A

baifi(©

K

“—t

moWoFucoatPto(

g

0d

Journal of Retailing 82 (4, 2006) 331–338

Exploring the impact of online privacy disclosures on consumer trust

Yue Pan a,∗, George M. Zinkhan b,1

a Department of Management & Marketing, 812 Miriam Hall, University of Dayton, Dayton, OH 45469-2271, United Statesb Department of Marketing, Terry College of Business, University of Georgia, Athens, GA 30602, United States

bstract

We explore the impact of privacy disclosures on online shoppers’ trust in an e-tailer through a two-phase study. In the first study, we use aetween-subjects factorial design to test whether the presence of an online privacy policy influences consumer trust and find that consumersre likely to respond more favorably to a shopping site with a clearly stated privacy message than to one without it, especially when privacy risk

s high. In our second experiment, we examine the effects of different forms of privacy disclosures. The results suggest that online shoppersnd a short, straightforward privacy statement more comprehensible than a lengthy, legalistic one. However, how a privacy policy is presentedin terms of wording) does not affect a shopper’s trust in the store to any significant degree.

2006 New York University. Published by Elsevier Inc. All rights reserved.

nt

ir

JviscArw2wG(vaa

eywords: Privacy policy; Privacy risk; Consumer trust; E-tailer; Experime

Introduction

You already have zero privacy. Get over it.”Scott McNealy, Chief Executive Officer, Sun Microsys-

ems

In the information age, privacy has become a luxury toaintain. Consumer privacy can be invaded in many ways

n the Internet, such as through technical tools (e.g., cookies,eb “bugs”) that can collect granular information about

nline consumers and record their activities on the Web.urthermore, consumers have no control over the secondaryse of the personal information they provide during theourse of a transaction (Culnan 1995). In 1997, 15 percentf large U.S. companies monitored their employees’ e-mail,ccording to the American Management Association. Today,hat number is 52 percent (Conley 2004). A Yankelovichartners study reports that 90 percent of its respondents feel

hat privacy is the most pressing concern when shopping

nline, rating it more important than prices or return policiesEPIC Alert 2000). Thus, privacy invasions may pose serious

∗ Corresponding author. Tel.: +1 937 229 1773; fax: +1 937 229 3788.E-mail addresses: Yue.Pan@notes.udayton.edu (Y. Pan),

zinkhan@terry.uga.edu (G.M. Zinkhan).1 Tel.: +1 706 542 3757; fax: +1 706 542 3738.

et

powtS

022-4359/$ – see front matter © 2006 New York University. Published by Elsevieoi:10.1016/j.jretai.2006.08.006

mpediments to broad-scale adoption of the Internet as aetailing venue.

In line with the evolution of the e-marketplace, a recentournal of Retailing editorial called for papers that examinearious aspects of e-commerce (Levy and Grewal 2001),ncluding online privacy issues. Previous research hastudied these issues from different perspectives, such asonsumers’ concerns about information privacy (Culnan andrmstrong 1999; Milne and Boza 1999), how consumers

espond to such concerns (Sheehan and Hoy 1999), consumerillingness to provide personal information (Phelps et al.000), the effect of trust (in the organization) on customers’illingness to provide information (Schoenbachler andordon 2002), consumer awareness of privacy mechanisms

Culnan 1995; Milne and Rohm 2000), the contents of pri-acy disclosures (Miyazaki and Fernandez 2000), and legalnd ethical issues associated with online privacy (Caudillnd Murphy 2000). However, no studies have directlyxplored the likely effect of privacy disclosures on consumerrust.

Our study is designed to fill this gap with the generalurpose of examining the impact of privacy disclosures on

nline shoppers’ trust in an e-tailer. We approach this topicith a two-phase study. In Study 1, we use a lab experiment to

est the likely effect of a privacy policy on consumer trust. Intudy 2, we explore whether the different formats of privacy

r Inc. All rights reserved.

3 l of Re

dc

apaFb

cocs1wclrtwrwocacnttt

set1i1gosst

Ht

oaitc

fpvphifihppvtsIimwrcc

Hpwpp(

aobpt

P

wticartspAet

32 Y. Pan, G.M. Zinkhan / Journa

isclosures have differential effects on consumer trust. Weonclude by discussing the implications of our findings.

The effect of privacy disclosures on trust

Consumers are concerned about the privacy risks associ-ted with the unauthorized collection and secondary use ofersonal information. As a result, disclosing information ton e-tailer requires consumers to cede a certain level of trust.or this study, we define consumer trust as online consumers’elief that an e-store is engaged in fair information practices.

Social contract theory (Dunfee et al. 1999) provides aonceptual basis for predictions regarding the overall effectf privacy policies on trust. Social contract theorists viewonsumers’ exchange of personal information as an impliedocial contract (Culnan 1995; Milne 1997; Milne and Gordon993) that occurs any time a consumer provides a marketerith personal information. This contract is breached if the

ollection or use of the information is fraudulent. From a pub-ic policy perspective, consumers are assumed to have certainights with regard to the privacy of their information whenhey conduct online transactions. Consumer privacy existshen consumers can limit the accessibility and control the

elease of personal information; invasions of privacy occurhen that control is lost or unwillingly reduced as a resultf a marketing transaction (Milne and Gordon 1993). Socialontract theory also suggests that consumers will seek outnd carefully examine specific privacy protocols before theyommit themselves to a transactional relationship; they willot trust a store unless it employs trustworthy privacy prac-ices. In other words, privacy policies, as important contracterms, can influence shoppers’ decision making (i.e., whethero place trust in or patronize a store).

Privacy disclosures posted on a Web site may reduce a con-umer’s perceptions of privacy-related risk, result in positivexperiences with a firm, and increase the customer’s percep-ions that the firm can be trusted (Culnan and Armstrong999). In the same way, organizational statements about fairnformation practices should build consumer trust (Zucker986). The literature on organizational justice also sug-ests that procedural fairness can have a positive impactn trust (Bies 1993). That is, fair information disclosuresignal that the firm will abide by a set of rules that most con-umers perceive as fair (Shapiro 1987). Therefore, we posithat

1. The presence of an online privacy policy (as comparedo the absence) will generate higher perceptions of trust.

We also expect that the degree of perceived risk of a breachf privacy (hereafter referred to as “privacy risk”) will inter-

ct with the presence (vs. absence) of a privacy policy tonfluence consumer trust. In other words, we propose thathe relationship between the presence of a privacy policy andonsumer trust is moderated by the situational privacy risk

fr

u

tailing 82 (4, 2006) 331–338

actor. There are many dimensions of risk (e.g., financial risk,sychological loss). For this study, we are interested in pri-acy risk, that is, the risk to shoppers of losing control of theirersonal information during a transaction. Previous researchas shown that general risk levels are related to search behav-or. For instance, Lutz and Reilly (1974) and Cox (1967) bothnd that more consumers seek word-of-mouth information inigh-risk conditions. Internet shoppers, especially those whoerceive a high risk associated with online transactions, mayroactively search for and carefully examine an e-tailer’s pri-acy practices to alleviate their concerns about the privacy ofheir information. Therefore, a clearly stated privacy disclo-ure may be useful in alleviating privacy-related concerns.n turn, such a privacy policy might be expected to resultn lower perceived risk (Miyazaki and Fernandez 2000) and

ore trust in the store’s fair information practices. Therefore,e believe that Web sites with privacy policies will reduce

isk perceptions of online shopping and positively influenceonsumer trust in an e-tailer, particularly when their risk per-eptions are high.

1a. There will be an interaction between online privacyolicy and risk such that when the risk is high, consumersill perceive greater trust when the online privacy policy isresent (vs. absent). When the risk is low, consumers willerceive no difference in trust regardless of the presenceabsence) of online privacy policy.

We employ risk averseness, a personality trait, as a covari-te and expect that risk-averse consumers will be less tolerantf the inherent privacy-related risk associated with Web-ased transactions (e.g., the likelihood of losing control ofersonal data). Therefore, they will be less likely to placerust in an e-store.

Pretest, manipulation checks, and sampling method

retest and manipulation checks

We pretested the experimental design in a pilot study,hich helped validate the stimulus levels. The setting is a fic-

itious Web-based company named “Netshop” that sells gifttems. We use a hypothetical store to eliminate any possibleonfounding effects from external variables, such as brandwareness or loyalty. The products carried by the store areelevant to the subjects, because shopping for gifts is withinhe realm of experience for the consumer sample used in thetudy. To enhance its ecological validity, we modified com-onents of existing store Web sites to use in the experiment.fter we designed the stimulus materials, we asked three Web

xperts to evaluate them to ensure that they were appropriate,hen made necessary adjustments on the basis of this expert

eedback. Our hypothetical e-store ensures free shipping andeturns of defective products at the company’s expense.

We asked subjects to imagine themselves in a buying sit-ation. In the high-risk condition, we told subjects that

l of Re

Yftwttt

p

3epufsc

icwstptprtmsTepeiq

S

pTaltabtrturwdv

S

vfspsm

M

CTaarna

P

seqNSwTtc

astNwn

R

stcf

Y. Pan, G.M. Zinkhan / Journa

ou remember that last time after you purchased somethingrom an online store, it seemed that your personal informa-ion was shared by many companies you had never interactedith. You received many soliciting phone calls from various

elemarketers, and hundreds of junk mails that tried to sell youhings you had no interest in. Therefore, you are concernedhat there might be a privacy problem with the site.

In the low-risk condition, there was no mention of thisrevious experience.

We invited a total of 70 business students (39 women and1 men) to view the Netshop Web site and instructed them toxamine the company’s privacy statement. Then, they com-leted a survey that included a series of ratings of Internetsage and shopping (both traditional and online) experiences,ollowed by a two-item, seven-point measure of the privacytatement to be used in the experiment with respect to itsomplexity and length.

Results from the pilot study provide strong support for thenternal validity of the experiment. We measured risk per-eption by asking subjects to state their level of agreementith the statement “I think that buying a product from Net-

hop.com would be risky because of the possibility of unau-horized access to my personal information.” Between the 37eople assigned to the low risk condition and the 33 assignedo the high-risk condition, we find a large difference in riskerceptions (Mlow = 3.2, Mhigh = 4.8, p < .05). When asked toate the privacy statement on a seven-point scale, anchored bywo sets of bipolar adjectives (short vs. long, written in com-on language vs. a lot of legal terms), subjects also showed

ignificant differences (tl = 5.73, t2 = 2.56, df = 68, p < .05).his finding suggests that the manipulation of treatment lev-ls performs as intended. The results from the pilot study alsorovide input for the experimental design and suggest sev-ral changes for strengthening the construct measures. Fourndependent e-commerce experts reevaluated the resultinguestionnaire, and we made some modifications accordingly.

ampling method

We selected a sample of 525 potential subjects from a tele-hone directory, whom we initially contacted by telephone.he researcher briefly explained the purpose of the studynd invited the potential subject to participate in a study thatasted approximately 20 min. As an incentive for participa-ion, potential subjects were told that once they completedll the questions and returned the survey, their names woulde entered in a random drawing for a prize of $200. Onlyhose who passed the initial screening (i.e., all subjects wereequired to report at least some online experience) and agreedo participate were mailed a survey. The researcher followed

p with a telephone call ten days after the initial mailing toemind participants to finish and return the survey. Altogether,e sent questionnaires to 238 people and received 166. Aftereleting those cases with too many missing values on keyariables, we ended up with 150 responses.

faarc

tailing 82 (4, 2006) 331–338 333

Experiment 1: The effect of privacy disclosures onconsumer trust

ubjects

Experiment 1 employs a 2 (absence vs. presence of a pri-acy policy) × 2 (high vs. low privacy risk) between-subjectsactorial design. For this experiment, we constructed two ver-ions of the Netshop Web sites—one with a clearly statedrivacy policy, and the other with no mention of it. Of the 60ubjects who took part in this experiment, 51.7 percent wereen, and the mean age was 36.8 years (range 18–62 years).

easures of the variables

We modify some scale items from established scales (e.g.,rosby et al. 1990) to measure the construct “consumer trust.”o measure their comprehension of the privacy policy, wesked the subjects to rate the statement on a seven-point scalenchored by two sets of bipolar adjectives (easy vs. difficult toead, easy vs. difficult to understand). Subjects’ risk averse-ess (as a personality trait) functions as a continuous variablend serves as a covariate in the experiments.

rocedureWe assigned 30 subjects to each of the Netshop.com Web

ites. Within each group, we assigned subjects randomly toither the high or low risk condition. On the first page of theuestionnaire, subjects read a brief message that describedetshop.com as a Web-based company that sells mostly gifts.ubjects were to imagine themselves in a buying situation inhich they were interested in purchasing a gift for a friend.he questionnaire also reminded them that they would need

o provide their personal information (e.g., address, creditard number) if they were to buy something from Netshop.

Subjects then explored the Netshop Web site for as longs they wanted. After examining the Web site, they answeredome questions that measured their risk aversion, attitudeoward the privacy issues of buying products/services frometshop, and trust in the store. To avoid cueing the subjects,e also asked other questions, for example, about their Inter-et usage and their mastery of Internet-related technology.

esults

Because we adopted items from different measurementcales, we perform an exploratory factor analysis to identifyhe underlying constructs, using a principal components pro-edure. Two identified factors (risk averseness, trust) accountor 71.14 percent of variance; we show the factor loadingsor each construct in Table 1. We also use confirmatory factor

nalysis to assess the dimensionality of the measures of riskverseness and consumer trust in the store. This analysiseveals that despite our attempted dimensionalization, theonsumer trust and risk averseness scales are unidimensional.

334 Y. Pan, G.M. Zinkhan / Journal of Retailing 82 (4, 2006) 331–338

Table 1Consumer trust and risk averseness: Rotated component matrix for exploratory factor analysis

Items in the Scale Component

1 2

Trust 1 Netshop.com is a trustworthy store .858 .088Trust 2 I can count on Netshop.com to protect my privacy .878 .175Trust 3 I can count on Netshop.com to protect customers’

personal information from unauthorized use.934 .092

Trust 4 Netshop.com can be relied on to keep its promises .892 .132Risk averseness 1 To gain high profits in business, one has to take high

risks.169 .722

Risk averseness 2 If there is a great chance of a reward, I will take highrisks

.004 .881

Risk averseness 3 The act of reasonable risk taking is one of the mostimportant managerial skills

.149 .799

Risk averseness 4 If there was a great chance to multiply my earnings,I would invest my money even in the shares of acompletely new and uncertain firm

−.007 .700

Risk averseness 5 To achieve something in life, one has to take risks .385 .735

Notes. Extraction method: principal component analysis, rotation method, Varimax with Kaiser normalization. Rotation converged in three iterations.

Table 2ANCOVA results in Experiment 1 (dependent variable: consumer trust)

Source Type III sum of squares df Mean square F value

Risk (privacy risk) 234.65 1 234.65 17.7a

Privacy (privacy policy) 67.59 1 67.59 5.10a

Risk × privacy 56.88 1 56.88 4.29a

Risk averseness 90.07 1 90.07 6.79a

Error 729.13 55 13.26R2 = .40

asspaephpssMn(shsMireap

oiparticular information practice or policy from which at leastone potential use could be inferred (Culnan 2000). In additionto the length and comprehensiveness of the policy, privacydisclosures also vary with respect to their complexity and

a p < .05.

We use an analysis of covariance (ANOVA) procedure tossess the hypotheses, in which we include the unidimen-ional construct of risk averseness as a covariate. The resultsupport the hypotheses of Experiment 1. The main effects ofrivacy disclosures and situational privacy risk and the inter-ction between these treatment factors are significant (for rel-vant test statistics for the ANCOVA model, see Table 2). Peo-le who are exposed to the Web site with a privacy statementave higher trust in the store (Mabsent = 14.37, Mpresent = 16.9,< .05). Risk conditions also significantly affect trust, in that

ubjects in high-risk conditions are less likely to trust that thetore is engaged in fair information practices (Mlow = 17.67,

high = 13.6, p < .05). As predicted in H1a, there is a sig-ificant interaction between online privacy policy and riskF(1, 55) = 4.29, p < .05; for the means at each treatment level,ee Fig. 1). Follow-up contrasts reveal that when the risk isigh, presence (vs. absence) of online privacy policy causesubjects to perceive greater trust (Mabsent/high risk = 11.53,

present/high risk = 15.67, F(1, 27) = 12.3, p < .01,η = .92). Theres no significant difference for low risk condition (Mabsent/low

isk = 17.2, Mpresent/low risk = 18.13, F(1, 27) = .18, ns). Theffect of the covariate is also supported by our data, such thatrisk-averse consumer is less likely to trust a store (F = 6.79,< .05).

Varying effects of different privacy disclosures

Currently, privacy disclosures posted by Web sites fall intone of two categories: a comprehensive description of a site’snformation practices or a succinct statement that describes a

Fig. 1. Absence versus presence of privacy policy (Experiment 1).

l of Re

rn7iIi

totlos

fotai(ifidmi(ltal

dm(tbttmtvttmtvtnccOh

Hmp

bvEp

amoelpeeojtoatcem

S

sih

R

i(epmcmpftcinoticed the policy, its presentation format seems to affecttheir tendency to read the statement (F(1, 58) = 4.99, p < .05).Specifically, subjects tend to read more of the privacy policy

Y. Pan, G.M. Zinkhan / Journa

eadability. Some policies are chockfull of “legalese” or tech-ical terminology (e.g., the Microsoft Windows Media Player.x privacy statement contains a great deal of technical jargonncluding “Internet protocol,” “cookies,” and “Global Uniquedentifier”), whereas others are written in plain language thats likely more decipherable by laypersons.

What is the effect of message format and complexity onhe reader’s overall perception of the privacy policy and hisr her propensity to trust the store? We hypothesize that ashe pattern of privacy disclosures varies (in terms of messageength and terminology), the effect on consumers’ perceptionf fair information practices also varies. As a result, con-umers’ trust in the store will vary.

The theory of bounded rationality provides a conceptualoundation for predicting the communication effect of vari-us forms of privacy disclosures. Humans’ limited capacityo process information forces them to make compromises inlmost all their decisions (Simon 1976). The notion of lim-ted processing capacity is also basic to information theoryShannon and Weaver 1949). The information-load paradigms based on the fundamental premise that consumers havenite limits on their ability to absorb and process informationuring any given unit of time. If consumers are exposed to toouch information, such that it exceeds their processing lim-

ts, overload occurs and leads to dysfunctional consequencesJacoby 1977; Malhotra 1982). Therefore, when faced with aengthy privacy policy statement, consumers may not attendo the message in an attempt to preserve their time and avoidn overload of information. Simply put, the message may beargely lost on or ignored by them.

Research pertaining to advertising copywriting has pro-uced a widely accepted principle: “keep it simple.” If aessage contains too many technical or unfamiliar words

e.g., legal statements), it may not retain the reader’s atten-ion (Anderson and Jolson 1980). The reader’s mind maye led astray or alienated by those words that are difficulto process and/or comprehend. Similarly, Berlyne’s (1960)heory of stimulus complexity suggests that highly complex

essages are not as effective as communications perceivedo fall in a range of moderate complexity. In legal studies,arious researchers (e.g., Kimble 1994–1995) have arguedhat plain language improves comprehension, whereas tradi-ional style (i.e., legalese) does not communicate as well and

ay produce unnecessary confusion. Therefore, we predicthat consumers’ responsiveness to succinct, nontechnical pri-acy disclosures will be more positive than their responseso long, legalistic privacy disclosures. If a concise, nontech-ical privacy statement communicates better and improvesomprehension, it also should reduce privacy-related con-erns more effectively than a lengthy, legalistic document.n the basis of this evidence, we propose the followingypothesis:

2. A short, straightforward privacy policy will result inore consumer trust in an online store than a long, legalistic

olicy.wa

tailing 82 (4, 2006) 331–338 335

Experiment 2: Varying effects of different privacydisclosures

From Experiment 1, we find that a privacy statement canuild consumer trust in the store. But do privacy disclosuresary in their ability to convey the sense of security? Withxperiment 2, we aim to detect the varying effects of differentrivacy disclosures.

The procedure of the first part of Experiment 2 is the sames that of Experiment 1, except that the e-store’s privacy state-ent is a between-subjects factor with three levels: Absence

f a privacy policy and two presence of a privacy policy lev-ls (long and legalistic vs. short and straightforward).1 Theatter two treatment levels vary with respect to their com-rehensiveness and complexity. We assigned 30 subjects toach of the three Web site versions for Netshop.com. Withinach group, we assigned subjects randomly to either the high-r low-risk condition. Furthermore, we included the 30 sub-ects assigned to the absence of a privacy policy condition inhe first experiment again in this study. Subjects assigned tone of the two presence of a privacy policy conditions readnd evaluated the privacy statement after they had completedhe first part of the experiment (the buying task). They thenompleted a questionnaire that measured the communicativeffect of the statement and provided some demographic infor-ation.

ubjects

The 90 subjects were randomly assigned to each of theix treatment levels. Among the 90 subjects, the average ages 37.3 years, 53.3 percent are men, and 60 percent reportousehold incomes of more than $80,000.

esults

Subjects find a short, straightforward privacy policy eas-er to read (M1 = 4.43, M2 = 2.5, p < .001) and understandM1 = 4.3, M2 = 2.6, p < .001) than a long, legalistic one. In thexperiment, we also asked subjects (in presence of a privacyolicy conditions) whether they noticed the privacy state-ent posted on the Netshop.com Web site. Although subjects

ould tell the differences between a variety of privacy state-ents in terms of their comprehensiveness (F(1, 58) = 12.51,< .01) and complexity (F(1, 58) = 8.83, p < .01), these dif-

erent forms do not seem to affect whether shoppers noticehe policy (χ2

(1) = 2.5, ns). However, consumers in high-riskonditions are more likely to pay attention to the privacy pol-cy (χ2

(1) = 6.94, p < .05, Table 3). For those shoppers who

1 Long, legalistic version: 1947 words; short, straightforward version: 591ords. A copy of the privacy statements used can be obtained from the

uthors.

336 Y. Pan, G.M. Zinkhan / Journal of Re

Table 3Cross-tabulation

Privacy risk Total

Low High

Did you notice the privacystatement posted onNetshop.com Web site?

Yes 7 17 24

No 23 13 36

Total 30 30 60

Notes. Chi-square = 6.94, df = 1, p < .05.

Table 4ANCOVA results in Experiment 2 (dependent variable: consumer trust)

Source Type III sumof squares

df Meansquare

F value

Risk (privacy risk) 217.07 1 217.07 13.38a

Privacy (privacy policy) 96.78 2 48.39 2.98b

Risk × privacy 104.22 2 52.11 3.21a

Risk averseness 346.12 1 346.12 21.34a

Error 1346.42 83 16.22R2

wi

tan(iwmtFtlHth

F

lb(c

psttOlowtatitatmetfoa

Eotstu

= .39a p < .05.b p = .056.

hen the statement is short and straightforward than when its lengthy and full of legalese.

The main effect for the three privacy policy levels is par-ially supported (F = 2.98, p < .10, Table 4). The one absencend two presence treatment levels contrast and show a sig-ificant difference with regard to generating consumer trustF = 4.73, p < .05), which reinforces our findings from Exper-ment 1. Consumer trust in the store is considerably lowerhen a privacy statement is missing from the site (for theeans at each treatment level, see Fig. 2). However, the

wo presence levels do not differ (MSS = 17.4, MLL = 17.83,= .87, ns). In other words, consumer trust does not vary as

he pattern of privacy disclosures varies in terms of messageength and terminology. Therefore, we do not find support for

1b. Consistent with our findings in Experiment 1, the con-

rast of the two presence levels vs. absence is significant inigh risk condition (F = 11.09, p < .01) and nonsignificant in

ig. 2. Varying effects of different privacy disclosures (Experiment 2).

stusetpti

itfscswot

tailing 82 (4, 2006) 331–338

ow-risk condition (F = .03, ns). Furthermore, the relationshipetween risk averseness and trust is significantly negativeF = 21.34, p < .05), and privacy risk again shows a signifi-ant effect on trust (F = 13.38, p < .05).

General discussion

A central issue in this research is the impact of an e-tailer’srivacy disclosures on consumer trust. We present two relatedtudies, each of which focuses on specific questions relatedo the overall area of inquiry. Together, the two studies testhe overall and varying effects of online privacy statements.f particular interest is testing the predictions made by estab-

ished theories. In the first experiment, the predictions basedn social contract theory are strongly supported. A Web siteith a clearly stated privacy policy communicates a “you can

rust us” signal to visitors. In other words, privacy policies,s an important contract term, influence shoppers’ trust inhe store and thus their tendency to patronize it. These find-ngs are in line with social contract theory, which suggestshat consumers view the exchange of personal informations an implied social contract. Web site users expect e-tailerso abide by certain codes of conduct, and a privacy state-

ent serves as a safety net or assurance that the e-tailer willngage in fair information practices. We also find support forhe interaction effect between privacy risk and privacy policyrom our data. Those e-shoppers who perceive a high levelf privacy risk are more likely to pay attention to statementsbout information practices.

Built on these findings, our second experiment replicatesxperiment 1 and enriches our knowledge about the utilityf a privacy policy. Our results offer support for informationheory in the context of communicative effectiveness, whichuggests that when exposed to too much information at oneime (e.g., a message that contains too many technical ornfamiliar words), consumers will not attend to the messageo that they can conserve their time or energy. In contrast, ifhe wording of the message is consistent with readers’ vocab-lary level, communication becomes more effective. Onlinehoppers find short, straightforward privacy statements muchasier to read and understand. Although e-shoppers can dis-inguish various forms of privacy disclosures in terms of com-lexity (usage of legalese) and comprehensiveness (length),hese variations do not affect their trust in the store’s fairnformation practices in any significant manner.

We propose that the online presence of clearly statednformation disclosures (privacy policy) sends a signal thathe store can be trusted. If the privacy statement is missingrom a Web site, consumer trust in the store is lower. Con-umers perceive privacy statements as a sign that the store isoncerned about the interest and well-being of shoppers, con-

istent with the framework proposed by Gefen et al. (2003),ho assert that consumers’ trust is based on their assessmentsf how normal or customary the shopping situation appearso be (i.e., “situational normality” in the authors’ terminol-

l of Re

otttapestna

cnssrnlttetfmaiiets

acsooeuvc

ttahipdsaE

lh

isstadp

f(ises2ecvho

sndn

ctcpophatrthdr

aoritu

Y. Pan, G.M. Zinkhan / Journa

gy). People tend to extend greater trust when the nature ofhe interaction accords with what they consider typical and,hus, anticipate. E-shoppers have expectations about whathey will see on a shopping Web site, and if the site containssuspicious interface or users must undertake an unexpectedrocedure, they are less inclined to trust that e-tailer (Gefent al. 2003). Because most online consumers expect everyhopping site to offer a formal privacy statement, such struc-ural assurance built into the Web site can serve as a safetyet that builds trust. The lack of such makes the site atypicalnd therefore less trustworthy.

An e-store that fails to include a privacy policy will loseonsumers’ trust, but the impact of privacy disclosures doesot extend much beyond this point. The wording of the mes-age, within reasonable limits, does not appear to matterignificantly. The reason is simple; shoppers do not typicallyead the policy. Some shoppers do not want to sacrifice conve-ience to read a lengthy document, which often is filled withegal jargon. Some perceive that privacy disclosures, as a rou-ine practice, are more or less the same. Still others believehat, by posting a privacy statement, organizations seek toscape liability or limit responsibility, so privacy statements,hough they signal a positive message, do not free shoppersrom safety concerns. Retailers therefore should considerore effective approaches for safeguarding online privacy;

n e-tailer’s credibility can be enhanced by some easy-to-mplement techniques. Some simple examples include securecons that pop up at the bottom of the browser or confirmation-mails or pop up windows that inform consumers about aransaction’s status. These “small” acts, though simple, canuggest to shoppers that the e-tailer operates a secure system.

Our experiments reveal that privacy is a major concernmong Internet shoppers, and privacy-related risk reducesonsumer trust in a particular store. Although some con-umers have already assumed away the risk embedded innline shopping (i.e., they have overcome their initial stagesf apprehension), privacy concerns may prevent many oth-rs from visiting an e-tailer outlet. As e-tailers increase theirnderstanding of the factors and situations that foster pri-acy concerns, such knowledge can be employed to reduceonsumer concerns and enhance consumer trust.

Implications and directions for further research

Our findings serve to identify several principles relatedo the design of an e-tailing site. First, the site should havehe look and feel of “typical” shopping sites (e.g., includeclearly stated privacy policy). In other words, e-shoppers

ave a certain script in mind, and they may become suspiciousf that script is contradicted. Second, the mere existence of arivacy policy serves to build trust, though it makes no real

ifference in what style the policy is written. Many shoppersimply do not bother to read policies very closely and insteadssume that the policy is similar to others on the Web. Inxperiment 2, we find some evidence, however, that direct

A

tailing 82 (4, 2006) 331–338 337

anguage and a succinct presentation improve users’ compre-ension.

Our study also contains some limitations. The experimentsnvolve a hypothetical buying scenario, in which privacy inva-ions may not be perceived as an imminent issue. Additionaltudies might mimic a real transaction by guiding shoppershrough the entire shopping process (e.g., selecting a product,dding the product to a shopping cart, checking out, receivingelivery). Privacy risks become more prominent when shop-ers have to disclose their personal data during the study.

We also acknowledge that any findings regarding the dif-erent privacy policies are confounded by the two factorsi.e., length, complexity), and thus, we do not know whichs more important. Many e-tailing studies suggest that onlinehoppers are more socioeconomically upscale than are gen-ral consumers (e.g., Akhter 2003; Li et al. 1999). Our studyhows similar patterns. For instance, subjects in Experiment

tended to be highly educated (average of 15.9 years ofducation) and have relatively high income levels (60 per-ent report a household income of more than $80,000). Thus,arying literacy levels may have affected the results (e.g.,igher literacy levels may lead to improved comprehensionf complex messages).

Moreover, the impact of situational normality on con-umer trust is largely unstudied. Situational normality doesot deal with knowledge about the actual vendor but ratherescribes the extent to which a marketplace interaction isormal compared with similar interactions or sites.

Furthermore, it would be interesting to investigate the rootauses of privacy risks, which may moderate the effect of cer-ain e-tailing practices, such as posting privacy disclosures, ononsumer trust. Risk perceptions could result from shoppers’rivacy concerns about Web-based transactions as a wholer from their perceptions of specific e-tailers. If online shop-ers view privacy risks as an omnipresent issue that comesand-in-hand with Web-based activities, then privacy riskslso may be perceived as largely beyond the consumers’ con-rol. An e-tailer is in a better position to manage shoppers’isk perceptions if their privacy concerns mainly arise fromheir evaluations of the store itself. For example, e-tailers canighlight prominent features (e.g., fair information practiceisclosures, third-party seal of approval) to relieve shoppers’isk concerns.

In an online environment, new issues like privacy emergend may require the application of new retailing theories. Asne approach, researchers might attempt to reconcile offlineetailing theory and online retailing practices. At this point, its not entirely clear which e-tailing strategies are most effec-ive or which academic approaches and theories are best fornderstanding the virtual shopping world.

References

khter, Syed H. (2003). “Digital Divide and Purchase Intention: Why Demo-graphic Psychology Matters,” Journal of Economic Psychology, 24,321–327.

3 l of Re

A

B

B

C

CC

C

C

C

C

D

E

G

J

K

L

L

L

M

M

M

M

M

M

P

S

S

S

S

S

38 Y. Pan, G.M. Zinkhan / Journa

nderson, Rolph E. and Marvin A. Jolson (1980, Winter). “Technical Word-ing in Advertising: Implications for Market Segmentation,” Journal ofMarketing, 44, 57–66.

erlyne, D.E. (1960). Conflict, Arousal, and Curiosity. New York: McGraw-Hill.

ies, Robert (1993). “Privacy and Procedural Justice in Organizations,”Social Justice Research, 6 (1), 69–86.

audill, Eve and Patrick Murphy (2000, Spring). “Consumer Online Privacy:Legal and Ethical Issues,” Journal of Public Policy & Marketing, 19,7–19.

onley, Lucas (2004). “The Privacy Arms Race,” Fast Company, 84, 27–28.ox, Donald F. (1967). Risk Taking and Information Handling in Consumer

Behavior. Cambridge, MA: Harvard University Press.rosby, Lawrence, Kenneth Evans and Deborah Cowles (1990). “Relation-

ship Quality in Services Selling: An Interpersonal Influence Perspective,”Journal of Marketing, 54 (3), 68–81.

ulnan, Mary J. (1995, Spring). “Consumer Awareness of Name RemovalProcedures: Implications for Direct Marketers,” Journal of Direct Mar-keting, 9, 10–19.

ulnan, Mary J. (2000, Spring). “Protecting Privacy Online: Is Self-Regulation Working?,” Journal of Public Policy & Marketing, 19, 20–26.

ulnan, Mary J. and Pamela K. Armstrong (1999). “Information PrivacyConcerns, Procedural Fairness, and Impersonal Trust: An EmpiricalInvestigation,” Organization Science, 10 (1), 104–115.

unfee, Thomas W., N. Craig Smith and William T. Ross (1999). “SocialContracts and Marketing Ethics,” Journal of Marketing, 63 (3), 14–32.

PIC Alert 7.16., (2000). Washington, DC: Electronic Privacy InformationCenter.

efen, David, Elena Karahanna and Detmar Straub (2003). “Trust and TAMin Online Shopping: An Integrated Model,” MIS Quarterly, 27 (1), 1–40.

acoby, Jacob L. (1977, November). “Information Load and DecisionQuality: Some Contested Issues,” Journal of Marketing Research, 14,569–573.

imble, Joseph. (1994–1995). “Answering the Critics of Plain Language.”Scribes Journal of Legal Writing, 51.

evy, Michael and Dhruv Grewal (2001). “Passing the Baton,” Journal of

Retailing, 77, 429–434.

i, Hairong, Cheng Kuo and Martha Russell (1999). “The Impact of Per-ceived Channel Utilities, Shopping Orientations, and Demographicson the Consumer’s Online Buying Behavior,” Journal of Computer-Mediated Communication, 5 (2).

Z

tailing 82 (4, 2006) 331–338

utz, Richard J. and Patrick Reilly (1974). “An Exploration of the Effectsof Perceived Social and Performance Risk on Consumer InformationAcquisition,” S. Ward and P. Wright (Eds.), Advances in ConsumerResearch: Vol. 1, Chicago, IL: Association for Consumer Research,393–405.

alhotra, Naresh K. (1982, March). “Information Load and Consumer Deci-sion Making,” Journal of Consumer Research, 8, 419–430.

ilne, George R. (1997, Fall). “Consumer Participation in Mailing Lists: AField Experiment,” Journal of Public Policy & Marketing, 16, 298–309.

ilne, George R. and M.E. Boza (1999). “Trust and Concern in Consumers’Perceptions of Marketing Information Management Practices,” Journalof Interactive Marketing, 13 (1), 5–24.

ilne, George R. and Mary E. Gordon (1993, Fall). “Direct Mail Privacy-Efficiency Trade-Offs Within an Implied Social Contract Framework,”Journal of Public Policy & Marketing, 12, 206–215.

ilne, George R. and Andrew J. Rohm (2000). “Consumer Privacy andName Removal Across Direct Marketing Channels: Exploring Opt-Inand Opt-Out Alternatives,” Journal of Public Policy & Marketing, 19,238–249.

iyazaki, Anthony D. and Ana. Fernandez (2000, Spring). “Internet Privacyand Security: An Examination of Online Retailer Disclosures,” Journalof Public Policy & Marketing, 19, 54–61.

helps, Joseph, Glen Nowak and Elizabeth Ferrell (2000, Spring). “PrivacyConcerns and Consumer Willingness to Provide Personal Information,”Journal of Public Policy & Marketing, 19, 27–41.

choenbachler, Denise D. and Geoffrey L. Gordon (2002). “Trust and Cus-tomer Willingness to Provide Information in Database-Driven Relation-ship Marketing,” Journal of Interactive Marketing, 16 (3), 2–16.

hannon, Claude E. and Warren Weaver (1949). The Mathematical Theoryof Communication. Urbana: University of Illinois Press.

hapiro, Susan (1987). “The Social Control of Impersonal Trust,” AmericanJournal of Sociology, 93 (3), 623–658.

heehan, Kim B. and Mariea G. Hoy (1999). “Flaming, Complaining,Abstaining: How Online Users Respond to Privacy Concerns,” Journalof Advertising, 28 (3), 37–51.

imon, Herbert A. (1976). Administrative Behavior: A Study of Decision-

Making Processes in Administrative Organization third ed. New York:The Free Press.

ucker, L.G. (1986). “Production of Trust: Institutional Sources of EconomicStructure, 1840–1920,” B. M. Staw and L. L. Cummings (Eds.), Researchin Organizational Behavior: Vol. 8, Greenwich, CT: JAI Press, 53–111.