نقض حریم خصوصی درک شده: بررسی قابلیت پذیرش انتظارات حریم خصوصی Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations

Introduction Companies collect and disseminate a massive volume of individual-level data, and public attention to this process has been steadily increasing in the mainstream media (Kroft 2014). In response, individuals, agencies, and policy-makers have become progressively more concerned about how their personal information is collected, stored, and exchanged (Acquisti et al. 2015; Phelps et al. 2000; Walker 2016). For example, the Federal Trade Commission (FTC) has requested enhanced legislation and transparency regarding the dissemination of consumer data (FTC 2014). Much of this information is intentionally purchased and sold in the burgeoning data brokerage and analytics industries, which is a common practice between and among companies. For example, Acxiom, one of the largest personal data brokers with over $1 billion in annual revenue, has an average of 1500 pieces of information on over 200 million Americans (Kroft 2014). Companies intentionally disseminate consumer data with other entities for a variety of purposes beyond marketing (e.g., to facilitate financial transactions, enhance fraud protection, respond to service complaints, and comply with legal requirements). As an example, according to Google’s online privacy policy, the company intentionally shares a wide array of consumer data with companies, organizations, and individuals outside of Google (2016). Although users may consent to such policies, according to a recent Pew Research Report (Madden 2014), 91% of adults agree that consumers have lost control over how their personal information is collected and used by companies. From the consumers’ perspective, corporate dissemination of consumer data often goes unnoticed and without incident (Dommeyer and Gross 2003), but this practice—i.e., the dissemination of consumer information by companies to a third party (hereafter referred to as ‘‘data dissemination’’)—is common and occurs for a variety of different reasons. For example, many instances of data dissemination can be characterized as unintentional ‘‘security breaches.’’ In 2013, Adobe announced that hackers had stolen nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts (Finkle 2013). Similarly, a significant proportion of data dissemination incidences are unintentional. For example, Facebook accidentally released the email addresses and phone numbers of an estimated 6 million users who had set their personal accounts to ‘‘private’’ (Facebook 2013). Importantly, these incidences have been increasing at an astonishing rate with over 3.8 billion consumer records having been released from January 2014 to January 2017 by companies spanning nearly all industries (e.g., media, health care, transportation, military, retail, and financial services; Quick et al. 2017).