Literature Review

This section presents a review of the literature relevant to this study. Given the vast quantity of research and scholarly writing on the subjects involved, emphasis is focused on those areas most central to the scope of this research.

2.1 Introduction & Background

In any meaningful discussion of privacy, it is important to clarify what is meant by the term privacy. In one of the most influential articles on this subject, "The Right to Privacy," Samuel Warren and Louis Brandeis articulated their argument for the importance of individual privacy and described the right as one's "right to be let alone" (1890, 193). In addition to the many different definitions that have been put forth, several commentators have offered classifications of the various dimensions of privacy, (Prosser 1960, [Based on American legal cases, Prosser's 1960 article "Privacy," classifies privacy torts into four distinct categories.] Westin 1967[In addition to articulating "four basic states of individual privacy," Westin also proposes that the four primary functions of individual privacy are "personal autonomy, emotional release, self-evaluation, and limited and protected communication," and notes that "...these four functions constantly flow into one another" (31).] and Solove 2005,[In "A Taxonomy of Privacy," Solove presents a contemporary classification of the various "activities that impinge upon privacy" (3), including comment on the threats to privacy that have been created by technological developments. The four general categories of harmful activities in Solove's taxonomy are: information collection, information processing, information dissemination, and invasion (8).] among others) attempting to bring clarity to its seemingly myriad interpretations. This study is concerned primarily with "information privacy," which involves "the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others" (Westin 1967, 7).

The fact that privacy is acknowledged and valued across many political systems is evidenced by Article 17 of the International Covenant on Civil and Political Rights, which states: "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation" (United Nations [UN], 1966). Similar protections are also supported in Article 12 of the Universal Declaration of Human Rights (UN, 1948).

2.1.1 The Need for Balance

Scholars have claimed that privacy is a necessary requirement for life in modern democratic states (Warren & Brandeis 1890, Westin 1967, Dempsey, Anderson, & Schwartz 2003), and that it contributes to an individual's personal autonomy and dignity. At the same time, there is general agreement that privacy is not an absolute right. For example, it is often argued that (in certain situations), an individual's right to privacy may be outweighed by the public interest in the disclosure of personal information (e.g., the location of convicted sexual offenders' residences, or the salaries of certain government employees). Thus, it is argued, trade-offs must be made to promote a balance between these seemingly competing interests (Westin 1967, Nemati, Tao & Gold 2003). This need for balance has led to longstanding discussions and controversy about how to assess the value of these interests and accordingly, how to determine what is a "reasonable" trade-off. For example, in The Limits of Privacy, contemporary scholar Amitai Etzioni argues that, in many instances today, individual privacy is over-valued relative to the public interest and common good, to the detriment of society (1999). Despite the competing philosophies about how decisions should be made to promote a balance, Westin notes, "either too much or too little privacy can create imbalances which seriously jeopardize the individual's well-being" (1967, 40). In addition to this view of personal privacy, other commentators have suggested that the value of privacy may not be limited to the individual level, but may also have "common, public, and collective purposes" (Regan 1995, 221).

Similar to privacy, the notion of trust has been the focus of considerable academic debate and disagreement throughout a variety of fields.[Including but not limited to: philosophy, psychology, sociology, economics, information systems, management, public policy and political science.] Despite differing theories about how trust is engendered and maintained[Russell Hardin provides comment on aspects of four dominant theories of trust: encapsulated interest, commitment from character, dispositional trust, and moral commitment inTrust and Trustworthiness(2003).] there appears to be consensus around a few key points: trust is empowering (and therefore, valuable) in many interactions, and while trust is most often developed over time, it can be lost quickly. Trust has been defined as "a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of another" (Rousseau, Sitkin, Burt, & Camerer 1998, 395).

2.1.2 "Trust in Government"

In various political systems throughout the world, it is claimed that citizens' trust in government is valuable and enabling. As far back as feudal Chinese society during the fifth century BC, Confucius affirmed that trust is the most important resource for a government,"if the people have no faith in their rulers, there is no standing for the state" (Soothill 1968, 571-72). [Some translations ofThe Analectsuse the word "trust" directly, others paraphrase trust as in "confidence of the people" and a people's "faith in their rulers" (Soothill, 1968). Specifically, this idea comes fromThe Analects of Confucius, and was referred to by Professor Onora O'Neill inA Question of Trust(2002).] Contemporary research suggests that, in modern democracies, citizens' distrust of their government may have an adverse effect on the effectiveness of that government (Council for Excellence in Government, 2004).

Given the scope of this study, it is important to acknowledge that the concept of a citizen's "trust in government" is distinctly different from interpersonal trust. A person saying that they trust another specific individual (for instance, a colleague) carries different connotations than an individual saying "I trust the government." While the former would be about interpersonal trust, as an assertion about the speaker's assessment of the trustworthiness of their colleague, the latter is seemingly a generalization about the speaker's perception of the collective trustworthiness of the many different organizations that comprise the government (where there can be many different views on which entities are part of 'the government').

One's ability to assess the trustworthiness of an organization is related to his or her expectations and knowledge of that organization (including the intentions and competence of the individuals who may be involved in any interaction that he or she has with the organization). Given that governments are comprised of thousands of individuals [Or even millions, as is the case in the US.] working in hundreds of organizations, a citizen's attempt to evaluate the trustworthiness of their government may be considered a formidable challenge. In his book Trust and Trustworthiness, Hardin argues that the notion of 'trust in government' is fallacious and "implausible" because "the knowledge demanded by any of these conceptions of trust is simply unavailable to ordinary citizens" (2002, 151).

Despite this claim, as Bennett and Raab observe in The Governance of Privacy, "elevating the level of the public's 'trust and confidence' in business and government has become something of a mantra in this contemporary discourse and practice" (2003, 49). While a number of competing theories attempt to identify the factors that most significantly influence citizens' trust in government, [For example, in the Council for Excellence in Government's 2004 report,A Matter of Trust: Americans and their Government 1958 - 2004, the authors discuss five popular theories based on:

1. Presidential approval and economic conditions
2. Mood of the nation
3. External threats
4. The media, and
5. Trust in people (6-11).]

In the United States (U.S.), research studies indicate that Americans' level of trust in their government has decreased significantly since the early 1970s (Council for Excellence in Government, 2004). Research into New Zealanders' attitudes towards their government indicates a similar decline in trust, and also suggests that citizen's mistrust of government is not related to government performance (Barnes & Gill, 2000). This apparent decline in public trust has occurred despite New Zealand's consistently high rankings in Transparency International's Corruption Perceptions Index (CPI), which ranks the country's government amongst the least corrupt in the world (Transparency International, 2005).[Out of 159 countries, New Zealand was tied with Finland for the second best ranking in the 2005 CPI (behind Iceland), and has been ranked amongst the top four countries for the past five years. According to Transparency International, the CPI "relates to perceptions of the degree of corruption as seen by business people and country analysts."]

back to top

2.2 Government & citizens' personal information

Government organizations comprise an important part of the unique relationship between citizens and the state, and this affects the responsibilities of these organizations with respect to protecting the privacy of individuals' information. In contrast to private businesses that market goods and services to customers, government organizations have a responsibility to serve a very diverse set of individuals, including those with different needs, beliefs, attitudes, cultures, languages and educational levels (Kent & Millett, 2003). Furthermore, within the operations of most governments, various requests for personal information are supported by governmental mandates (Bennett & Raab 2003, BeVier 1995). Thus, in some situations, the provision of personal information to government organizations is compulsory. This sharply contrasts the nature of information exchanges that individuals engage in with private organizations, where it may be argued that individuals make conscious decisions about which organizations they choose to provide their personal details to. In their report to the United Nations entitled "Privacy and E-Government," Dempsey, Anderson, and Schwartz clarify the point that "governments have special privacy obligations arising from the concept of democracy, which includes the establishment of rules mediating the power relationship between government and citizens" (2003, 1). In light of the relevance of this unique relationship between government and citizen, this topic will be explored further in later sections of this report.

Governments collect personal information from citizens for many purposes, for instance determining appropriate taxation and the provision of social welfare benefits. The collection of information in these interactions, wherein citizens provides information about themselves to a government organization, is justified based on the requirements of the specific interaction (commonly involving a need to establish or verify an individual's identity). Looking at a specific example, the procedures designed to facilitate the redistribution of resources within welfare states (i.e., social welfare programs) require benefit applicants to provide detailed personal information in order to determine their eligibility for beneficiary status (BeVier 1995, Prebble 1990). This requirement is logically reasonable, as the decision-making process requires detailed information about each applicant, often including financial and health-related information. The implicit sensitivity of this information may further emphasize the importance of ensuring that the information is handled properly and used only for the purpose it is collected for.

Since individuals in lower socioeconomic groups are typically thought to be more reliant on government programs (e.g., more likely to provide information to welfare programs, etc.) it is often suggested that these sections of the population are more susceptible to invasions of their privacy. However, based on their investigation of the distribution of privacy risks throughout society, Raab and Bennett (1998) suggest that, while lower classes may be more vulnerable to certain risks, different social classes are vulnerable to different privacy-related risks. Specifically, they note "those who are further up on the socioeconomic ladder are more likely to be part of the credit-card economy and to be targeted with considerable precision by direct marketers and the private sector in general" (264).

back to top

2.3 International Context: Regulating privacy

A review of international privacy laws reflects the range of disparate regulatory approaches taken by various governments to protect citizens' privacy. Although many countries (including the European Union (UN), New Zealand, and Australia) have based their privacy regulations on the Organization for Economic Cooperation and Development's (OECD) Guidelines Governing the Protection of Privacy and Transborder Data Flow of Personal Data (1980), subsequent decisions about implementation and development of domestic policies have resulted in divergence amongst these countries. Thorough comparisons of these regulations exist (Klosek 2000,[Klosek compares privacy legislation in the United States and European Union, including analysis of the legislation of fifteen members states of the EU.] Koppe 2002 [Koppe compares data protection in the EU, the US, and New Zealand, with emphasis on Internet privacy.] ), including the Electronic Privacy Information Center (EPIC) and Privacy International's report Privacy and Human Rights 2004: An international survey of privacy laws and developments, which provides analysis of privacy regulations in over sixty countries, including the U.S. and New Zealand.

The approach to privacy regulation in the U.S. is markedly different from that of New Zealand. American regulation is not based on the OECD's "Guidelines," but rather derives from the Fair Information Practices, developed by the U.S. Department of Health, Education and Welfare (HEW) in 1973. Instead of a comprehensive regulatory approach (like those of the European Union, [The European Union's European Union Data Protection Directive (1995)] New Zealand, [New Zealand's Privacy Act of 1993] and Australia [Australia's Privacy Act 1988] ), the U.S.'s sectoral approach has resulted in the development of different privacy codes for various areas (e.g., the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Fair Credit Reporting Act (FCRA), Electronic Communications Privacy Act of 1986 (ECPA), among others). This "patchwork of federal laws" and self-regulation (EPIC and Privacy International, 2004) has been criticized in comparison to other models of comprehensive legislation and regulation (Koppe, 2002).

back to top

2.4 Privacy and Technology

Given that privacy issues are fundamentally related to the society in which an individual lives (Moore 1984,[Specifically, Moore notes that the "need for privacy is a socially constructed need. Without society there would be no need for privacy" (1984, 73).] Milberg, Smith, & Burke 2000), it is no surprise that these issues tend to be influenced by changes in society, especially changes involving the use of technology. For example, when Warren and Brandeis addressed the issue in 1890, their writing acknowledged the privacy-related implications of advances in communications, photography, and printing. Based on our inability to reliably predict future technological developments and innovations (much less, their consequences), privacy regulations are often established as a reaction to new threats (Bennett & Raab 2003, Langenderfer & Cook 2004).

Increasing concern regarding the perceived reduction of personal privacy in the Information Age is a consistent theme in the literature of various fields. The ubiquity of computers, communications networks, and digital information has created an environment in which personal details are arguably more readily available than ever before. In "A Taxonomy of Privacy," Daniel Solove speaks to this concept as he describes modern "architectural problems" related to privacy, which involve "the creation of the risk that a person might be harmed in the future" (2005, 7). Solove observes that "the general progression from information collection to processing to dissemination is the data moving further and further away from the control of the individual" (8), which may be related to increases in the level of public concern about privacy. Other research supports the claim that individuals' privacy concerns are related to perceptions that they do not have control over their personal information (Market and Opinion Research International [MORI], 2003). [Findings of this study are based on a survey of individuals in Great Britain and Northern Ireland.]

back to top

2.5 Other factors influencing privacy concerns

2.5.1 Culture and National Privacy Regulation

Scholars have acknowledged the important relationship between a people's culture and their valuation and interpretation of privacy, as historical events and traditions shape values and expectations (Westin, 1967). The influential role culture plays in shaping privacy concerns has been corroborated by cross-cultural research studies (Milberg, et al. 2000, Bellman, Johnson, Kobrin, & Lohse 2004). For example, Dinev, Belloto, Hart, Colautti, Russo, and Serra compare the privacy concerns of individuals in Italy and the U.S. with respect to factors including citizens' "propensity to trust" and the individualistic or collectivist nature of each culture (2005).

The findings of multiple research studies indicate that the manner in which a country regulates information privacy may be related to the privacy-related concerns of its citizens (Milberg, Burke, Smith, & Kallman 1995, Milberg et al. 2000, Bellman et al. 2004). Milberg et al. (1995) found that citizens of countries that have more moderate approaches to regulating information privacy have more moderate levels of concern, while individuals in jurisdictions where there is either no regulation or very strict privacy regulation tend to report considerably lower levels of concern about information privacy. In light of the significant differences in the approaches to privacy regulation in the U.S. and New Zealand (in addition to important cultural differences), it is likely that the citizens of these countries have different privacy-related concerns and different levels of sensitivity related to various issues.

2.5.2 The Influence of Media Content

Throughout the world, recent events (e.g., widely publicized data breaches involving ChoicePoint, Bank of America, and Lexis-Nexis, among many others), technological developments (use of biometrics, surveillance, Internet tracking, radio-frequency identification), and political issues (proposals for national identification cards, the creation of public registers and unique identifiers) have resulted in much attention being focused on issues of privacy.[The EPIC website provides comment on these privacy-related issues (including publicized breaches, technology, politics and more) at http://www.epic.org/privacy/ (14 Nov 2005).] The increasing frequency of privacy-related issues in popular media has been postulated as one of many factors contributing to public anxiety about threats to individual privacy (Raab & Bennett, 1998).

2.5.3 Legislative Reactions to Terrorism

In the past five years, several countries have taken legislative actions in response to the perceived threats of terrorism (e.g., in the U.S., the USA PATRIOT Act, [Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, available from http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.03162: (Retrieved 29 Nov 2005).] other measures have been taken in the UK, Australia and other jurisdictions). It has been argued that a number of anti-terrorism measures have involved the forfeiture of personal privacy in exchange for security (EPIC and Privacy International, 2004). If individuals believe privacy protections have been reduced, this may affect individuals' associated concerns. Reflecting this global trend, the literature includes analysis of the corresponding impacts on civil liberties and human rights, including individual privacy (Taylor 2003, Swartz 2003, Kerber & Thomas 2003, Nelson 2004).

back to top

2.6 Challenges related to researching privacy

Based on the complexity of individuals' attitudes towards privacy, any research being conducted with the objective of shedding light on privacy issues must be carefully designed and implemented. It is challenging to obtain a meaningful, objective snapshot of public opinion, especially on a subject with such a multitude of interpretations (i.e., since researchers and scholars have been unable to agree on a definition of privacy, it is reasonable to expect that the public may not be entirely sure about how to interpret a poorly designed survey question about privacy). Many quantitative surveys have asked general questions about "how concerned" individuals are about privacy, yet these simple questionnaires often fail to explain the nature of these concerns or identify the associated causes (Smith, Milberg & Burke, 1996).

Since statistics derived from public opinion surveys are often used to inform and influence the development of important public policies, the quality of research design and objectivity of questioning is paramount. In his article "Public Opinion Surveys and the Formation of Privacy Policy," researcher Oscar Gandy Jr. discusses problems of framing survey questions about privacy and affirms, "policy advocates continue to introduce strategic representations of public opinion into the policy process" (2003, 296). Specifically, the objectivity of many large research surveys have been questioned based on the framing of questions and the motivations of those funding the research (Gandy 2003, Electronic Privacy Information Center [EPIC] 2005). For example, long-time privacy researcher Alan Westin's survey findings on public opinion about privacy-related issues are often cited throughout the world. In the past five years, multiple commentators have questioned the objectivity of Westin's surveys, including a pattern that EPIC refers to as "strong correlations between the conclusions of Mr. Westin's studies and the interests of the companies sponsoring them" (EPIC, "Public Opinion on Privacy").

Moreover, although survey research can provide some indication of public opinion and attitudes, multiple research findings indicate that individuals' behaviors may directly contradict their declared privacy preferences or attitudes towards privacy (Spiekermann, Grossklags & Berendt 2001, Nemati et al. 2003).

back to top

2.7 Privacy & Trust online

Renowned scholar Francis Fukuyama, has emphasized the important role trust plays in interactions and relationships involving the Internet (1996). This intuitive and commonly accepted idea is supported by the findings of Friedman, Kahn and Howe, who suggest that one primary difference related to trust in the online environment is the greater challenge individuals face in trying to "reasonably [assess] the potential harm and good will of others" (2000, 40).

A survey of the literature reveals that many researchers have begun to investigate dimensions of privacy in relation to use of the Internet. A report published by the Pew Internet and American Life Project in 2000 indicates low levels of understanding related to online privacy issues, as 56 percent of American Internet users were unaware that cookies were used to track their online activities. [A cookie is a text file (sent to a user from a web server) stored on a user's computer, which are commonly used to help websites track users online.] The report concludes that individuals are increasingly concerned about privacy-related issues, and although "Internet users express considerable fears about... problems they might face online... they behave in surprisingly trusting ways in many sensitive online areas" (Fox, Rainie, Horrigan, Lenhart, Spooner, & Carter, 12). A recently released survey of Internet users in the U.S. reports that 53 percent of this group "say they have stopped giving out personal information on the Internet" (18) and that the most important factor influencing their decisions to visit a web site is that "the site will keep personal information I provide safe and secure" (Consumer Reports 2005, 9). Research specifically focused on gauging New Zealanders' views about interacting with government online suggests that, in comparison to thirty other countries, New Zealanders have an above average "perception of 'safety' in providing personal information to Government over the Internet." The same research suggests that this perception of safety has increased considerably among some groups of New Zealanders who use government online (Taylor Nelson Sofres, 2003).[Specifically, the report finds, "The perception of safety in providing personal information to Government over the Internet increased significantly among a number of [government online] user groups..." (Retrieved 2 December 2005, from: http://www.e.govt.nz/resources/research/go-survey-2003/chapter1.html)]

In addition to general quantitative surveys, researchers have contributed to our understanding of the antecedents of users' online privacy concerns. The associated findings suggest that an individual's privacy concerns are directly related to one's perceived vulnerability, and also highlight the complicated role of one's perceived ability to exercise control over their own information (Dinev & Hart 2004).[As the authors note, their findings indicate that the relationship between one's ability to control information and their privacy concerns was not statistically significant, and they present several reasonable explanations for this seemingly counter-intuitive result.] Hu and Dinev suggest that people do not understand the "real implications of privacy and security in the Internet age," and since they are oblivious to the issues, they are currently unable to address the problem (2005, 65). Other research has indicated that online privacy concerns are related to the amount of experience an individual has using the Internet, concluding that as experience grows, privacy concerns are reduced (Bellman et al. 2004).

2.7.1 E-Commerce Research

Many researchers have studied the importance of privacy in the developing field of electronic commerce (e-commerce). Commentators suggest that individuals are increasingly aware that personal information is a valuable commodity to others, and are also sensitive about the associated risks (Olivero & Lunt, 2004). The findings of Liu, Marchewka, Lu & Yu, suggest that dimensions of privacy have "a strong influence on whether an individual trusts an [e-commerce] business" and this "will influence their behavioral intentions" to use an e-commerce website (2005, 300). Although the context of transactions in the public sector differs greatly from that of the private sector, this general concept may also apply to citizens' use of government online. In a study that investigated individuals' privacy preferences (and concerns) and then observed individuals' actions in an online shopping experiment, the observed behavior was shown to be "in sharp contrast to their self-reported privacy attitude" (Spiekermann et al. 2001, 14). This may indicate a lack of understanding about the privacy-related implications of online activities.

Although this body of e-commerce research provides a number of conclusions related to this study, the nature of relationships within the 'customer - business' model of commercial business transactions is fundamentally different from those within the 'citizen - state' model of liberal democracies. Among other differences, distributions of power among the parties of these transactions are notably dissimilar, as previously discussed. Therefore, while it is important to be aware of these findings and consider their implications, it is seemingly illogical to presume that they can simply be extrapolated to cover interactions within the public sector.

back to top

2.8 E-government, Information Privacy and Trust

The governments of New Zealand and the U.S. have invested (and continue to invest) large amounts of money into their respective e-government efforts. The proposed benefits of e-government commonly include improved performance of government organizations and improved service delivery to citizens. [For example, from http://www.e.govt.nz/about-egovt: "[E-Government] enables government agencies to separately and collectively lift their performance and deliver better results..." and "E-government makes the best of [government] investment to deliver improved services to New Zealanders." (20 Dec 2005).] Although the governments of both New Zealand and the U.S. have been using computers to process citizens' personal information for decades, their increasing use of information and communications technology (especially the Internet) has affected the way citizens' personal information flows to, from and within each government.

Internationally, research indicates that privacy-related issues and concerns are a critical challenge for successful implementation of e-government. In the U.S., many Americans acknowledge the potential benefits of being able to interact with government online, yet similar proportions of the population also have concerns about the privacy and security of their personal information submitted through government websites (Council for Excellence in Government, 2003). Research commissioned by the United Kingdom Presidency of the European Council has investigated the current status of, and challenges facing, e-government efforts in Australia, Canada, France, Germany, Italy, Japan, Sweden, the U.K., and the U.S. This research proposes that "all countries face the same challenges of balancing information privacy against potential service enhancements," including the need to protect citizens' privacy while satisfying the authentication requirements of government online (Booz Allen Hamilton 2005, 24-25). The report indicates that, although there are significant potential advantages of data sharing amongst government departments, "refining legislation and policies to support information sharing without undermining privacy protection continues to be a critical obstacle to effective interdepartmental integration" (14).

Research from New Zealand reflects similar privacy issues related to citizens' perceptions about how government organizations handle their information, and the effect these issues have on their confidence in government. In Wired For Well-Being: Citizens' response to e-government, Cullen and Hernon (2004) provide a general overview of New Zealanders' trust in government and perceptions about government websites. Based on focus group research, these findings suggest that citizens have greater confidence in government websites compared to websites in general, and that privacy and security issues were sources of concern amongst those who participated. This report also indicates that individuals believed they had little control over their personal information, and expressed the view that government data sharing activities could potentially reduce their confidence in government organizations. Channel Surfing: How New Zealanders Access Government presents the results of a telephone-based, quantitative survey, which indicate that the phone and the Internet are the two channels that the most New Zealanders have security concerns about (Curtis, Vowels & Curtis 2004, 7)

The strategic plans of the New Zealand and U.S. Governments appear to rely heavily upon the use of the Internet and other information and communications technologies.[As of December 2005, evidence of these strategic views is available at http://www.e.govt.nz/about-egovt/strategy for N.Z. and http://www.firstgov.gov/Topics/Includes/Reference/egov_strategy.pdf for the U.S.] In light of this, it is important for each to learn about how they can successfully respond to this challenge of maintaining a balance between protecting citizens' privacy and realizing the potential benefits of e-government.