Protecting the privacy of personal
information continues to pose significant challenges for
organizations. Because consumers are vulnerable in their dealings
with businesses due to a lack of information about and an inability
to control the subsequent use of their personal information, we
argue that organizations have a moral responsibility to these
individuals to avoid causing harm and to take reasonable precautions
toward that end. We further argue that firms can enhance their
privacy programs by moving beyond merely complying with laws and
other regulations and creating a culture of integrity that combines
a concern for the law with an emphasis on managerial responsibility
for the firm’s organizational privacy behaviors. We use two
high-profile data breaches experienced by two U.S. companies,
ChoicePoint and TJX respectively, to illustrate our arguments for
enhancing organizational level privacy programs based on ethical
reasoning. In doing so, this paper contributes to the dearth of
prior organizational-level privacy research, which has largely
overlooked ethical issues or the personal harms often caused by
privacy violations. We conclude with recommendations for ways
organizations can improve their privacy programs by incorporating
moral responsibility.
Keywords:
Organizational privacy, information ethics, moral responsibility,
information risk management, information management practices