The current issue and full text archive of this journal is available at

www.emeraldinsight.com/1468-4527.htm

Reading a web
The impact of reading a web sites sites privacy
privacy statement on perceived statement
control over privacy and
661
perceived trust
Refereed article received
Manon Arcand 2 April 2007
Universite du Quebec a Montreal, Montreal, Canada Revision approved for
publication 21 June 2007
Jacques Nantel
HEC Montreal, Montreal, Canada
Mathieu Arles-Dufour
La Rochelle, France, and
Anne Vincent
Bell Canada, Montreal, Canada

Abstract
Purpose The purpose of this research is to study the impact of reading a web sites privacy
statement on the perceptions of control over privacy and trust in a cyber merchant.
Design/methodology/approach Two experiments were designed to monitor the actual reading
of the privacy statement. Study one compares the influence of actual reading with self-reported claims.
Study two manipulated the format of the privacy statement (opt-in or opt-out) and included a control
condition to assess the influence of the presence of a privacy statement and the influence of the format
on the dependent variables.
Findings The findings show that the mere presence of a privacy statement has a positive influence
on perceived control. However, reading the privacy statement does not necessarily have a positive
influence on perceived control and trust, contrary to commonly held assumptions. Participants who
read the opt-in format felt significantly more control and trust than the participants who read the
opt-out format. The opt-out format decreases perceived control compared with the group that did not
read the privacy statement when it was available.
Research limitations/implications The sample size for both experiments was relatively modest,
which limits the generalisability of the findings.
Practical implications Cyber merchants should devote particular attention to the strategic role of
the format of the privacy statement.
Originality/value In contrast to other studies that relied on surveys, this paper assesses the
impact of the actual reading of the privacy statement via an experimental approach. Moreover, the
impact of the format of the privacy statement has been empirically tested.
Keywords Electronic commerce, Privacy, Trust, Online operations, Internet
Paper type Research paper

Introduction Online Information Review

Vol. 31 No. 5, 2007
In the first half of 2006, USA web retailers sold $49.3 billion worth of products pp. 661-681
(excluding online travel and event tickets), representing a 24.2 per cent rise over online q Emerald Group Publishing Limited
1468-4527
sales in the same period last year (E-Marketer, 2006a). In 2005, online shopping in the DOI 10.1108/14684520710832342
OIR USA (again excluding travel) represented 2.3 per cent of the retail sales pie
31,5 (E-Marketer, 2006b). Yet this number is rather modest compared with what sales could
be if consumers felt that they had greater control over the privacy and the security of
their personal information when making purchases online. Lack of trust is one of the
most frequently cited reasons for not purchasing from internet shops (Lee and Turban,
2001; E-Marketer, 2006c) or for declining to provide personal information online
662 (Hoffman et al., 1999). Perceived control has been shown to increase trust in various
environments (Parker and Price, 1994; Pavlou, 2003) and to have an important
influence on emotional and behavioural responses of consumers in the service sector
(Hui and Bateson, 1991). Therefore, in the e-commerce context, trust and privacy are
closely related constructs as many authors have suggested (Hoffman et al., 1999;
Cheung and Lee, 2001; Lee and Turban, 2001). To address these important issues,
companies are focusing on the use of privacy statements and privacy seals. A
substantial body of research has reported that consumers tend to trust published
privacy statements or privacy seals located on web sites (Ackerman et al., 1999;
Westin, 1996). The research findings conclude that the presence of these privacy tools
increases trust in the system, trust in the cyber merchant (Pan and Zinkhan, 2006; Liu
et al., 2005; Lee and Turban, 2001) and has a positive impact on behavioural intentions
(Miyazaki and Fernandez, 2000). However, few studies have explored the consequences
of actually reading privacy statements on trust perception and perceived control over
privacy. Reading privacy statements may reassure consumers and reinforce their
perceived control over privacy and trust or, inversely, it may arouse more suspicion
than trust, as did the confidentiality reminders in surveys (Singer et al., 1992). More
interestingly, privacy statements come in various formats that entail different degrees
of control for consumers over the management of their personal information. To date,
no research has studied the impacts of the format of a privacy statement on perceived
control and trust.
The present study is designed to address these shortfalls. The objectives are
twofold: first, we measure the consequences of reading a privacy statement on
perceptions of control over privacy and perceptions of trust in the cyber merchant. Our
second objective is to measure: the impact of the mere presence of a privacy statement;
and the impact of the format on perception of control and trust as well as on the
gathering of personal information to be subsequently used for promotion or
personalisation. Two experiments were designed specifically to address these research
questions.
This study makes an important contribution to the field of privacy on the internet
by focusing on the consumers perceptions of control and trust when reading a privacy
statement that is meant to reassure them. From a managerial perspective, this study
also provides guidance to practitioners regarding: the perceptual and marketing
impact of reading the privacy statement; and the preferred format that best reassures
consumers and/or enables merchants to gain access to important pieces of personal
information that can be used in subsequent marketing activities.

Theoretical background
Trust in e-commerce: concepts and models
Over the years, trust has attracted considerable interest in the academic community,
engendering various definitions and models. Trust is important because it helps
consumers overcome perceptions of uncertainty and risk and engage in trust-related Reading a web
behaviours with vendors, such as sharing personal information or making purchases. sites privacy
In the marketing literature, Moorman et al. (1992) defined trust as the willingness to
rely on an exchange partner in whom one has confidence. Later, Doney and Cannon statement
(1997) defined trust as the perceived credibility and benevolence of a target of trust.
These definitions appear most appropriate when consumers have developed
confidence in the vendor and have had prior occasions to appreciate the motives of 663
the vendor. Initial trust (McKnight et al., 1998) refers to trust in an unfamiliar trustee, a
relationship in which the actors do not yet have credible, meaningful information
about, or affective bonds with, each other (Bigley and Pearce, 1998). In e-commerce, the
period during which a consumer visits and explores a vendors web site for the first
time (the focus of our study) is within the domain of initial trust. In initial relationships,
people use whatever information they have, such as perceptions of a web site and the
privacy statement to make trust inferences (McKnight et al., 2002). Most of the recent
models of trust (including initial trust in the e-commerce context) recognise that trust is
a multi-dimensional concept (Mayer et al., 1995; McKnight et al., 2002; Lee and Turban,
2001; Gefen and Straub, 2004) with three components that define the perception of
trustworthiness: competence (ability of the trustee to do what the truster needs),
benevolence (trustee caring and motivation to act in the trusters interest) and integrity
(trustee honesty and promise keeping). Integrity has been recognised as a major
contributing factor explaining behavioural intentions, including purchase intentions
and sharing personal information (McKnight et al., 2002; Gefen and Straub, 2004).
Furthermore, the influence of integrity has been assessed as being particularly
important at the beginning of a relationship (Mayer et al., 1995) because the customer
cannot rely on previous experience with the vendor. Since our research involves cyber
merchants that are unfamiliar to consumers, we will focus primarily on this dimension
of trust, as it appears the most relevant. Trust is then conceptualised here as the
perceived integrity of the cyber merchant, namely cyber merchant perceived honesty
and promise keeping (McKnight et al., 2002). The next section focuses on the notion of
privacy, clarifying the purpose of privacy statements on the internet as well as their
relationships to consumers perceptions of control and trust.

The concepts of privacy, control over privacy and the role of privacy statements
Privacy was originally defined as the right to be left alone (Brandeis and Warren,
1890). However, in a more recent definition of the concept, the contextual nature of
privacy is more evident. For example, Shoeman (1984) asserted that privacy is a state
or condition of limited access to individuals; individuals have privacy to the extent that
others have limited access to information about them, to the intimacies of their lives, to
their thoughts or their bodies. Concerns about privacy are not new; businesses have
been collecting customer information for decades. However, with technology (database
marketing) and especially with the development of the internet, that enhances
capabilities for collection, storage, use and communication of personal information,
new challenges to privacy have emerged: personal information about consumers can be
collected, monitored and shared without their knowledge and they can lose control over
the diffusion of their personal information. This lost of control is perceived as a major
threat of internet by consumers (Nakra, 2001; Caudill and Murphy, 2000). To address
OIR consumers concerns, the US Federal Trade Commission (FTC) (2000) proposed and
31,5 advocated that fair information practices online provided people with:
.
notice that personal information is being collected;
.
access to the data;
.
choice to allow an organisation to use or share information about them; and
664 .
security.

It is then not surprising that contemporary definitions of privacy include the

dimensions of knowledge and control over personal information divulged (Buchholz
and Rosenthal, 2002; Boatright, 2000): consumers should know what information is
being collected about them and how to withdraw from such marketing activities. Many
studies, mainly surveys, stressed the fact that the problem of privacy is of high concern
for internet users and constitutes a real obstacle to e-commerce growth: for example, 34
per cent of web surfers reported that concerns related to privacy explain their refusal to
buy online (E-Marketer, 2006c) and George (2002, 2004) highlighted the negative
impact of privacy concerns on consumers attitude. Milne and Boza (1999) empirically
showed that privacy concerns and trust had a strong negative relationship in a direct
marketing context. Increasing perceived control over personal information has been
shown to reduce privacy concerns (Milne and Boza, 1999) and to increase trust in
various environments (Parker and Price, 1994) including the internet (Pavlou, 2003).
Perceived control also has a positive influence on consumers behavioural responses in
the service sector (Hui and Bateson, 1991) and on direct mail usage (Milne and Boza,
1999). Perceived control is thus a key construct when studying the impact of privacy
statements and their formats. In this paper, perceived control is defined as the influence
consumers feel they have on the personal information that the cyber merchant
possesses on them (Bateson and Hui, 1992).
These concerns over privacy have prompted the use of various mechanisms
designed to advise consumers of cyber merchants practices regarding personal
information. Seals of approval from trusted third parties (e.g. TRUSTe) and privacy
statements on web sites are the preferred mechanisms used to communicate cyber
merchants practices. It is believed that explicitly advising online consumers that their
personal information will be treated fairly reduces their concerns over privacy (Culnan
and Armstrong, 1999). Milne and Rohm (2000) have studied the impact of perceived
control in direct marketing channels. They found that when consumers know what
information about them is collected, how the information will be used and how they
can unsubscribe from the distribution list, they are less inclined to use withdrawal
mechanisms. Furthermore, in some circumstances the presence of privacy seals or
privacy statements positively influence customers trust perceptions (Lee and Turban,
2001; Pennington et al., 2003). This body of research argues that privacy statements
reassure customers about the security of their personal information and the integrity of
the merchant, while having a minimal impact on the collection of strategic information.
Privacy statements exist in various forms: they may be presented in an opt-in
format where the cyber merchant requests the consumers permission to use his or her
personal information and where the consumers are empowered to decide how their
personal information will be used and shared. Conversely, the statements may be
presented in an opt-out format where the cyber merchant simply informs the
consumer about practices concerning personal information. In this case, the vendor Reading a web
does not ask permission to use customers personal information but the customers may sites privacy
notify the vendor if they wish to withdraw from such practices. Therefore, the opt-in
format gives the consumer much more control over their privacy than the opt-out statement
format.

Reading the privacy statement: what are the anticipated consequences? 665
Despite widespread concerns about online privacy, it seems that relatively few
consumers take concrete actions to guard their privacy online. For example, although a
vast majority of USA consumers report worrying about their online privacy, only 31
per cent bother to read the privacy policies most of the time (E-Marketer, 2002).
Another survey has reported that fewer than 5 per cent of consumers read privacy
policies carefully (E-Marketer, 2003).
Little research has been done on the consequences of reading the privacy statement;
most studies have focused on the impact of either the presence or absence of such a
statement. However, the privacy literature indicates that it is not enough to have a
privacy policy to fully reassure consumers on the web (Ackerman et al., 1999). It seems
essential to make them aware of personal information management practices if we
want to alleviate their concerns (Culnan and Armstrong, 1999). Similarly, it is believed
that consumers are less likely to refuse marketing activities when they are made aware
of data collection and use as well as the means to shield themselves from these
activities (Milne and Rohm, 2000). These findings somewhat contradict consumers low
interest in reading the privacy statements located on web sites.
One way of considering this apparent paradox is to draw a parallel between reading
a privacy statement and the assurance of confidentiality reminders given by survey
administrators in order to increase the response rate or data quality. Frey (1986), in a
study on the effect of confidentiality reminders used in telephone surveys, concluded
that such reminders tend to reduce the probability of answering surveys, thus creating
more apprehension than trust with individuals, although the primary goal was to
reassure them. A meta-analysis on the subject (Singer et al., 1995) confirmed Freys
findings in that no support was found for a relationship between the reassurance of
confidentiality and increased response rate or response quality. In fact, when the data
gathered in a survey is not sensitive, confidentiality reassurances appear to produce
small negative effects. The evidence suggests that elaborate assurances of
confidentiality increase perceptions of the sensitivity of the data, anxiety or threat of
the survey. Singer et al. (1992) summarised their findings as follow: . . .subjects given a
more elaborate assurance of confidentiality were more likely to see their responses as
falling into the wrong hands, thus suggesting that such assurances, at least when
coupled with non-sensitive data, are more likely to arouse suspicion rather than
increase trust. We cannot rule out the possibility that reading the privacy statement
might have an impact similar to assurance of confidentiality, by prompting the
consumer to speculate on what could go wrong if they divulge personal information.

Study one
The goal of the first study or experiment was to assess the consequences on control
and trust perceptions when consumers read a privacy statement. Many studies on the
subject have used surveys to gather data, yet self-reports are sometimes plagued by
OIR important bias, some of which are relevant here. For social desirability or
31,5 self-presentation purposes, consumers may deviate from the real answer or
estimate in self-reports (Schwarz, 1999; DeMaio, 1984); contextual variables such as the
researchers interest then influence the answers subjects supply. When asked if they
read a privacy statement online, consumers may want to look good in both the eyes of
the researcher as well as in their own eyes, and state that they read it, when in fact, they
666 do not. This is why we believe it is important here to differentiate between consumers
that actually read the privacy statement and the ones that claim they did, and assess
the impact on perceptions for both groups. The experimental design of study one
allowed us to perform such a comparison.

Hypotheses for study one

Acknowledging that the literature contains contradictory evidence of the impact of
reading the privacy statement on perceptions of control and trust, we posit the
following hypotheses that are consistent with the predominant findings of the trust
and privacy literature:
H1a. Claiming to read the privacy statement has a positive impact on perceived
control over privacy.
H1b. Claiming to read the privacy statement has a positive impact on perceived
trust in the cyber merchant.
H2a. Reading the privacy statement has a positive impact on perceived control over
privacy.
H2b. Reading the privacy statement has a positive impact on perceived trust in the
cyber merchant.

Method
Data collection and participants. The objective of the study was to measure consumers
perceptions related to the privacy statement when they surf on a web site they have not
visited before, belonging to a cyber merchant they do not know. To this effect, we
created a travel agency web site. We did not want to use existing web sites in order to
control the familiarity that the participants might have had with the online merchant.
An e-mail was sent to 760 individuals registered in a consumer database owned by a
large research group located in Eastern Canada. With a response rate of 29 per cent,
219 subjects took part in the study. A financial incentive in the forms of a lottery was
offered to encourage participation. Subjects were first presented with a scenario aimed
at presenting the merchant and explaining the task to be carried out. They were asked
to surf on the web site as if they were shopping for an all-inclusive vacation package.
The travel agency site was professionally designed and offered all the features found
on such sites, including a privacy statement. Reading the privacy statement was
optional. Participants could register on the site for further ordering and communication
with the travel agency. Links to the privacy statement were available on the home page
and on the registration form page. The site was designed such that it allowed us to
monitor if consumers actually clicked on the privacy statement link (participants were
not made aware of this indicator). When participants determined that they had surfed
on the web site long enough, they clicked on a link in order to fill out a questionnaire.
The first question in the questionnaire asked participants if they had read the privacy Reading a web
statement. Participants perceived control and trust, socio-demographic profile and sites privacy
level of experience with the internet were also gathered via the questionnaire.
Participants were highly experienced with the internet (close to 80 per cent had at least statement
four years of experience with the internet) and 68 per cent of them had already made an
online purchase. Of the participants, 54 per cent were females and they were between
16 and 69 years of age, with an average age of almost 40. Table I presents the profile of 667
participants on socio-demographic variables and relevant internet dimensions.
Measures of constructs. To maximise the content validity of the constructs, the
scales retained have been successfully used by other researchers in the field. Table II
summarises the scales used, their source and original reliability (a).
Pre-test. Two pre-tests were necessary to ensure good comprehension of the web
site and of the scales used. Specifically, it was important that the link to the privacy
statement be noticed and that the content of the privacy statement be understood by
participants (the privacy statement is available in Figure 1). Sixty subjects took part in
the pre-tests, 48 of them navigating online on the experimental web site. Notice and

Variable Distribution (n 219)

Gender
Women (%) 54
Men (%) 46
Age
Mean 39.8 (SD 12.73)
Education
High school or less (%) 12.1
College (%) 24.8
University (%) 63.1
Experience on the internet
Table I.
Less than 4 years (%) 20.5
Profile of participants on
4 to 6 years (%) 28.4
socio-demographic
6 years and over (%) 51.1
variables and relevant
Have already made an online purchase internet dimensions
Yes (%) 68.2 (questionnaire)

Cronbachs a
No. of of original Adaptation following
Construct itemsa Source scales pre-test

Perceived control 3 Bateson and Hui (1992) 0.61 Kept only 2 items, the
over privacy third one was confusing
Perceived trust 4 McKnight et al. (2002) 0.92 Kept only 3 items for
(integrity) parsimony purposes
Note: aAll items measured with Likert type scales anchored with (1) Totally disagree and (7) Totally Table II.
agree Constructs and source
OIR understanding of the privacy statement were assessed by the following questions, all
31,5 using a seven-point scale (1 not at all, 7 absolutely): the site has a hyperlink to a
privacy statement, The travel agency automatically includes me in their distribution
list and The travel agency advises me that my personal information can be shared
with other companies. No changes were deemed necessary to the web site as no
specific problems were encountered during navigation and the privacy statement was
668 well noticed (x 5:40) and well understood (x 6:8 for the distribution list question
and x 7 for the sharing of information). However, both pre-tests led us to shorten the
questionnaire, which was initially perceived as too long. Further, items in scales that
were difficult to understand or confusing for the subjects were removed, without
altering the initial structure or reliability of the constructs (Cronbachs alpha . 0.85 for
all dimensions in the pre-test)

Results
Validating the constructs: CFA results. Before testing our hypotheses, we first used
Confirmatory Factor Analysis (CFA) to assess the reliability and the validity of the
constructs presented in Table II. EQS 6.0 was used for the analysis with the Maximum
Likelihood (ML) estimator. After removing 2 outliers, the model showed an excellent fit
as exhibited by all measures (chi square 9:236(4), p 0:055, CFI 0:995,
SRMR 0:023). Reliability of the measures were good (composite reliability of 0.87
and 0.95 and variance extracted of 0.775 and 0.87 for control over privacy and
perceived integrity respectively), well above the recommended thresholds (0.70 for
composite reliability as per Hair et al., 1998 and 0.50 as per Fornell and Larcker, 1981).
Discriminant validity was also quite acceptable as the correlation between the two
constructs was 0.53, below the 0.60 threshold (Carlson et al., 2000). We thus confirmed
the high degree of reliability and validity of the constructs used in the study.
Descriptive results. According to the web surfer indicator, 41 per cent of the
participants clicked on the privacy statement, in proportions comparable to those
reported in the literature. However, the first question in the questionnaire asked
participants if they had read the travel agencys privacy statement (Did you read the
statement regarding the conditions of utilisation of your personal information on the
web site of the travel agency? Yes. . . No. . .); 68 per cent replied that they did.

Hypotheses testing
A series of t-tests were performed in order to test our hypotheses. As reported in
Table III, no relationship was found between claiming to read the privacy statement
and perceived control and trust. In the first case, claiming to have read the privacy
statement generated a score for perceived control of 3.6026 v. 3.7206 for not claiming so

Figure 1.
Wording of the privacy
statement in Study 1
(t 20:503; p 0:615). For trust, similar results were obtained (x) claiming to have Reading a web
read 4:649 and (x) not claiming to have read 4:4216, t 1:291; p 0:198). These sites privacy
results refute H1a and H1b. To assess the influence of actually reading the privacy
statement, we re-did the analyses using the information from the web indicator as the statement
independent variable instead of the claims made by respondents. Quite a different
picture emerged. As Table IV demonstrates, reading the privacy statement
significantly influenced perceived control over privacy (t 23:801; p 0:000) and 669
perceived trust (t 22:38; p 0:018). Participants who read the privacy statement
felt less in control of their privacy (x 3:16) and perceived less trust in the merchant
(x 4:35) than those that did not read it (x 3:97 for perceived control and x 4:74
for perceived trust). Therefore, contrary to the commonly held assumption that the
privacy statement has a positive impact on perceptions, the actual reading of the
statement has a negative impact on perceptions of both control and trust. Thus, H2a
and H2b were found to generate significant results but in a direction opposite to our
original expectations.

Discussion
Interesting but surprising results emerged from study one: first, when using self-report
answers, we showed that claiming to read the privacy statement has no impact on
perceptions of control and trust. A significant proportion (27 per cent) of participants
reported clicking on the privacy link but actually did not. These results cast doubt on
the validity of the survey as a method of assessing the influence of a privacy statement.
This is in line with the bias and limits of self-reports highlighted by Schwarz (1999)
and DeMaio (1984). Therefore, relying on what consumers say in surveys is not enough
and can be misleading. Researchers are better served if they rely on measures of actual
behaviour whenever possible.
Second, reading the privacy statement decreased the perceptions of control over
privacy and perceived integrity (trust). These findings contradict the widely held belief in
the privacy and trust literature that disclosing the management of personal information
reassures consumers and induces trust[1]. On the contrary, we showed that privacy
statements produce similar effects to assurance of confidentiality: they arouse suspicion

Group N Mean t p Table III.

T-test on perceived
Perceived control Did not claim reading 68 3.7206 20.503 0.615
control and perceived
Claimed reading 151 3.6026
trust according to the
Perceived trust Did not claim reading 68 4.4216 1.291 0.198 reported reading of the
Claimed reading 151 4.649 privacy statement

Group N Mean t p Table IV.

T-test on perceived
Perceived control Did not read 129 3.9729 23.801 0.000
control and perceived
Read 90 3.1611
trust according to the
Perceived trust Did not read 129 4.739 22.38 0.018 actual reading of the
Read 90 4.3481 privacy statement
OIR instead of improving control and trust. These results are consistent with Singer et al.
31,5 (1995), who concluded that confidentiality assurances produce negative effects as they
increase perceptions of the sensitivity of the data, anxiety or threat of the survey.

Study two
Since study one suggested that relying on self-reports alone to assess the influence of the
670 privacy statement on perceptions of control and trust could be misleading, we decided to
evaluate whether the mere presence of a privacy statement has a positive impact on
control and trust. Furthermore, in order to gain a better understanding of the results
obtained in study one, we investigated consumers reactions to different formats of
privacy statements. Two formats are commonly used by cyber merchants: the opt-in
and the opt-out format. The opt-in format allows consumers to have access to their
personal information and to act on information management practices. Conversely, the
opt-out format does not provide such access and choice features. We then anticipated
that the opt-in format should induce a higher level of perceived control and perceived
trust than the opt-out format. Study two was designed to address these research
questions. This time, an existing music web site was used, the disclosure of personal
information was mandatory and the experiment took place in a controlled environment.

Hypotheses for study two

Few studies to date have looked at the impact of the presence of a privacy statement on
perceived control; the focus is generally on the trust dimension. For example, Lee and
Turban (2001) and Pan and Zinkhan (2006) argued that making a privacy statement
visible, increases perceived trust in the merchant.
Therefore, we posit:
H3a. The mere presence of a privacy statement has a positive impact on control
over privacy.
H3b. The mere presence of a privacy statement has a positive impact on perceived
trust in the cyber merchant.
Since results from study one contradicted the general belief that a privacy statement
has a positive influence on control and trust, we believe it is important to replicate them
in a different setting. H4a and H4b replicates H2a and H2b tested in study one.
H4a. Reading the privacy statement has a positive impact on perceived control over
privacy.
H4b. Reading the privacy statement has a positive impact on perceived trust in the
cyber merchant.
The last set of hypotheses concerns the impact of the format of the privacy statement
and the related control on perceptions of control and trust.
H5a. When read, the privacy statement presented in an opt-in format will produce a
higher level of perceived control than the opt-out format.
H5b. When read, the privacy statement presented in an opt-in format will produce a
higher level of perceived trust than the opt-out format.
Method Reading a web
Data collection and participants. Following a similar procedure as in study one, an sites privacy
e-mail was sent to 1090 individuals registered in a consumer database owned by a
large research group located in Eastern Canada. With a response rate of 19 per cent, statement
209 individuals were recruited to participate in study two. This time we used an
existing cyber merchant in order to make the navigating experience as realistic as
possible for the subjects and to enhance their involvement. The chosen site was 671
SIRIUS, a music web site available only recently in Canada. Sirius proposes an array of
radio stations available via satellite. No subjects had previously visited this site.
Consumers were asked to navigate on one of three versions of this site. When clicking
on the link to the study, participants were randomly assigned to one of three sites
created specifically for the experiment. The three versions of the site were identical in
content, but the level of control available to the subject regarding the management of
personal information was manipulated. While navigating, subjects were asked to do
the following:
(1) Enrol in a research project concerning online music and provide personal
information such as name, year of birth, e-mail address, postal code, city and
music tastes.
(2) Visit the music web site www.siriuscanada.ca, which was directly integrated in
the experimental design.
(3) Evaluate the visited site via a post-navigation questionnaire.

The profile of the participants was similar to the typical internet user: young (60.6 per
cent of them were between 19-26 years old), male (57.7 per cent), well-educated (53.4 per
cent have completed an undergraduate degree). However, contrary to the typical
internet user, who reports income exceeding $60,000, only 10.5 per cent of our
participants reported income over $50,000.

Experimental manipulations
As mentioned, the only difference across the three experimental sites was the privacy
statement located on the subscribe page in step one. On site 1, there was no privacy
statement to inform consumers that data was collected or that there was any means of
protecting their personal information (control group). Sites 2A and 2B had a link to a
privacy statement on the subscribe page. The privacy statement concerning the
management and protection of personal information was in an opt-out format on site
2A while it was in an opt-in format on site 2B. The former gave users limited control,
while the latter granted consumers much more decision making power. The privacy
statements were built around the four dimensions (notice, security, access and choice)
advocated by the FTC (Fornell and Larcker, 19812) to ensure good business practices
related to the management of personal information. Liu et al. (2005) showed that these
four dimensions were positively correlated with trust. More specifically, the
dimensions of access and choice were manipulated. Table V provides details
regarding the experimental manipulations of the privacy statement. Here again, a web
indicator allowed us to monitor if participants clicked on the link to the privacy
statement. Participants were not aware of this monitoring.
OIR
Dimension Site 2A Site 2B
31,5
Notice Presence of a detailed privacy statement Presence of a detailed privacy statement
Security Disclose your personal information in a Disclose your personal information in a
totally secure environment backed by the totally secure environment backed by the
best encryption technology available on the best encryption technology available on the
672 market: SSL Technology with 128 bits market: SSL Technology with 128 bits
Access No mention At any time you can access the information
you disclosed to us in order to verify,
modify or even delete it
Choice Opt-out format: Opt-in format:
You will soon receive our newsletter and Please advise us, by checking the boxa, if
other interesting information. Please send us you wish to receive our newsletter and
an e-mail if you do not wish to receive it other information that may interest you
You will soon receive interesting offers from Please advise us, by checking the boxa, if
our commercial partners. Please send us an you wish to receive offers that may
e-mail if you do not wish to receive them interest you from our commercial
In order to offer you a personalised partners
experience, we retrieve and save your Please advise us, by checking the boxa, if
personal information. Specifically, we use you wish to navigate anonymously. No
cookies that will be automatically integrated cookies will be saved on your computer
into your computer. If you wish to navigate
anonymously, some companies have
developed software that allows you to do so.
Simply click on the following links: www.
anonymizer.com, www.idzap.com, /www.
somebody.net
We do not guarantee the efficacy of these
products
Notes: Site 1 is not presented here since it does not include any privacy statement and thus does not
Table V. contain any dimension advised by the FTC; sentences in italic were not included in the privacy
Experimental conditions statement presented to the subjects, we included them here to inform the reader. aA box was shown
for sites 2A and 2B next to each of these statements

Measures of constructs. Scales similar to the ones used in study one were used here to
measure perceived control and perceived trust. Equivalent reliability and validity
properties were found.
Pre-tests. The comprehension of the experimental sites, as well as the reliability and
validity of the scales and the manipulations were tested prior to the experiment. To do
so, the URL of the web site was sent randomly to 250 panellists of a consumer database
managed by a large research group located in Eastern Canada. One hundred and four
(104) participants agreed to participate in the pre-test. The scales showed good stability
and reliability (perceived control over privacy, a 0:84 and perceived trust, a 0:87).
Checks on the validity of the manipulations were done via a post-navigation
questionnaire, using Likert-type scales anchored with totally disagree (1) and totally
agree (7). No problems of comprehension were reported: subjects noticed the link to
the privacy statement when available (x 6:6 when navigating on the site with a
privacy statement versus x 3:6 when navigating on the site without a privacy
statement, p 0:000) and the subjects who read the privacy statement differed from Reading a web
those that did not read it, in terms of noticing the security (x 5:67 v. 3.06), access sites privacy
(x 6:41 v. 3.00) and choice (x 6:16 v. 3.28) dimensions included in the privacy
statement (all p 0:000). No changes to the experimental sites and manipulations were statement
deemed necessary. Further, because of the limited number of subjects in the final
experiment and since subjects from the pre-test came from the same population as the
final experiment, we decided to aggregate the results of the pre-test with those of the 673
105 subjects that took part in the final test.

Results
Validating the constructs. Both constructs appeared stable and showed good reliability
and validity as measured by exploratory factor analysis and Cronbachs alpha (control
over privacy a 0:89, with 1 factor explaining 81.8 per cent of the variance and
perceived trust a 0:84, with 1 factor explaining 86.8 per cent of the variance). The
correlation between control and trust was significant but moderate (0.365, p 0:000).
Descriptive results. Sixty-five subjects (31.1 per cent) were assigned to site 1
containing no privacy statement, 76 subjects (36.4 per cent) were assigned to site 2A
with a privacy policy in opt-out and 68 of them (32.5 per cent) visited site 2B, where the
privacy statement was presented in an opt-in format. Out of the 144 subjects that had a
link to a privacy statement (2A and 2B), only 58 (40.3 per cent) clicked on the link as
revealed by the analysis of the navigation logs. Subjects were then divided in four
distinct groups:
(1) control group (assigned to site 1);
(2) did not read group (assigned to sites 2A and 2B, that did not click on the privacy
statement link);
(3) opt-out group (assigned to site 2A and clicked on the privacy statement); and
(4) opt-in group (assigned to site 2B and clicked on the privacy statement).

Table VI shows the level of perceived control and perceived trust in the cyber merchant
for each of the six groups.

Hypotheses testing
In order to assess the impact of the presence of the privacy statement (H3), we
compared the perceptions of the group that had access to the privacy statement but
ignored it (did not read group) with the control group. Results show that the mere
presence of a privacy statement has a positive impact on perceived control over

Mean Mean
Group N Perceived control over privacy Perceived trust

Control group (site 1) 65 3.541 4.9346

Did not read group 86 4.1142 4.6095
Read in opt-out group 34 3.0625 4.5158 Table VI.
Read in opt-in group 24 3.8163 5.3912 Level of perceived control
Read (total) 58 3.8163 4.9535 over privacy and
perceived trust in the
Note: Total of groups read in opt-out and read in opt-in various groups
OIR privacy (t 22:091; p 0:039), since subjects who visited a web site with a privacy
31,5 statement without reading it, felt greater control over their privacy (x 4:11) than the
ones who visited the web site without any privacy statement (x 3:54), which
supports H3a. However, no such impact is observed on perceived trust (t 1:715; p .
0.05) since there is no significant difference between the perceived trust of the control
group (x 4:93) and the did not read group (x 4:61). H3b is not supported. The
674 details of these results are presented in Table VII.
Comparing the participants who read the privacy statement with the ones who
ignored it allowed us to test H4. The results show that there is no significant difference
in perceptions of control (t 20:984; p . 0.05) and trust (t 1:241; p . 0.05) between
participants who read the privacy statement (x 3:82 for control and x 4:88 for
trust) and the ones that did not read it when it was available (x 4:11 for control and
x 4:61 for trust). Note that the read group comprised the results of both the opt-in
and the opt-out group. Hypotheses H4a and H4b are thus rejected. The details of these
analyses are presented in Table VIII.
H5 concerns the influence of the format of the privacy statement on perceived control
and trust for subjects who read it. Comparing the perceptions of the subjects who read the
privacy statement in the opt-in format with those that consulted it in the opt-out format
will allow us to test this hypothesis. The participants who consulted the privacy
statement in the opt-in format felt significantly more in control over their personal
information (x 4:88) than the subject who read the opt-out format (x 3:06; t 3:937;
p 0:000). The influence of the format on perceived trust is also confirmed when
comparing the level of perceived trust between the opt-in group (x 5:39) and the opt-out
group (x 4:51; t 2:516; p 0:015). Reading the privacy statement in an opt-in format
definitely has a more positive influence on both perceptions than the opt-out format. H5a
and H5b are thus strongly affirmed. Details of this test can be seen in Table IX.
Interestingly, when comparing the group that read the privacy statement with the
group that did not read the statement when it was available (H4), no significant
differences were reported in perceptions. However, when we compared the groups who
read it in different formats, strong differences emerged (H5). These results suggest that
the real nature of these differences lies in the format of the policy. By merging the

Table VII. Group N Mean t p

T-test on perceived
Perceived control Control group 65 3.541 -2.091 0.039
control and perceived
Did not read group 86 4.1142
trust between control
group and did not read Perceived trust Control group 65 4.9341 1.715 0.088
group Did not read group 86 4.6095

Table VIII. Group N Mean t p

T-test on perceived
Perceived control Did not read 86 4.1142 20.984 0.328
control and perceived
Read 58 3.8163
trust according to the
actual reading of the Perceived trust Did not read 86 4.6095 1.241 0.217
privacy statement Read 58 4.8784
opt-in and the opt-out groups in a read group, we cancel or average out their real Reading a web
impact on control and trust. Comparing the three groups (did not read, opt-in and sites privacy
opt-out) in an ANOVA evinces these striking differences (F 9:669; p 0:000 for
perceived control and F 4:585; p 0:012 for perceived trust). In order to do a statement
finer-grain analysis, we will concentrate on the contrasts between groups: the subjects
who read the privacy policy in the opt-in format felt significantly more in control of
their personal information (x 4:8842) than the ones who did not read it when 675
available (x 4:1142, p 0:039). Conversely, the subjects who read the privacy
statement in the opt-out format felt significantly less in control (x 3:0625) than the
ones who ignored it when available (x 4:1142, p 0:002). This latter result confirms
and replicates what we found in Study 1, namely that reading the privacy statement
decreases perceived control when presented in an opt-out format. Inversely, the opt-in
format exerted a positive influence. Turning to perceived trust, it appears that reading
the privacy statement in the opt-in format (x 5:3912) significantly improves
perceived trust (p 0:006) compared to ignoring it when available (x 4:6095).
However, no significant difference in trust between reading the statement in the opt-out
(x 4:5165) format and ignoring it when onsite (x 4:6095, p . 0.05) was observed.
Figure 2 illustrates these results (details of the ANOVA and contrasts are presented in
Tables X-XII).

Group N Mean t p Table IX.

T-test on perceived
Perceived control Read opt-in format 24 4.8842 3.937 0.000
control and perceived
Read opt-out format 34 3.0625
trust according to the
Perceived trust Read opt-in format 24 5.3912 2.516 0.015 format of the
Read opt-out format 34 4.5165 privacy policy

Figure 2.

Group N Mean F p Table X.

ANOVA and simple
Perceived control Did not read 86 4.1142 9.669 0.000
contrasts. Impact of
Read opt-out format 34 3.0625
reading the privacy
Read opt-in format 24 4.8842
statement on perceived
Perceived trust Did not read 86 4.6095 4.585 0.012 control and perceived
Read opt-out format 34 4.5165 trust, when the statement
Read opt-in format 24 5.3912 is available
OIR It is also worth mentioning that more than 82 per cent (28/34) of the subjects who
31,5 consulted the privacy statement in an opt-out format agreed to receive information and
promotions (offers), while only 4 per cent (1/24) of subjects who viewed the privacy
statement in an opt-in format agreed to receive such marketing materials. Furthermore,
close to 42 per cent of subjects in the opt-in group claimed that they wanted to navigate
anonymously while nobody in the opt-out group used the links to access web sites
676 offering such an option.

Discussion
Study two added many important nuances to the results observed in study one. First,
partial support was found for the idea that the mere presence of a privacy statement has
positive impacts on consumers perceptions as reported in the trust literature: the
positive impact is putatively confirmed on perceived control but not on perceived trust,
contrarily to Lee and Turban (2001) and Pan and Zinkhan (2006), who argued that
making a privacy statement visible increases perceived trust in the merchant. Second,
the study clarifies the relationship between reading a privacy statement and these same
perceptions: When presented in opt-out format, the statement has a negative impact on
control and no influence on trust, compared with not reading it at all. However, when
read in an opt-in format, the statement has a positive impact on both control and trust.
Third, the format of the privacy statement and the control put in the hands of consumers
is a strategic variable: Our results suggest that cyber merchants should make a privacy
statement available to consumers in an opt-in format (as opposed to opt-out), which
entails requesting permission to use customers personal information and putting more
control in their hands in order to maximise positive perceptions of control and trust.
However, such a strategy will likely minimise the gathering of personal information
available for subsequent marketing activities compared with an opt-out format. In effect,
a privacy statement and the preferred format to use operate like a double-edged sword.
The mere presence of the statement has a positive impact and the majority of users will
likely not consult it anyway. However, the format that makes a real positive difference on
these perceptions, when the statement is read, is likely to severely limit the strategic
information available for further marketing activities. Further, the results also build on

Table XI.
ANOVA and simple Group I Group J Mean differences (I-J) Standard error p
contrasts. Simple
Opt-out group Opt-in group 2 1.82 0.427 0.000
contrasts between groups:
Did not read group 2 1.05 0.325 0.002
the impact of reading the
privacy statement on Opt-in group Opt-out group 1.82 0.427 0.000
perceived control Did not read group 0.77 0.37 0.039

Table XII.
ANOVA and simple Group I Group J Mean differences (I-J) Standard error p
contrasts. Simple contrast
Opt-out group Opt-in group 2 0.875 0.32 0.007
between groups: the
Did not read group 2 0.0931 0.2437 0.703
impact of reading the
privacy statement on Opt-in group Opt-out group 0.875 0.32 0.007
perceived trust Did not read group 0.7817 0.278 0.006
Milne and Rohm (2000), who assert that when consumers are made aware of what Reading a web
information is collected about them and how their information will be used, they are less sites privacy
inclined to use withdrawal mechanisms. This is true in an opt-out format, but if the
customer is allowed to make all the choices (opt-in), they are most likely to restrict the statement
collection and sharing of their personal information for promotional purposes. They may
even decide to navigate incognito.
677
General discussion
This research makes an important contribution to the field of consumer behaviour and
trust in an e-commerce context at both the theoretical and managerial levels. First and
most importantly, results from two experiments showed that reading the privacy
statement does not necessarily have a positive influence on perceived control and trust,
contrary to what seems to be accepted knowledge in the privacy and trust literature. It all
depends on the content and the format, which gives consumers varying levels of control
over management of their personal information. Cyber merchants should devote
particular attention to the strategic role of the format of the privacy statement and the
associated control. They should thus carefully weigh the choice of opt-in versus opt-out
privacy statements. Merchants who choose an opt-out format may try to position the
statement subtly, in the hopes that users will notice the link (and appreciate the improved
control that comes with it) but will not read it; otherwise, they risk decreasing users
perceived control and trust (study one) by prompting consumers to speculate on what
could go wrong if their personal information ended up in the wrong hands. Conversely,
merchants that decide on an opt-in format that increases positive perceptions of control
and trust when read may severely limit the personal information gathered from the
users. A promising solution to this dilemma would be to reconsider the location of
privacy statements: instead of placing the statement at the periphery of the web site, it
should be placed in a central location, upstream to the navigation process. This ethical
practice would enhance consumers perceptions of power and trust and, from a
commercial standpoint, may reinforce attitudes and behavioural intentions toward the
cyber merchant. In this scenario, a dynamic opt-in format that could be personalised
would become the portal to navigation. The trusted merchant would then be able to
deploy well targeted marketing actions personalised to interested customers.
Second, relying on the self-reported answers of consumers to indicate whether they
clicked on the privacy statement link or not, paints a quite different picture. In study
one, we showed that there was no relationship between claiming to read the privacy
statement and control and trust perceptions[2]. This raises important question on the
validity of self-reports. Schwarz (1999) and DeMaio (1984) found that subjects may
adapt their response in light of social desirability and in this particular research, they
may have tried to look like thorough navigators in the eyes of the researchers. These
authors argued that such adaptations are not rare when self-report questions are used.
We encourage researchers to be prudent when analysing data based on self-reports
and, whenever possible, to measure actual behaviour instead of asking (surveying)
consumers what they did or what they would do in a particular situation.
Third, in both experiments many participants did not click on the privacy statement
(36 per cent in Study One and 60 per cent in Study Two) even if they divulge personal
information. We encourage policy makers to be vigilant and to promote safe practices
in the population regarding the disclosure of private information on the web.
OIR Limitations of the study and suggestions for future research
31,5 As with all behavioural research, there are limitations to this study that need to be
addressed. First, the size of the sample used for this research (219 and 209 participants
in studies one and two respectively) was relatively modest. This limitation was
especially apparent in study two, where the small proportion of participants consulting
the web site left us with a limited sample size to test the impact of the format. Second,
678 participation rates obtained for both studies (29 per cent for study one and 19 per cent
for study two) were modest, but in the average to high end of the response rate
continuum obtained in recent academic e-mail surveys (for reviews, see Deutskens et al.
2004 and Kaplowitz et al. 2004). Third, the experiments took place in an uncontrolled
environment, which, while increasing external validity can influence its internal
validity. These limitations somewhat constrain the generalisability of these findings,
which is why we consider this research exploratory. Our web indicator allowed us to
monitor whether or not participants clicked on the privacy link. We then assumed that
they read the content of the privacy statement. We cannot be sure that this was the
case. Qualitative research would be needed to observe subjects while navigating to
clarify this matter.
We hope that our challenging results will encourage researchers to replicate or
expand this study using larger samples, different experimental settings or
methodology in order to enrich our understanding of the impact of privacy policy
reading on consumers perceptions and behaviour. In particular, the influence of the
format of privacy statements should be studied on a larger scale, using a larger sample
and a different context. Manipulating the level of risk or the type of web site, e.g.
informational/transactional, are potentially interesting avenues of future research.
Another fruitful area might be to study the impact of other aspects of the privacy
statement (e.g. length and wording) on consumers trust, control over privacy and
disclosing behaviour.

Notes
1. It could also be argued that respondents more concerned about privacy and confidentiality
are more likely to read privacy policies. In such case, reading the privacy statement did not
succeed in altering their initial predispositions to trust or not to trust. However, participants
that clicked on the privacy policy link and the ones that didnt click had a similar general
propensity to trust as well as similar concerns regarding security ( p . 0,05 on both
measures). However, the ones who clicked on the link had less confidence in e-commerce
than the ones who did not click (p 0; 04). We would like to thank the reviewer for
suggesting this alternative explanation. Further research is needed to fully clarify this
matter.
2. Note that these results were replicated in study two but are not presented in the text for
space considerations.

References
Ackerman, M.S., Cranor, L.F. and Reagle, J. (1999), Privacy in e-commerce: examining user
scenarios and privacy preferences, Proceedings of the ACM Conference on Electronic
Commerce EC99.
Bateson, J.E.G. and Hui, M.K. (1992), The ecological validity of photographic slides and
videotapes in simulating the service setting, Journal of Consumer Research, Vol. 19 No. 2,
pp. 271-82.
Bigley, G.A. and Pearce, J.L. (1998), Straining for shared meaning in organization science: Reading a web
problems of trust and distrust, Academy of Management Review, Vol. 23 No. 3, pp. 405-21.
Boatright, J.R. (2000), Ethics and the Conduct of Business, 3rd. ed., Prentice Hall, Englewood
sites privacy
Cliffs, NJ. statement
Buchholz, R.A. and Rosenthal, S. (2002), internet privacy: individual rights and the common
good, S.A.M. Advances Management Journal, Vol. 67 No. 1, pp. 34-41.
Brandeis, L. and Warren, S. (1890), The right to privacy, Harvard Law Review, Vol. 4, p. 193. 679
Carlson, D., Kacmar, K.M. and Williams, L.J. (2000), Construction and initial validation of a
multidimensional measure of work-family conflict, Journal of Vocational Behaviour,
Vol. 56 No. 2, pp. 249-76.
Caudill, E.M. and Murphy, P.E. (2000), Consumer online privacy: legal and ethical issues,
Journal of Public Policy & Marketing, Vol. 19 No. 1, pp. 7-19.
Cheung, C.M.K. and Lee, M.K.O. (2001), Trust in internet shopping: instrument development and
validation through classical and modern approaches, Journal of Global Information
Management, July-September, pp. 23-35.
Culnan, M.J. and Armstrong, P.K. (1999), Information privacy concern, procedural fairness, and
impersonal trust: an empirical investigation, Organization Science, Vol. 10 No. 1,
pp. 103-15.
DeMaio, T.J. (1984), Social desirability and survey measurement: a review, in Turner, C.F. and
Martin, E. (Eds), Surveying Subjective Phenomena,Vol. 2, Russell Sage Foundation, New
York, NY, pp. 257-81.
Deutskens, E., De Ruyter, K., Wetzels, M. and Oosterveld, P. (2004), Response rate and response
quality of internet-based surveys: an experimental study, Marketing Letters, Vol. 15 No. 1,
pp. 21-36.
Doney, P.M. and Cannon, J.P. (1997), An examination of the nature of trust in buyer-seller
relationships, Journal of Marketing, Vol. 61 No. 2, pp. 35-61.
E-Marketer (2006a), Web sales growth remains strong as consumers spend more across a wider
range of online product categories, Census Bureau of the US Department of Commerce.
available at: www.emarketer.com/article.aspx?1004126
E-Marketer (2006b), US retail e-commerce (excluding travel) as a percent of total retail sales,
2000-2006, eMarketer Database, January, available at: www.emarketer.com/chart.
aspx?50944
E-Marketer (2006c), Online privacy and security: the fear factor, eMarketer Database, April,
available at: www.emarketer.com/Reports/Viewer.aspx?privacy_retail_apr06&
autodetect Y
E-Marketer (2003), Amount of time US adults spend reading website privacy policies, Harris
Interactive/Privacy Leadership Initiative, December 2001, eMarketerDatabase, available
at: www.emarketer.com/products/chart.php?31594
E-Marketer (2002), Frequency of reading online privacy policies among US consumers, EBrain
Market Research/Consumer Electronics Association, May, eMarketer Database, available
at: www.emarketer.com/products/chart.php?26317
Fornell, C. and Larcker, D.F. (1981), Evaluating structural equation models with unobservable
variables and measurement error, Journal of Marketing Research, Vol. 18, pp. 39-50.
Frey, J.H. (1986), An experiment with a confidentiality reminder in a telephone survey, Public
Opinion Quarterly, Vol. 50, pp. 267-9.
FTC Report to Congress (2000), Privacy online: fair information practices in the electronic
marketplace, available at: www.ftc.gov/reports/privacy2000.pdf
OIR Gefen, D. and Straub, D.W. (2004), Consumer trust in B2C e-commerce and the importance of
social presence: experiments in e-products and e-services, Omega: International Journal of
31,5 Management Science, Vol. 32 No. 6, pp. 404-27.
George, J.F. (2002), Influence on the intent to make internet purchases, internet Research:
Electronic Networking Applications and Policy, Vol. 12 No. 2, pp. 165-80.
George, J.F. (2004), The theory of planned behaviour and internet purchasing, internet
680 Research, Vol. 14 No. 3, pp. 198-212.
Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. (1998), Multivariate Data Analysis with
Readings.
Hoffman, D.L., Novak, T.P. and Peralta, M. (1999), Building consumer trust online,
Communications of the ACM, Vol. 42 No. 4, pp. 80-5.
Hui, M.K. and Bateson, J.E.G. (1991), Perceived control and the effects of crowding and
consumer choice on the service experience, Journal of Consumer Research, Vol. 18 No. 2,
pp. 174-85.
Kaplowitz, M., Hadlock, T.D. and Levine, R. (2004), A comparison of web and mail survey
response rates, Public Opinion Quarterly, Vol. 68, pp. 94-101.
Lee, M.K.O. and Turban, E. (2001), A trust model for consumer internet shopping, International
Journal of Electronic Commerce, Vol. 6 No. 1, pp. 75-91.
Liu, C., Marchewka, J.T., Lu, J. and Yu, C-S. (2005), Beyond concern: a privacy-trust-behavioral
intention model of electronic commerce, Information and Management, Vol. 42 No. 1,
pp. 127-42.
Mayer, R.C., Davis, J.H. and Schoorman, F.D. (1995), An integrative model of organizational
trust, Academy of Management Review, Vol. 20 No. 3, pp. 709-34.
McKnight, H.D., Cummings, L.L. and Chervany, N.L. (1998), Initial trust formation in new
organizational relationships, Academy of Management Review, Vol. 23 No. 3, pp. 473-90.
McKnight, H.D., Choudhury, V. and Kacmar, C. (2002), Developing and validating trust
measures for e-commerce: an integrative typology, Information Systems Research, Vol. 13
No. 3, pp. 334-59.
Milne, G.R. and Boza, M-E. (1999), Trust and concern in consumers perceptions of marketing
information management practices, Journal of Interactive Marketing, Vol. 13 No. 1,
pp. 5-24.
Milne, G.R. and Rohm, A.J. (2000), Consumer privacy and name removal across direct marketing
channels: exploring opt-in and opt-out alternatives, Journal of Public Policy and
Marketing, Vol. 19 No. 2, pp. 238-49.
Miyazaki, A.D. and Fernandez, A. (2000), internet privacy and security: an examination of
online retailer disclosure, Journal of Public Policy & Marketing, Vol. 19 No. 1, pp. 54-62.
Moorman, C., Zaltman, G. and Deshpande, R. (1992), Relationships between providers and users
of market research: the dynamics of trust within and between organizations, Journal of
Market Research, Vol. 29, August, pp. 314-28.
Nakra, P. (2001), Consumer privacy rights: CPR and the age of the internet, Management
Decision, Vol. 39 No. 4, pp. 272-9.
Pan, Y. and Zinkhan, G.M. (2006), Exploring the impact of online privacy disclosures on
consumer trust, Journal of Retailing, Vol. 82 No. 4, pp. 331-8.
Parker, L.E. and Price, R.H. (1994), Empowered managers and empowered workers: the effects
of managerial support and managerial perceived control on workers sense of control over
decision making, Human Relations, Vol. 47 No. 8, pp. 911-28.
Pavlou, P.A. (2003), Consumer acceptance of electronic commerce: integrating trust and risk Reading a web
with the technology acceptance model, International Journal of Electronic Commerce,
Vol. 7 No. 3, pp. 101-34. sites privacy
Pennington, R., Wilcox, H. and Grover, V. (2003), The role of system trust in business-to-consumer statement
transactions, Journal of Management Information Systems, Vol. 20 No. 3, pp. 197-226.
Schwarz, N. (1999), Self-reports: how the questions shape the answers, American Psychologist,
Vol. 54 No. 2, pp. 93-105. 681
Shoeman, F. (1984), Philosophical Dimensions of Privacy, Cambridge University Press,
Cambridge.
Singer, E., Hippler, H.-J. and Schwarz, N. (1992), Confidentiality assurances in surveys:
reassurance or threat?, International Journal of Public Opinion Research, Vol. 4, pp. 256-68.
Singer, E., Von Thurn, D.R. and Miller, E.R. (1995), Confidentiality assurances and response: a
quantitative review of the experimental literature, Public Opinion Quarterly, Vol. 59 No. 1,
pp. 66-77.
Westin, A. (1996), Harris-Equifax Consumer Privacy Survey, Equifax Inc., Atlanta, GA.

Corresponding author
Manon Arcand can be contacted at: arcand.manon@uqam.ca

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints