Privacy from a company perspective

At a recent professional event, one of the speakers made the point that companies only act ethically when it is in their financial interests to do so; which – if it were true (and of course one shouldn’t generalise) – would mean that they aren’t driven by ethics at all.

So it was interesting today to be reading about Company Information Privacy Orientation or (CIPO) (Greenaway, Chan et al. 2015). Far too often, people concentrate on privacy from the perspective of the individual. I say “too often”, because that means it is at the expense of considering things from the wider view (of society as a whole, at a group level, or as in this case, from the perspective of companies).  Greenaway et al believe that things are determined by control, and by justice. They believe that firms are influenced by three determinants:

– ethical obligations

– information management strategies

– legal risk assessments

And the result is that they put forward four categories of privacy orientation:

1. privacy ignorers

2. privacy minimisers

3. privacy balancers

4. privacy differentiators

 and they even give real life examples of companies who characterise each of these categories.


Privacy ignorers – these companies provide little to no control or procedural justice for their customers regarding the control of information collected by the firm, and they rely on individuals taking personal control of their information by choosing when to provide it.


Privacy minimisers – these companies engage in only as many privacy behaviours as are necessary to avoid legal action. Responding to the minimum requirements of government regulation is considered to be a key driver of an organisation’s privacy approach.


Privacy balancers – these companies adhere to industry or professionally based privacy codes, including those codes that exceed legal requirements. In this manner, they embrace both the letter and the spirit of privacy laws.


Privacy differentiators – these companies see privacy as a competitive advantage. They are most likely to offer significantly enhanced privacy protection as part of their business strategy in order to set themselves apart from their peer group


Greenaway et al raise a number of interests points worthy of future research:

1. Why do different companies adopt particular privacy orientations?

2. Is the CIPO explicit or emergent, in other words do they choose a specific privacy orientation from the outset or does it emerge based on a review of their past decisions?

3. Is the CIPO static or does it change over time in the light of decisions and deliberate behavioural changes?



GREENAWAY, K.E., CHAN, Y.E. and CROSSLER, R.E., 2015. Company information privacy orientation: a conceptual framework. Information Systems Journal, 25, pp. 579-606.