Understanding Organizational Approach towards End User Privacy

Abstract—End user privacy is a critical concern for all organizations that collect, process and store user data as a part of their business. Privacy concerned users, regulatory bodies and privacy experts continuously demand organizations provide users with privacy protection. Current research lacks an understanding of organizational characteristics that affect an organization’s motivation towards user privacy. This has resulted in a “one solution fits all” approach, which is incapable of providing sustainable solutions for organizational issues related to user privacy. In this work, we have empirically investigated 40 diverse organizations on their motivations and approaches towards user privacy. Resources such as newspaper articles, privacy policies and internal privacy reports that display information about organizational motivations and approaches towards user privacy were used in the study. We could observe organizations to have two primary motivations to provide end users with privacy as voluntary driven inherent motivation, and risk driven compliance motivation. Building up on these findings we developed a taxonomy of organizational privacy approaches and further explored the taxonomy through limited exclusive interviews. With his work, we encourage authorities and scholars to understand organizational characteristics that define an organization’s approach towards privacy, in order to effectively communicate regulations that enforce and encourage organizations to consider privacy within their business practices.End user privacy is a critical concern for all organizations that collect, process and store user data as a part of their business. Privacy concerned users, regulatory bodies and privacy experts continuously demand organizations provide users with privacy protection. Current research lacks an understanding of organizational characteristics that affect an organization’s motivation towards user privacy. This has resulted in a “one solution fits all” approach, which is incapable of providing sustainable solutions for organizational issues related to user privacy. In this work, we have empirically investigated 40 diverse organizations on their motivations and approaches towards user privacy. Resources such as newspaper articles, privacy policies and internal privacy reports that display information about organizational motivations and approaches towards user privacy were used in the study. We could observe organizations to have two primary motivations to provide end users with privacy as voluntary driven inherent motivation, and risk driven compliance motivation. Building up on these findings we developed a taxonomy of organizational privacy approaches and further explored the taxonomy through limited exclusive interviews. With his work, we encourage authorities and scholars to understand organizational characteristics that define an organization’s approach towards privacy, in order to effectively communicate regulations that enforce and encourage organizations to consider privacy within their business practices.