Abstract

Considerable research shows that personal information privacy has eroded over the last 30 years. Prior research, however, takes a consumer-centric view of personal information privacy, a view that leads to the conclusion that the individual is responsible for his/her own information. This research presents and defends a comprehensive personal information privacy model of extra-organizational data sharing, leakages, and transgressions of data that incorporates how data are actually passed and leaked to organizations of whom the consumer has no knowledge and over which the consumer has no control. This research presents support for the existence of legal, illegal, and legally grey area extra-organizational parties and the need for more complete comprehension of personal information privacy in business-to-consumer research. In addition, the research supports the presence of data transgressors and data invaders, identifying the magnitude of privacy violations in spite of legal and self-protection policies. The model can serve as a guide for privacy research and for social discussion and legislation to manage and regulate use of data once collected.