Communication privacy management (CPM) theory

Sandra Petronio defines privacy ‘‘as the feeling that one has the right to own private information, either personally or collectively’’ (Petronio, Altman 2002 p6).

Petronio developed the idea of communication privacy management (CPM) theory in 1991. She presents a theoretical approach that gives us a rule-based system to examine the way people make decisions about balancing disclosure and privacy. CPM makes private information a focal point. It is not just about the self: it’s a communicative process. CPM is a conceptual framework based on an explicit philosophical and theoretical underpinning.

Petronio’s CPM theory is an important extension of Irwin Altman’s privacy regulation theory. In the foreward to (Petronio, Altman 2002 pxv) Altman writes “Sandra Petronio offers a comprehensive framework that incorporates systematically many aspects of privacy-disclosure that had previously been neglected, or treated in only a fragmentary way. Her integrative model is an excellent map or guide for students, teachers, practitioners, and scholars to address an array of privacy-disclosure issues” and (bearing in mind that he was writing in 2002) (pxvi) he describes Petronio’s communications privacy management theory as the most comprehensive conceptual framework presently available.

Petronio treats privacy and disclosure as inseparable aspects of a unified dialectical process. People make choices about revealing or concealing based on criteria and conditions they perceive as salient, and individuals fundamentally believe they have a right to own and regulate access to their private information.

Individuals, Groups, Society: Petronio conceptualizes group privacy management as coordinating unified boundaries, while individual privacy management is conceptualized as the coordination of privacy rules around the self. Private life only makes sense in relation to public life. People develop individual and group privacy management strategies or rules to coordinate disclosure behavior. As we create individual boundaries around the self, we also create group boundaries with others.

In a group context, individual disclosures grow into private information that belongs to everyone in the group. There are more possibilities for violations within group privacy boundaries than in the dyadic boundaries. Some group members may not accept responsibility for co-owned private information. Some may use different privacy rules than those established by the larger group. Loyalty to the group is demonstrated by keeping the disclosures of its members confidential. Some groups work hard to reinforce unwavering adherence to privacy rules

In CPM theory, privacy boundaries can range from complete openness to complete closedness or secrecy. An open boundary reflects willingness to grant access to private information through disclosure or giving permission to view that information, thus representing a process of revealing. On the other hand, a closed boundary represents information that is private and not necessarily accessible, thus characterizing a process of concealing and protecting. The relationship between the boundaries is dialectical, consistent with Altman’s thesis, because we continuously adapt our level of privacy and disclosure to internal and external states because we simultaneously need to be open and social as well as private and preserve our autonomy. (Petronio, Altman 2002)

While Petronio’s CPM theory dates back to 1991, it has been further developed in the decades since then, both by Petronio herself, but also by other scholars who have applied the theory to a range of different contexts.  It is, for example, particularly suited for the study of social networking – see, for example, (Mazer, Murphy et al. 2007).

(Graves, Healy et al. 2010) considered interpersonal communication for library and information professionals, including CPM theory. They say that librarians are receivers or co-owners of private information that come with its own set of boundaries, responsibilities, and expectations. The informer (patron) should be protected when he or she shares information with the receiver (librarian). Librarians must learn how to manage boundaries when dealing with disclosing or retaining private information.

Petronio envisages how her CPM theory will continue to grow and change as it is applied to practical problems.

SUPPOSITIONS 1. Private information
2. Boundaries
3. Control and ownership
4. Rule-based management system
5. Management dialectics


Exercise control to manage privacy boundaries (the way the rules develop and their properties) 1. Privacy rule foundations RULE MANAGEMENT PROCESSES
Collectively owned boundaries – where people co-own private information (Reflects how privacy is regulated through rules when people are engaged in managing collective boundaries) 2. Boundary co-ordination operations
3. Boundary turbulence

Rule management process 1: privacy rule foundations

Privacy rule development Cultural criteria
Gendered criteria
Motivational criteria
Contextual criteria
Risk-benefit ratio criteria
Rule acquisition
Rule properties


Rule management process 2: boundary coordination operations Boundary linkages
Boundary permeability
Boundary ownership
Boundary co-ownership; private disclosure confidants

Rule management process 3 – boundary turbulence

Under certain circumstances the boundary coordination process malfunctions, yielding “boundary turbulence”. Boundary turbulence signifies the assumption that coordination doesn’t always function in a synchronised way. When people don’t work together to have a smooth coordination process, and when the rules become asynchronised. Boundary management may become turbulent when there’s an invasion from outside sources or the management system doesn’t work. Types of boundary turbulence include:

  • Intentional rule violations
  • Boundary rule mistakes
  • Fuzzy boundaries
  • Dissimilar boundary orientations
  • Boundary definition predicaments
  • Privacy dilemmas

CPM also predicts that this boundary turbulence requires the owners and co-owners to recalibrate and readjust privacy management practices because it becomes clear that they are not functioning adequately or as intended. Original owners of the information often expect that co-owners, composing the collective privacy boundaries, will know and follow the privacy rules they use for management. However, when boundary turbulence occurs, individuals discover that information they have moved into a collective boundary is not appropriately being managed by the individuals within the collective. Thus, boundary turbulence occurs when violations, disruptions, or unintended consequences occur as a result of privacy management practices (Petronio, 2002).

Petronio lists a variety of factors that can lead to boundary turbulence, which (West, Turner 2013) group into three categories:

  • Fuzzy boundaries – where people haven’t discussed what can and can’t be revealed; where there is no mutual recognition of where the boundaries lie. The onus is then on a friend, family member etc.
  • Intentional breaches – these could be to hurt the original owner or simply because the breaking of the confidence works to their personal advantage
  • Mistakes – letting secrets slip out when their guard was down after having a few drinks; errors of judgment when discussing private cases in public places; or a miscalculation in timing

CPM Axioms (Petronio 2013)

  1. predicts that people believe they are the sole owners of their private information and they trust they have the right to protect their information or grant access
  2. predicts, when these “original owners” grant others access to private information, they become “authorized co-owners” and are perceived by the “original owner” to have fiduciary responsibilities for the information
  3. predicts, because individuals believe they own rights to their private information, they also justifiably feel that they should be the ones controlling their privacy.
  4. predicting that the way people control the flow of private information is through the development and use of privacy rules.
  5. that predicts successful and continued control post-access is achieved through coordinating and negotiating privacy rules with “authorized co-owners” regarding third-party access
  6. that predicts co-ownership leads to jointly held and operated collective privacy boundaries where contributions of private information may be given by all members
  7. predicting that collective privacy boundaries are regulated through decisions about who else may become privy, how much others inside and outside the collective boundary may know, and rights to disclose the information.
  8. predicts, privacy regulation is often unpredictable and can range from disruptions in the privacy management system to complete breakdowns

Three boundary rule management operations

  • Boundary linkage rules. Linkages refer to the establishment of mutually agreed upon privacy rules that are used to choose others who might be privy to the collectively held information.
  • Privacy rules for co-ownership. The degree and kind of ownership is negotiated. Because we live in a world where we manage multiple privacy boundaries, sometimes people find it difficult to know when one boundary ends and another begins. The level and type of ownership may vary: Shareholders have knowledge of private information because they have been given permission to know it. Stakeholders are confidants who are perceived as worthy of some level of access because they serve a functional role, providing the original owner a needed outcome For example, disclosing financial information to their bank Physicians and healthcare personnel also represent this category of co-ownership.
  • Privacy rules for boundary permeability – this represents the rule coordination as to the extent to which collectively held privacy boundaries are opened or closed once they have been formed. The confidant and the original owner negotiate how much control over the information there should be to restrict or to grant access to third parties. These rules regulate the depth, breadth, and amount of private information that is given access. Permeability is a matter of degree. Many coordinated access rules are crafted to be filters, letting some private information seep through, while other related facts are closely guarded. (Petronio, Altman 2002)

(Petronio, Altman 2002) differentiates three general patterns in how people manage group boundaries: inclusive boundary coordination, intersected boundary coordination, and unified boundary coordination:

  • Inclusive boundary coordination refers to person A giving up privacy control to person B in order to get something in return (e.g., a patient talking about their eating habits to a doctor so the doctor can provide adequate consultation with regard to his or her health status).
  • In intersected boundary coordination, the concealed information is perceived as comparable, and person A and B are considered as equals (e.g., two friends mutually disclosing the troubles they face at home)
  • Unified boundary coordination is a pattern whereby everyone is in control of the private information, whilst no one really owns the information. Here, the power of person A over B or the equal sharing of information between person A and B is not the most important aspect (e.g., members of a sports club concealing that they have cheated during a game). Rather, ‘‘the body of private information typically found in this type of coordination often predates all members and new members make contributions, yet the information belongs to the body of the whole’’ (Petronio, Altman 2002 p134).

The process where people regulate privacy boundaries as they make choices about the flow of their private information, is guided by six principles:

  • people believe that they own private information, which defines the parameters of what constitutes the meaning of private information;
  • because people believe they own private information, they also believe that they have the right to control that information;
  • to control the flow of their private information, people use privacy rules they develop based on criteria important to them;
  • once they tell others their private information, the nature of that information changes, becoming co-owned by the confidant;
  • once the information is co-owned, ideally the parties negotiate collectively held and agreed-upon privacy rules for third-party dissemination; and
  • because people do not consistently, effectively, or actively negotiate collectively held privacy rules, there is the possibility of “boundary turbulence” which means that there are disruptions in the way that co-owners control and regulate the flow of private information to third parties

The flow of information can be visualised in terms of the thickness or thinness of a boundary wall that allows information to be known. The thicker the boundary, with dense and impenetrable walls, less access is given and so less is known about the private information. Avoiding speaking about certain topics may serve as a safeguard to preserve one’s identity. When people are negotiating the collective privacy boundary, there is the possibility that the type of information being considered is so volatile that the co-owners decide to sustain a thick boundary wall with rigid protection rules by declaring the topic taboo.


Co-ownership of private information involves a joint responsibility for its containment or release. But not all boundary ownership is 50-50. One person may have a greater stake in how the information is handled or feel that they should have total control of how it’s used. If so, that person is usually the original owner.

The different types of confidants

There are at least two ways that people become confidants. First, serving as a confidant may result from soliciting private information belonging to someone else. Second, people may find they are recipients of private information, although reluctantly so.

The deliberate confidant intentionally seeks private information from others either directly, indirectly, or gain permission from them to know the information. They often seek out the information in order to help others out. For example, doctors, counselors, attorneys, and clergy solicit personal information only after they assure clients that they have a privacy policy that severely limits their right to reveal the information to others. The common thread for deliberate confidants is that they purposely seek to know someone else’s private information.

Conversely, a reluctant confidant doesn’t want the disclosure, doesn’t expect it, and may find the revealed information an unwelcome burden. Picture the hapless airplane travelers who must listen to their seatmates’ life stories. Even though reluctant confidants often feel a vague sense of responsibility when they hear someone else’s private information, they usually don’t feel a strong obligation to follow the privacy guidelines of the discloser.

CPM theory contends that the first place privacy rules are learned is within the family. Families influence members of the group across time by providing orientations for use when interacting both with other family members and individuals external to the family unit. The interior family privacy orientation indicates how much a family shares or protects private information with other family members. The interior family privacy orientation is cultivated through both direct communication within the family and the occurrence of such practices among sub-groups within the family, such as concealing secrets.

Risks & benefits of disclosure


  • Making disclosures to the wrong people
  • Disclosing at a bad time
  • Telling too much about ourselves (“oversharing”)
  • Compromising others


  • Increase social control
  • Validate our perspectives
  • Become more intimate with our relational partners

(Petronio, Altman 2002) There are many reasons beside intimacy why people disclose personal information

  • Relieve a burden
  • Gain control
  • Enjoy self-expression
  • Develop intimacy

Trust is the willingness to assume risk. A lower level of perceived privacy risk should be related to a higher level of trust in the other party’s competence, reliability and safekeeping of personal information.

Five principles about privacy management

CPM stipulates five principles about the privacy management that give a route to better understand both the times when access to the information is granted and when access is denied (Petronio, 2002).

  • Principle one states that individuals equate private information with personal ownership. That is, from a behavioural standpoint, people feel they own their private information in the same way that they own other possessions (Child et al., 2009).
  • Principle two predicts that because people believe they own their information, they also believe that they have the right to control the flow of the information to others.
  • Principle three predicts that people develop and use privacy rules to control the flow of information to others.  These rules are driven by motivations and frequently take into account a risk-benefit ratio.
  • Principle four predicts that once private information is disclosed or others are granted access, the information moves from individual ownership to collective ownership. CPM stipulates that typically, people coordinate three different types of privacy rules to manage a collectively held privacy boundary. Thus, the original owner and co-owners coordinate the management of information through the use of privacy boundary permeability rules, privacy boundary ownership rules, and privacy boundary linkage rules.
  • Principle five concerns the prediction that if owners and co-owners do not coordinate the privacy rules to regulate information flow, disruption will occur and boundary turbulence will result. When this type of disruption happens, the outcome exposes implicit or taken-for-granted expectations that have been violated.


GRAVES, J., HEALY, H., HEITHUAS, A., LEHANE, D., MCCELLAN, K., MITCHELL, W. and SCHMIDT, K., 2010. Interpersonal communication for library and information professionals.

MAZER, J.P., MURPHY, R.E. and SIMONDS, C.J., 2007. I’ll see you on “Facebook”: The effects of computer-mediated teacher self-disclosure on student motivation, affective learning, and classroom climate. Communication Education, 56(1), pp. 1-17.

PETRONIO, S., 2013. Brief status report on communication privacy management theory. Journal of Family Communication, 13(1), pp. 6-14.

PETRONIO, S. and ALTMAN, I., 2002. Boundaries of privacy.

WEST, R. and TURNER, L.H., 2013. Chapter 13. Communications privacy management theory of Sandra Petronio. Introducing communication theory analysis and application.