This document provides an overview of three studies examining the effects of customer data vulnerability and the role of transparency and control in mitigating negative outcomes. Study 1 used experiments to show that transparency and control suppress the negative impact of data access vulnerability on customer emotional violation and trust. Study 2 was an event study that found data breaches negatively impact firm performance and rivals, and this effect is suppressed by control and the interaction of transparency and control. Study 3 further tested these relationships and the mediating roles of emotional violation and cognitive trust.
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Data Privacy: Effects on Customer and Firm Performance
1. - 1 - Laurence J. Pino
Data Privacy: Effects on
Customer and Firm
Performance
- 1 - Laurence (Larry) J. Pino
2. - 2 - Laurence (Larry) J. Pino, (Esq.)
The Authors
Kelly D. Martin
Associate Professor of Marketing and Dean’s
Distinguished Research Fellow
Colorado State University
PhD, Business Administration
Washington State University
Abhishek Borah
Assistant Professor of Marketing
University of Washington
PhD, Business Administration (Marketing)
University of Southern California
Marshall School of Business
Robert W. Palmatier
Professor of Marketing and John C. Narver Endowed
Professor in Business Administration
University of Washington
PhD
University of Missouri
3. - 3 - Laurence (Larry) J. Pino, (Esq.)
Purpose of the Study
While managers and academics contend that using customer data is an effective
way to improve marketing returns (McAfee and Brynjolfsson, 2012; Schumann, Wangenheim and
Groene, 2014), data collection efforts concomitantly may have a dark side as customers
often express negative reactions to firms’ privacy practices (Marcus and Davis, 2014).
Nonetheless, firms tend to have relatively little insight into the ramification of customer
data management efforts or how to prevent negative outcomes associated with them.
In light of that, the authors seek to better understand the effect of customer concerns
on customer and firm behavior advancing the concept of customer perceptions of
vulnerability informed by gossip theory viewing firms as “gossipers” and customers as
targets (Foster, 2004; Richman and Leary, 2009).
4. - 4 - Laurence (Larry) J. Pino, (Esq.)
Structure of the Study
The Overall Study consists of three complementary individual
Studies addressing “customer data vulnerability” mitigated by
“transparency” and “control” on the part of the customer and
mediated by “emotional violation” and “cognitive trust.” Customer
data vulnerability is defined as a customer’s perception of
susceptibility to being harmed as a result of various uses of personal
data along a continuum beginning with data access vulnerability –
mere access to personal data – to data breach vulnerability – an
actual security lapse has occurred, regardless of whether damage has
been suffered – to spillover vulnerability – a firm similar to the one
which has the customer’s personal data suffers a data breach – and
finally to data manifest vulnerability – customer’s data are actually
misused and the customer is actually harmed.
Applying gossip theory to the three Studies, the authors
identified two particular factors – transparency and control – which
suppress the negative effects of unsanctioned transmissions of
information, thereby managing the negative effects of their own
vulnerability (see PowerPoint pages 6-9 for the Historical Research Map).
5. - 5 - Laurence (Larry) J. Pino, (Esq.)
Structure of the Study
In Study 1, the authors evaluated customer responses to data access vulnerability
through a series of experiments manipulating data access vulnerability, transparency
and control. Study 2 was an event study intended to capture the effects of data breach
and spillover vulnerabilities and evaluating to what extent those effects can be
suppressed by transparency and control. Study 3 manipulated each of the four types
of vulnerabilities to test the suppressors of transparency and control and the proposed
mediators of emotional violation and cognitive trust.
6. - 6 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Data Access
Vulnerability
Customer
expectation of
susceptibility to
the harm that
can come from
the disclosure of
their personal
data
Bart et al. (2005) Navigation and presentation, advice and brand strength are more
influential predictors of online trust than are privacy and security.
Schlosser, White,
and Lloyd (2006)
Website investment/design, not privacy and security statements, is the
strongest factor leading to purchase intentions and trust.
John, Acquisti, and
Loewenstein (2011)
Contextual information including both intrusiveness and the professional
look of a questionnaire response format, encourages more or less
customer information disclosure, while priming with a privacy statement
decreases disclosure.
Acquisti, John, and
Loewenstein (2012)
Customers are willing to disclose increasingly sensitive information when
they believe others have done so and when placed at the beginning of a
questionnaire.
Schumann, Wangenheim,
and Groene (2014)
Customers consider targeted advertising as a form of currency in order to
pay for free services, customization and other marketing benefits.
Tucker (2014) People responded more favorably to personalized and targeted ads from a
non-profit on Facebook when they had the ability to control their personal
privacy settings.
7. - 7 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Data Breach
Vulnerability
Extent to which
the customer
feels vulnerable
as a result of a
firm’s security
lapse, making
data vulnerability
salient
Acquisti, Friedman, and
Telang (2006)
A data breach does have a significant negative effect on stock market value
the day the breach is announced, but does become nonsignificant over
time.
Malhotra and Malhotra
(2011)
A firm’s market value after data breach is negatively affected in both the
short and long term runs, but is more detrimental in the long run. Larger
firms suffer greater loss of market value than smaller firms.
Sen and Borle (2015) State-level data breach disclosure laws can influence breach risk in certain
industries. Because greater security spending heightens breach risk,
information technology dollars may be suboptimally allocated.
Hsieh et al. (2015) Since data loss events negatively affect firm performance, companies
should be investing more in data security efforts.
Schatz and
Bashroush (2016)
While a company’s stock market value decreases based on a data breach, it
gets worse with more than one breach.
8. - 8 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Spillover
Vulnerability
Extent to which
the customer
feels vulnerable
as a result of the
data breach of a
firm that is a close
rival of a firm
(s)he uses.
Ko and Dorantes
(2006)
The focal firm’s performance subsequent to a data breach will decrease
relative to peer firms which did not experience a data breach.
Roehm and Tybout (2006) Customers often shift from a firm experiencing a brand crisis, and that
switch may be permanent.
Cleeren, Van Heerde, and
Dekimpe (2013)
Spillover effects occur because customers believe the nature root cause of
the data crisis is endemic to the entire category or industry.
Borah and Tellis (2016) The influence of a data breach spreads to rival firms through a “guilt-by-
association effect.”
9. - 9 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Data Manifest
Vulnerability
Extent to which
the customer
feels vulnerable
as a result of
actual misuse of
personal
information,
making data
vulnerability
salient; can occur
through
fraudulent
activity including,
but not limited to,
identify theft
Milne, Rohm, and Bahl
(2004)
The data indicate that consumers have a lack of understanding about
adequate ways to protect themselves from identify theft, suggesting that
greater firm and governmental production are appropriate.
Romanosky, Telang,
and Acquisti (2011)
Data breach disclosure laws actually reduce identify theft by 6%.
10. - 10 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Gossip
Theory
Describes how
people respond
to the
unsanctioned
collecting, use,
or disclosure of
their personal
information
(Dunbar, 2004;
Foster, 2004)
Eder and Enke (1991) For a target to address a gossip event, it must know that the gossip is
occurring.
Emler (1994) Targets of gossip often try to regain control over their information.
Baumeister and Leary
(1995); Leary and
Leder (2009)
When gossip becomes salient, it produces a range of negative emotional
and cognitive responses from the target toward the source.
Turner et al. (2003) The negative reaction of a target upon learning of a gossip event is
greater when more people have received the gossip.
Williams (2007) Salvaging control represents a key restorative element after a damaging
gossip event.
Richman and Leary
(2009)
People have a well-developed sense of how they are perceived and
evaluated by others, even if those others are firms.
Mills (2010); Smith
(2014)
A target’s vulnerability decreases when the target has knowledge about
the gossip event (transparency) and the ability to manage the spread and
impact of the information (control); When more people receive gossip,
the target becomes more vulnerable.
11. - 11 - Laurence (Larry) J. Pino, (Esq.)
Research Landscape of
the Study
Transparency
Customer knowledge of
a firm’s access to her or
his data and
understanding of how it
is going to be used
(Awad and Krishnan,
2006)
Cumbley and
Church (2013)
Transparency is critical for firms to avoid “creepiness” inferences
customers obtain about a firm.
Tucker (2014) Company information collection strategies that are overt versus covert
influence how customers respond to firms’ efforts.
Transparency /
Control Interaction
Customer perception of
the extent to which
(s)he can manage a
firm’s use of her or his
personal data (Tucker,
2014)
Caudill and
Murphy (2000)
Customer knowledge and control represent key areas for investigation in
online privacy research
Steel and Fowler
(2010)
After Facebook suffered a data breach in 2010, it responded with policies
and system designed to keep people in control of their information.
Kumar, Zhang,
and Luo (2014)
To provide control to customers, firms generally rely on opt-in and opt-
out decisions and allow them to manage their individual settings and
preferences.
12. - 12 - Laurence (Larry) J. Pino, (Esq.)
Conceptual Framework
of the Study
13. - 13 - Laurence (Larry) J. Pino, (Esq.)
Conceptual Framework
of the Study
14. - 14 - Laurence (Larry) J. Pino, (Esq.)
Conceptual Framework
of the Study
TABLE 2 (con’t)
15. - 15 - Laurence (Larry) J. Pino, (Esq.)
Study 1
Data, Design and Methodology
Study 1 was a series of two by two between-subjects experiments to assess
customer responses only to firms’ access to data without either breach or damage. Fifty
participants from Amazon Mechanical Turk were recruited for each of four cells testing
scenarios conveying high and low levels of stress testing for transparency, control, and
the interaction of transparency and control. After reading descriptions of data access
vulnerability, transparency and control, the respondents evaluated the scenario
company on measured scales for violation and trust.
Hypothesis Results
H1
The positive effect of data access
vulnerability on emotional violation is
suppressed by (a) transparency, (b)
control, and (c) the interaction of
transparency x control.
Supported. H1a was supported in that transparency
significantly suppressed the positive effect of vulnerability on
emotional violation. H1b was supported in that control
significantly suppressed the positive effect of vulnerability on
emotional violation. H1c was supported in that the
transparency x control interaction suppressed the positive
effect of data access vulnerability on emotional violation.
H2
The negative effect of data access
vulnerability on cognitive
trust is suppressed by (a) transparency,
(b) control, and (c) the interaction of
transparency x control.
H2a and H2b were not supported in that the data did not
support the conclusion that trust suppressed data access
vulnerability. H2c was supported in that the transparency and
control interaction suppressed the effect of data access
vulnerability on emotional violation and trust.
16. - 16 - Laurence (Larry) J. Pino, (Esq.)
Overview
Study 2 was an event study to gauge the impact of data breaches on subsequent
stock prices leveraging the efficient market hypothesis, i.e. that a stock price at a
particular point in time reflects all available information up to that point (Fama, 1998;
Sharpe, 1964). Consistent with previous event studies in marketing – Borah and Tellis, 2014;
Homburg, Vollmayr, and Hahn, 2014 – customer level effects are expected to manifest in
immediate changes in stock price.
Data, Design and Methodology
Publicly-traded firms were pulled from EQ, Factiva, Lexis-Nexis, and
privacyrights.org with the specific data breach as the unit of analysis. The Dun and
Bradstreet’s Hoover’s Database was used to identify the closest publicly listed rival of
each focal firm based on revenue. The event window in days, which should be as short
as possible (McWilliams and Siegel, 1997), was identified as a -1, 0, and +1. Controlling for
potentially confounding events such as dividend declarations, earnings or other forms of
announcements, such as mergers or acquisitions, the data ultimately contained 293
breached firm-day observations across 199 unique firms and 299 rival firm-day
observations for 176 unique firms.
Study 2
17. - 17 - Laurence (Larry) J. Pino, (Esq.)
Measures
The privacy policy for each of the focal and rival firms was pulled from the firm’s
website at the time the breach occurred using the Wayback Machine Internet archive.
With respect to both transparency and control, the firm was assigned, through rigorous
assessment of the privacy policy, a score from 0 to 5 based on the presence of
characteristics associated with transparency and control, respectively.
Hypothesis and Results
Study 2
Hypothesis Results
H3a
Data breach vulnerability negatively
affects firm Performance.
H3a and H3b were both supported in that a data breach leads to
significantly negative abnormal returns for focal and rival firms
implying a negative effect of a data breach vulnerability and a
negative spillover effect.H3b
Data breach vulnerability negatively
affects a rival firm’s performance
(spillover effect).
H3b(alt)
Data breach vulnerability positively
affects a rival firm’s performance
(competitive effect).
H3b(alt) which hypothesized that the negative effect of a data
breach on a rival is alleviated by the severity of the focal firms
data breach was not supported, although the negative effect of
a data breach on the focal firm is 1.7 times stronger than on
the rival.
18. - 18 - Laurence (Larry) J. Pino, (Esq.)Laurence J. Pino
Hypothesis Results
H4
The negative effect of data breach
vulnerability on firm performance is
suppressed by transparency (i.e.,
suppressing both data breach and
spillover effects).
H4 was not supported in that transparency was not seen as
suppressing data breach vulnerability on firm performance.
H5
The negative effect of data breach
vulnerability on firm performance is
suppressed by control (i.e., suppressing
both data breach and spillover effects).
H5, however, was supported in that control did have a
significant and positive effect on suppressing the negative
effect of data breaches on both focal and rival firms’ abnormal
stock market performance.
Study 2
19. - 19 - Laurence (Larry) J. Pino, (Esq.)Laurence J. Pino
Hypothesis Results
H6
The negative effect data breach
vulnerability on firm performance is
suppressed by the interaction of
transparency x control (i.e., suppressing
both data breach and spillover effects).
H6 was supported in that the interaction of transparency and
control does have a positive impact on returns and, when the
coded data were split through a median split, the high
transparency and high control combination was even more
effective in suppressing the negative effects of data breaches
on financial performance.
H7a
The negative effect of data breach
vulnerability on firm performance (data
breach effect) is aggravated by the severity
of the focal firm’s data breach.
H7a is supported in that the negative effect of data breach
vulnerability on firm performance is aggravated by the
severity of the focal firm’s data breach. On the other hand,
the negative effect of data breach vulnerability on rival firm
performance, which is known as the competitive effect is
alleviated by the severity of the focal firm’s data breach,
supporting H7b(alt) and not supporting H7b. In other words, the
more severe the data breach on the focal firm, the greater
the competitive effect.
H7b
The negative effect of data breach
vulnerability on rival firm performance
(spillover effect) is aggravated by the
severity of the focal firm’s data breach.
H7b(alt)
The negative effect of data breach
vulnerability on rival firm performance
(competitive effect) is alleviated by the
severity of the focal firm’s data breach.
Study 2
20. - 20 - Laurence (Larry) J. Pino, (Esq.)
Overview
Study 3 connected the findings of the first two Studies, examining all four forms of
customer data vulnerability (data access vulnerability, data breach vulnerability, spillover
vulnerability, and data manifest vulnerability) against company-level transparency and
control, extended to actual customer outcomes (falsifying personal information,
spreading negative WOM, and switching behaviors) tested against proposed mediating
mechanisms (violation and trust) while controlling for privacy concerns and participants’
prior experience with a data breach or identity theft.
Data, Design and Methodology
Two-hundred and two people were recruited from Amazon Mechanical Turk and
assigned randomly to three separate industries: retail, financial services, or technology –
five companies in each industry – and matched to participants who actually had
personal involvement with those companies. Participants were asked baseline questions
dealing with their relationship with the company which provided for a preassessment of
the study variables before any manipulations; participants were then displayed
Study 3
21. - 21 - Laurence (Larry) J. Pino, (Esq.)
randomly assigned emails purportedly from the firm they had selected. One email
addressed data breach vulnerability; another spillover vulnerability; another data
manifest vulnerability; and another data access vulnerability. The participants then
completed measures for vulnerability, violation, and trust, as well as the customer
behaviors of falsification, negative WOM, and switching likelihood.
The dependent variable was a delta measure (Δvulnerability), representing a
change in vulnerability. Independent coders similar to what had been done in
completing the assessments of the privacy policies for Study 2 also provided the privacy
policies for the 15 company choices in Study 3 nested in three different industries which
resulted in a three-level hierarchical linear model.
Study 3
22. - 22 - Laurence (Larry) J. Pino, (Esq.)
Hypothesis Results
H8
The positive effects of customer data
vulnerability on (a) falsifying behavior, (b)
negative WOM, and (c) switching
behavior are mediated by emotional
violation.
H8 was supported in that an increase in customer data
vulnerability was corelated to an increase in falsifying behavior,
negative WOM and switching behavior mediated through
emotional violation.
H9
The positive effects of customer data
vulnerability on (a) falsifying behavior, (b)
negative WOM, and (c) switching
behavior are mediated by cognitive trust.
H9 was also fully supported in that an increase in emotional
vulnerability was positively corelated to an increase in falsifying
behavior, negative WOM, and switching behavior mediated
through cognitive trust. Moreover, the relationship between
the direct effect of an increase in vulnerability on an increase in
falsifying behavior and negative WOM were not significant, the
data would suggest full mediation by cognitive trust, but only
partial mediation as to switching behavior.
Study 3
23. - 23 - Laurence (Larry) J. Pino, (Esq.)
Implications & Conclusions
1. This was an exhaustive Study which combined three independent sets of Studies
into an overall holistic evaluation of customer behavior in relationship to
perceptions of vulnerability associated with providing access to private
information. Not only did it provide empirical data which support the opportunity
for further academic research as well as managerial application, but it also
provided a nomenclature and construct structure to better conceptualize the
psychology of customer perceptions with respect to the field.
2. The utilization of gossip theory as a strong theoretical construct within which to
evaluate customer perceptions, feelings and behaviors, represents a very useful
model that allows better understanding based upon behaviors and feelings to
which all human beings from childhood through adulthood have been exposed.
24. - 24 - Laurence (Larry) J. Pino, (Esq.)
Implications & Conclusions
3. Data access, while important to a firm’s strategic and tactical product development
as well as marketing communications, must be treated with respect and a
recognition of their effect on a customer’s relationship with the firm. The privacy
policies utilized by data coders provide the opportunity for a valid empirical
baseline on which a firm can lean to legitimatize a privacy policy around
dimensions which are meaningful to customers.
4. On the basis of the Studies,
managers have the opportunity to
recognize that high transparency
and high control reduce customer
data vulnerability in general terms,
but also reduce the negative effects
of falsifying behavior, negative
WOM and switching in particular, in
specific.
25. - 25 - Laurence (Larry) J. Pino, (Esq.)
Implications & Conclusions
5. In addition, in the event of an actual data breach, the data are consistent with the
conclusion that the negative effect on the company’s stock price would be less
damaging. The data also provide a clear baseline from which managers can
conclude that providing transparency with respect to the firm’s data policy, but not
providing customers with control, is not an effective policy and is, in fact, possibly
self-sabotaging.
6. While it is true that the most optimal policy provides for high transparency and
high control, leading to total autonomy, if that is not consistent with management’s
perspective, some level of perceived control may be sufficient to obtain at least
adequate results.