H. Jeff Smith

Information privacy research: an interdisciplinary review

To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual, group, organizational, and societal. Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships. As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive--could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents → Privacy Concerns → Outcomes).

The reluctance to report bad news on troubled software projects: a theoretical model

Abstract. By one recent account, only 26% of software development projects are completed on schedule, within budget, and with the promised functionality. The remaining 74% are troubled in some way: they are either cancelled before the development cycle is completed (28%) or are delivered late, over budget, and with reduced functionality (46%). In many cases, the most cost‐effective solution would be to abort the troubled project early in the cycle, but senior managers are often unaware of the projects problems. Anecdotal evidence and at least one recent study suggest that losses are sometimes increased by the reluctance of organizational members to transmit negative information concerning a project and its status. Thus, although evidence of a failing course of action may exist in the lower ranks of an organization, this information sometimes fails to be communicated up the hierarchy or is substantially distorted in the process. The result is that decision‐makers with the authority to change the direction of the project are unaware of its true status. By modelling this reluctance to transmit negative project status information and improving our understanding of the phenomenon, we believe that prescriptions can be developed eventually to reduce the losses from troubled development projects. In this theory development paper, we examine the reluctance to transmit negative information and develop a theoretical model that explains this phenomenon within a software project context. The model we develop draws on literature from the fields of organizational behaviour and communications, ethics, economics, information systems and psychology, and points the direction for future research.

Information Privacy and Correlates: An Empirical Attempt to Bridge and Distinguish Privacy-Related Concepts

Privacy is one of the few concepts that has been studied across many disciplines, but is still difficult to grasp. The current understanding of privacy is largely fragmented and discipline-dependent. This study develops and tests a framework of information privacy and its correlates, the latter often being confused with or built into definitions of information privacy per se. Our framework development was based on the privacy theories of Westin and Altman, the economic view of the privacy calculus, and the identity management framework of Zwick and Dholakia. The dependent variable of the model is perceived information privacy. The particularly relevant correlates to information privacy are anonymity, secrecy, confidentiality, and control. We posit that the first three are tactics for information control; perceived information control and perceived risk are salient determinants of perceived information privacy; and perceived risk is a function of perceived benefits of information disclosure, information sensitivity, importance of information transparency, and regulatory expectations. The research model was empirically tested and validated in the Web 2.0 context, using a survey of Web 2.0 users. Our study enhances the theoretical understanding of information privacy and is useful for privacy advocates, and legal, management information systems, marketing, and social science scholars.

Ethics and information systems: the corporate domain

IS-related ethical quandaries are receiving an increasing amount of attention. However, linkages to the normative theories of business ethics, which can be used in resolving these quandaries in the corporate domain, have been lacking. This paper enumerates and explains the three major normative theories. The stockholder theory holds that managers should resolve ethical quandaries by taking actions that increase the long- term profits to the stockholders without violating the law or engaging in fraud or deception. The stakeholder theory claims that managers should resolve ethical quandaries by balancing stakeholder interests without violating the rights of any stakeholder. The social contract theory states that managers should increase social welfare above what it would be in the absence of the existence of corporations without violating the basic canons of justice. The application of these theories to IS-related ethical quandaries is discussed, and a specific quandary dealing with a real-world example -- Blockbuster Videos reported plans to market customer lists -- is explored in depth. The managerial challenges associated with the theories are then explored.

Privacy policies and practices: inside the organizational maze

How are corporations handling sensitive personal information today? How are they cufting the policies and practices that govern the use of such information? This article establishes a new foundation for examining information privacy issues by first assessing the value - laden process through which information privacy policies and practices are created in corporations and then reviewing corporate approaches to information privacy in light of implied societal expectations. The findings of this study are sobering. Corporations that routinely handle personal information (medical, financial, purchase records) operate without policies in many areas. Even where policies do exist, they often conflict with practices in the organization

Managing Privacy: Information Technology and Corporate America

The ongoing revolution in electronic information technology raises critical questions about our right to privacy. As more personal information is gathered and stored at breathtaking speed, corporate America is confronted with the ethical and practical issues of how to handle the information in its databases: how should it be safeguarded and who should have access to it? In Managing Privacy, Jeff Smith examines the policies of corporations such as insurance companies, banks, and credit card firms that regularly process medical, financial, and consumer data. According to Smith, many companies lack comprehensive policies regulating the access to and distribution of personal data, and where stated policies do exist, actual practices often conflict. Few organizations are willing to become leaders in the development of such policies, instead formulating privacy guidelines only after being pressured by consumers, the media, or legislators. Smith argues that as information technology advances, both corporations and society as a whole must modify their approaches to privacy protection, and he presents specific suggestions for developing such policies.

'Why didn't somebody tell me?': climate, information asymmetry, and bad news about troubled projects

The reluctance to transmit bad news is a problem that is endemic to many organizations. When large projects go awry, it often takes weeks, months, and sometimes even years, before senior management becomes fully aware of what has happened. Accurate communication concerning a project and its status is therefore critical if organizations are to avoid costly and embarrassing debacles. This paper describes the results of an experiment designed to explore some key variables that may influence an individuals willingness to report bad news in an information systems project context. We extend a basic theoretical model derived from the whistle-blowing literature by considering relevant constructs from agency theory. We then test the entire model using a controlled experiment that employs a role-playing scenario. The results explain a significant portion of the variance in the reluctance to report negative status information. Implications for research and practice are discussed, along with directions for future research.

Selective status reporting in information systems projects: a dyadic-level investigation

This study investigates selective reporting behaviors that are pursued by project managers when communicating the status of their information system initiatives to their executives. To understand the types, motivations, impacts, and antecedents of such behaviors, a message-exchange perspective is adopted and the prior literature on IS project status reporting is reviewed. This study incorporates an empirical investigation that examined the influence of five dyadic factors on selective reporting using a survey of 561 project managers. The findings of the study reveal a positive effect of reporting quality on project performance and indicate that a specific type of selective reporting behavior (optimistic biasing) has a degrading effect on reporting quality. Moreover, the findings show that all five antecedents have a significant influence on the propensity of project managers to report selectively. Specifically, the project executives power, the project managers trust in the executive, and the executives quality of communication impact selective reporting directly; the executives familiarity with the IS development process and the executives organizational affiliation vis-a-vis that of the project manager have an indirect influence (it is mediated through other factors). The effects of each of these factors on the two types of selective reporting (optimistic and pessimistic biasing) are examined, and the implications of these findings for both researchers and managers are discussed in this article.

The linkage between reporting quality and performance in IS projects

Recent research has suggested that flawed status reporting is a serious concern in IS projects. However, the linkage between reporting quality and project performance has not been empirically confirmed. Our investigation consisted of two complementary studies, both of which employed previously validated measures of reporting quality and project outcomes. The first considered the perceptions of 210 IS project members of the quality of status reports they submitted to their project managers. The second considered the perceptions of 485 IS project managers of the quality of project reports they received from project members reporting to them. Both showed that the perceived quality of project reporting was less than perfect and was significantly associated with project task and psychological outcomes. Moreover, the second study results suggested that reporting quality was also related to organizational outcomes. We offer recommendations for project managers.

Ethics and information systems: Resolving the quandaries

The information systems (I/S) community is becoming concerned with questions of ethical behavior in many realms. But those who attempt to resolve the quandaries may find themselves confused by differing approaches and theoretical assumptions that are often proffered. This paper provides a meta-framework that identifies the areas of convergence and divergence in these approaches and assumptions. An illustrative example (America Onlines plans to share subscriber information with telemarketers) is examined through several sets of lenses. Special attention is paid to the linkages between the theories, with fertile areas for future research identified.