important in calculating privacy expectations, yet all groups had robust, authentic privacy norms as evidenced by the goodness-of-fit measures. Second, outsiders have difficulty projecting the authentic privacy norms of a contracting community. For managers and scholars, this renders privacy expectations more difficult to identify at a distance. These conclusions have implications for the scope and methods used in analyzing privacy in management. I discuss the theoretical and practical implications of both conclusions before addressing the study’s strengths and limitations.

Implications for Scholarship

The findings have implications both how we ask the questions and the questions we ask in privacy scholarship. First, the research questions would change from if a person, situation, or information has an expectation of privacy to what are the privacy expectations of this community? What factors do contractors find important? Given a social contract approach to privacy, scholarship would focus on identifying the relevant contracting community, the benefits and harms of the particular exchange, and maintaining social contract minimums. This social contract foundation would form a platform for negotiating particular authentic privacy norms.

In addition, outsiders struggle to estimate the authentic norms of specific contracting communities (Dunfee 2006), and the findings support this argument. Yet, for research, much of our current privacy scholarship assumes a substantive theoretical definition of privacy on all contract spaces and tests for the degree to which respondents conform to a particular definition of privacy. The findings from this study would suggest that this tactic would be problematic. As noted by privacy scholar Nissenbaum, “most existing privacy surveys are of limited relevance because the way they frame their questions does not allow for a correspondence to be drawn between answers and the key parameters of informational norms” (2009, p. 150) as most studies test the respondent’s adherence to a static and presumably universally accepted definition of privacy. For example, survey questions ask if respondents value or protect privacy as if privacy is universally understood (Oz 2001; Borna and Avila 1999). Or, more commonly, inconsistent survey results are found to be indicative of individuals having diminished concerns for privacy (Acquisti and Gross 2006; Culnan and Armstrong 1999), rather than the possibility that these respondents have different conceptions of privacy but an equal concern. Presuming a universal definition of privacy renders privacy easier to test, but misses the contextual effects of a given situation and limits the ability of individuals to hold different reasonable expectations of privacy across situations (Smith et al. 1996). Therefore, a social contract approach to privacy necessitates a methodological approach that offers participants a range of factors to consider in their privacy expectations and, therefore, changes how research is conducted.

For example, in a widely cited study, Smith et al. (1996) explain privacy in terms of location, content, secondary use, and accessibility (see also Mossholder et al. 1991; Milberg et al. 2000; Winter et al. 2004), and Table 3 contains these broad categories in the vignette factors. Previous work viewed these categories as mandatory components of a private situation rather than as areas of negotiation for authentic privacy norms. Yet, Smith et al. (1996) originally noted that the factors could vary and that inductive research may be necessary to understand the complexity of individuals’ privacy norms. The findings here would suggest reframing previous static definitions of privacy as possible components of a social contract; such components would be neither necessary nor sufficient to explain privacy expectations but would perhaps guide negotiations around actual authentic information norms. Future work could develop a meso-level framework of privacy factors based on the findings of this study and current privacy research. This framework would constitute areas for negotiating an actual social contract or areas for analyzing hypothetical social contracts.

This study shows that insiders to a contracting community understand the privacy norms differently from outsiders. However, why privacy norms differ is not identified. As to the underlying reasons why these norms differ across hypothetical communities or across respondent types, it could be due to a reliance on different hypernorms or, if one is so inclined, a different understanding of substantive hypernorms, or based on a calculation of possible harms/benefits, or a different value placed on privacy. The survey instrument is agnostic to the underlying drivers. One thing was demonstrated here: that the differences were based on proximity to the contracting community rather than alternative demographics.

The difference in the privacy judgments across respondents and across communities could be due to not understanding the (a) relationships within the communities, (b) agreed upon norms within the contracting group, or (c) value of the information within that community. A social contract approach allows for differences based on all the three. Privacy norms are a product of the context, the specific actors, the information, and the type of flow of information (if it is expected, allowed, or impermissible) (Nissenbaum 2009); outsiders do not understand this combination. For the same community, a different piece of information may have different expectations of how the information will flow.

In addition, while not examined or emphasized here, the role of second-order norms or hypernorms should be targeted in future studies. The findings here leave open two possibilities for second-order norms that are found in theory. First, substantive privacy hypernorms may guide respondents and authentic privacy norms may reflect the specific manifestation of broader underlying principles—whether they be hypernorms or second-order norms. Based on this approach to universal principles within social contract theory, future research may focus on what underlying principles individuals are drawing on in assessing whether it is appropriate to share information or not.Footnote 11 Second, some social contract theorists view second-order norms—in particular, any hypernorms that appear substantive—as based on the commonality of authentic norms (Walzer 2006); such scholars take a more inductive approach to the development of thin principles. Based on this second approach to hypernorms in social contract theory, future research may focus on what thin principles individuals are developing in assessing whether it is appropriate to share information or not. Finally, structural hypernorms may guide the negotiation of specific privacy norms with legitimate norms both abiding by the internal morality of contracting (Coase 1937; van Oosterhout et al. 2006) as well as the goals and purpose of the context (Nissenbaum 2009). While this study was specifically designed to remain agnostic as to the source of authentic privacy norms, future research could be designed to identify meso-level or second-order norms that transcend contexts, industries, or technology platforms.

While we have long known that the degree an individual is concerned about privacy differs based on experiences, personal characteristics, and type of information (Milberg et al. 2000; Culnan 1993; Malhotra et al. 2004), context-dependent approaches to privacy, as well as this study, go further to argue that the highly specific norms of appropriate information to disclose and distribute within a particular context is being determined by the individuals within a relationship or contract community. Privacy norms are not only influenced by the situation but also the factors that contribute to the definition of privacy are negotiated within communities.

If privacy expectations are composed of different factors with different weights depending on the specific contract community, then organizations will need to deploy different tactics to meet the privacy expectations of specific stakeholder relationships (Son and Kim 2008). If social contract norms govern an information space, then normative examinations would be more appropriate to understand the factors that contribute to the privacy expectations of consumers, employees, and users. Integrating ethical reasoning into these tactics and management techniques is important due to the difficulty in relying upon legal requirements in both firm–stakeholder relationships (Culnan and Williams 2009) and personal relationships (Rosen 2010). Respecting stakeholders’ contextually dependent privacy expectations has both instrumental and intrinsic value (Johnson 2001): doing so respects the autonomy of users, stakeholder, and employees and is necessary for healthy relationships (Fried 1984) and exchange (Pavlau et al. 2007). Therefore, this study contributes to scholarship seeking to use ethical frameworks in the examination of privacy by offering a version of CBE to study privacy.

Implications for Practice

A social contract approach to privacy changes an organization’s approach to managing privacy expectations of stakeholders. Given the divergent understandings of insiders and outsiders, managers will have difficulty in correctly projecting the specific privacy expectations of all consumers, employees, or users. In fact, arguments that employees, customers, and other stakeholders have no expectation of privacy for a given situation may be due to the difficulty outsiders have in identifying local norms.

The recent mismanagement of privacy changes within social network products, such as Google Buzz or Facebook, demonstrates the difficulty even experienced managers have in projecting the privacy norms of actual contractors. For managers, focus groups and qualitative or experimental surveys may be helpful to understand the privacy concerns of actual contractors. In addition, a recent call for dynamism in social contract approaches would be instructive for managers (Phillips and Johnson-Cramer 2006). Social contracts—both actual and hypothetical—are constantly evolving and need to be reevaluated regularly. Therefore, changes to privacy settings or defaults should not necessarily be viewed as failures on the part of organizations, but as an opportunity to renegotiate a social contract. The findings here would suggest that individuals are constantly negotiating authentic privacy norms within each contracting community—even with a random group of people on social networking sites. Such an approach is supported by Angst and Agarwal (2009) who demonstrated privacy attitudes and expectations can be modified through messaging and education: privacy expectations are malleable and evolve. Based on this study, these changes may be due to the evolving privacy norms within the contract community. In addition, the goal of organizations in managing privacy expectations would also change given the findings of this study. Importantly for managers, rather than determine if a given situation is private or not private, the focus would be on how a situation could meet privacy expectations of those involved. Not only do social contract moral minimums pervade all contract spaces but also authentic privacy norms are negotiated within those communities.

Two precepts of social contract theory limit the ability for managers to find situations, information, or individuals as having diminished or no expectations of privacy given a social contract approach to privacy. First, social contract approaches encompass both actual and hypothetical contracts as governing contract spaces. In other words, a social contract need not be written or spoken to have moral weight. Currently, privacy prescriptions focus on actual contracts when information is gathered—as is the case with Fair Information Practice’s notice and consent stipulations or the restricted access version of privacy. For example, employees are notified of monitoring and click “OK” to consent; customers are notified of broad user tracking and shown lengthy privacy notices before choosing a service. In so doing, managers rely upon actual notice and consent as a way to meet privacy expectations, which has been argued to be ineffective in upholding expectations of privacy (Beales and Muris 2008). As such, managerial attention is too focused on actual contracts and should shift to the ongoing actual and hypothetical social contract governing the contract community for moral guidance concerning privacy norms.

Second, there exists an internal morality to social contracts in that social contracts necessitate both effective and mutually beneficial rules to be sustainable (van Oosterhout et al. 2006). The internal morality of contracting would suggest that privacy norms must (a) meet the needs of all contractors and (b) contribute to the effectiveness of the relationship or exchange. Current tactics for managers which rely upon the ability of organizations to “own” customer data and dictate subsequent use would breach the requirement of mutually beneficial rules and actions. In addition, guidance that focuses on rendering information inaccessible to employers, trading partners, or government agencies to maintain privacy may breach the requirement for rules and actions to be effective: individuals cannot trade without also exchanging information (Singleton 1998). As Nissenbaum (2009) notes, privacy norms must meet the goals and purpose of the particular context.

For example, employee monitoring can mistakenly be categorized as a necessary infringement of privacy where employees are forced to relinquish information as a condition of their employment. However, a social contract approach to privacy would suggest privacy norms within the employeremployee relationship must meet the needs of both parties and be effective over time. Therefore, privacy norms as to the type of information that is expected and allowed to be shared and what each party can do with the information must be effective to the working relationships and benefit the contractors. This argument is in keeping with Brenkert’s (1981) framing of privacy expectations being developed for specific relationships such as doctor–patient or employer–applicant. Tracking phone calls and e-mails need not infringe of the privacy of either party if the tactics conform to the authentic norms of that relationship. However, the authentic privacy norms would also need to suit the purpose and goals of the community and conform to the structural hypernorms of social contract theory.

In addition, many jurisdictions have third party privacy standards that are applicable apart from the community-negotiated standards. For example, the Canadian Privacy Commissioner on Canada, Gramm Leach Bliley Act, COPPA, and HIPPA within the US, and the EU Data Protection Directive in Europe. Therefore, even if an organization successfully navigates contextual privacy norms, they must also comply with regulatory bodies.Footnote 12

Going forward, managers would shift from actual notice and consent or claims of ownership and move to identify the relevant contracting community, ensure contractors have structural second-order norms, and develop authentic privacy norms that are sustainable by being mutually beneficial and effective.

Strengths, Limitations, and Suggestions

This research presents one of the first studies of CBE using the factorial vignette survey methodology. Previous empirical work within CBE has examined substantive hypernorms through the convergence of norms across contract groups thereby identifying hypernorms by areas of agreement. Yet substantive second-order hypernorms were not found in this study. As noted by van Oosterhout et al. (2006), the search for substantive hypernorms that transcend contract spaces and give definitive direction for contractors judgments and behaviors can be considered the contractualist fallacy. Therefore, future work could focus on structural or procedural second-order norms rather than search for a single set of action guiding norms or institutions.

Yet, social contract minimums—or structural hypernorms—were also not consistently significant to privacy expectations in this study. For example, consent of the protagonist in the story with the contract community and, presumably, with its negotiated authentic norms, was not a factor in any model. The operationalization of this consent as “new student” versus senior may have contributed to this finding. Operationalizing second-order norms has proven difficult across CBE and future work could identify methods to examine universal social contract norms. Supporting social contract minimums such as exit, voice, and informed consent is a viable direction for future privacy research.

In general, factorial vignette surveys provide a bridge between experiments and surveys (Wallander 2009) and, therefore, carry the strengths and weaknesses of both types of empirical work. The methodology captures the complexities of real decision making, since a large number of contexts and conditions affecting judgments are systematically varied (Taylor 2006, p. 1196), and the highly controlled nature of the vignettes promotes greater internal validity than in usual surveys. In addition, since changes in the vignettes are subtle, respondents are less susceptible to social desirability bias as in conventional surveys (Wallander 2009; Taylor 2006)—an important point when studying privacy and business ethics in particular. Individuals are not always able to identify and articulate the conditions or factors which influence their judgments as is necessary in other methodologies. Finally, compared to traditional survey research, factorial vignette surveys avoid non-orthogonal or collinear factors that occur in association with each other. The random combination of factors “ensures any non-orthogonality of the independent variables is due to random error only” (Taylor 2006, p. 1197).

However, the contributions discussed above should be interpreted within the context of a hypothetical quasi-experimental survey methodology which may not identify the “real” reason the respondents found information “OK” or “Wrong to Share” (Taylor 2006). As noted in a recent review, factorial vignette survey methodology is unique in assuming an implicit agreement among individuals in a defined community as to what factors to consider when rendering a judgment (Wallander 2009, p. 514). However, in the analysis, pervasive cultural or personality differences may also explain the variances between contracting groups’ responses. In the study’s design, researcher bias can influence the inclusion of factors, and missing factors could change the final models for each group. Finally, the results point to the attitudes of the respondents rather than their expected behavior. Additional research would be required to parse the possible responses to privacy violations.

Two pervasive issues with convenience samples were controlled during sensitivity testing of the models. First, the large and diverse sample for the control for undergraduate status. Undergraduate status was significant for all models except for insiders when assessing their own authentic norms and the third outsider group when assessing less-defined team scenarios. In addition, gender differences across privacy expectations, initially reported by Kuo et al. (2007), were supported more specifically in this study. Males were more likely to rate information as “OK to Share” (lower on the rating scale); female respondents were more likely to rate information as “Wrong to Share.” As such, both student status and sex should be considered in future privacy studies.

Conclusion

This study demonstrated that privacy is a much more contextual and nuanced issue than previously theorized. Since privacy is an issue that underscores all stakeholder relationships, including employees, boards of directors, customers, suppliers, government, etc., new insights on privacy has direct practical implications for managers across industries. Privacy is integral to stakeholder management, to organizational trust, and to remain competitive in an increasingly information intense business environment.