Attitudes and opinions about online advertising practices and consumer privacy concerns have been studied in both the academic and popular press. However, online consumers' response to privacy concerns have not been studied. This study examines this relationship using a national sample of individuals with personal e-mail accounts. Respondents' concerns with a series of situations which effect privacy online were assessed. This overall level of concern was subsequently correlated with the frequency that respondents adopted seven different online behaviors. Analysis demonstrates that the frequency of adopting five of the seven behaviors increased as respondents' privacy concern increased. Specifically, as privacy concern increased, respondents reported that they were more likely to provide incomplete information to web sites, to notify Internet Service Providers (ISPs) about unsolicited e-mail, to request removal from mailing lists, and to send a "flame" to online entities sending unsolicited e-mail. Additional ly, as privacy concern increased, respondents reported that they were less likely to register for web sites requesting information. Implications for online advertisers are provided as apart of this study.

In the spring of 1990, Lotus Development Corporation announced a plan to market a CD-ROM database called Lotus MarketPlace: Households. The database contained information on 120 million American consumers in 80 million households and was a joint effort of Lotus and Equifax Credit Corporation (Gurak 1997). Less than eight months later, however, Lotus announced the cancellation of the product, due primarily to public outcry over privacy violations. What makes this story unique is the characterization of the outcry. The impetus for the complaints came primarily from Internet users, who quickly disseminated information about the product throughout web pages, newsgroups and listservs. This incidence of "computer populism" (Winner 1991) is one of the first occasions to establish a link between privacy concern and consumer behavior online. Since this time, however, there has been minimal investigation into the effects of privacy concern on consumer behavior. This is surprising, given the high concern with privacy o nline (Kehoe, Pitkow and Morton 1997) and the potential for increased government and legal involvement in regulating Internet commerce (Richards 1997). In fact, Regan (1995) suggested that the current body of literature regarding privacy is limited because it does not address the effects of privacy concerns on individuals' behaviors.

As more advertisers go online, testing and utilizing the ways to communicate with customers on the Internet and to collect information are increasing. Cyberdialogue/FINDSVP (1998) found that 19% of online businesses use e-mail to seek new customers, and 45% plan to choose it for soliciting customers in the upcoming year. ClickZ (1998) found that 29% of marketers with web pages collect personally identifiable information from their web sites. The Federal Trade Commission (FTC) cautioned that a much higher percentage of web sites, as many as 92%, collect personal information (FTC 1998). However, advertisers are slow to examine which information collection practices are welcomed by consumers and which are not. Negative attitudes toward unwarranted communications and clandestine information-gathering practices used by online advertisers may result in consumers choosing behaviors that are the opposite of those desired by advertisers. For example, Kehoe, Pitkow and Morton (1997) report that 10% of Web users never provide information to web sites that require registration, resulting in a loss of information collected by the advertiser.

An interrelationship exists between attitudes, cognitions and behaviors in privacy responses, yet current studies have not closely examined these relationships (Regan 1995). Research to date (e.g., Business Week 1998; Harris-Equifax 1996; Kehoe, Pitkow and Morton 1997; Westin 1997) measures attitudes and opinions about online advertising practice and privacy, but does not assess corresponding behavior. Therefore, it is difficult to evaluate the accuracy or meaning of these studies on a practical behavioral basis, since it is not known how privacy concerns affect the actions taken by online consumers.

The purpose of this study is to begin to investigate the link between privacy concern and consumer behavior in the online environment. It examines whether online consumer concerns with privacy are correlated with behaviors that can be adopted to protect privacy. We begin with a review of consumer complaining behavior (CCB) and the challenges to researching privacy. We review the studies of CCB responses to privacy concern in both off-line and online contexts. We then present the results of an e-mail survey conducted among a national sample of 889 online users. The survey assessed relationships between privacy concerns and adoption of behaviors to protect privacy. Finally, implications for advertisers are presented.

Literature Review

Consumer Complaining Behaviors (CCB)

A wide variety of factors cause consumers to feel dissatisfied with a situation. Keaveney (1995) identified causal factors that trigger dissatisfaction, including pricing, inconvenience, core service failures, service encounter failures, employee responses to service failures, and ethical problems. Keaveney suggested that a combination of causal factors interact to result in customer dissatisfaction. However, dissatisfaction does not automatically lead to a complaint. In 1977, Andreason and Best found that while one in five consumer purchases result in consumer dissatisfaction, less than half of these dissatisfied consumers (i.e., one in ten) complained.

Hirschman (1970) was first to suggest a taxonomy of consumer complaining behavior responses (CCB). This taxonomy classifies options available to dissatisfied consumers into three groups. First, they could exit the relationship (e.g., terminate future contact with the seller); second, they could voice their dissatisfaction to the seller (e.g., they could attempt to change the situation by directly complaining to the seller rather than end the relationship); third, they could show loyalty to the seller by neither exiting or voicing (e.g., "suffering in silence"). Further research (Singh 1988) supported that "suffering in silence" was the option selected by most consumers.

Singh (1988; 1990) expanded on this taxonomy by providing three different CCB response categories: voice, private, and third party responses. In Singh's taxonomy, voice responses are complaints directed at the seller or manufacturer, private responses are informal complaints involving friends and relatives (e.g., negative word of mouth) and third party responses are formal complaints directed toward agencies not directly involved in the exchange. Consumers often engage in multiple responses for a single complaint (Singh 1990), although Singh suggested that consumers may chose to elect third party CCB only when other options have been minimally successful or have failed.

In addition to taxonomies of CCB responses, taxonomies of consumers have also been developed. Singh's (1990) taxonomy uses his response taxonomy to classify consumers into four distinct groups based on their intentions to adopt certain CCB. The four groups were termed passives, voicers, irates and activists. Passives reported intentions to complain that were lower than average for voice, private, and third party responses. These individuals comprised 14% of the sample. Voicers--37% of the sample--had higher than average voice intentions and lower than average private and third party actions, and were most likely to complain directly to the entity with which they had a complaint. Irates--21% of the sample--depicted above average private responses, average voice responses, and lower than average third party actions. These consumers tend to complain directly to the entity and also either engage in negative word of mouth or switch their patronage. Activists-28% of the sample -- are characterized by above average complaint activity on all three dimensions.

Researching CCB and Privacy Concern

A company's activities that are perceived to violate online user privacy and thus cause consumer privacy concern would likely fall under Keaveney's (1995) category of "ethical problems." Ethical problems include activities seen as dishonest, intimidating, unsafe, unhealthy or which represent conflicts of interests. Given Andreason and Best's (1977) finding with regard to a lack of correlation between dissatisfaction and complaining, it is not surprising that in the past two decades, several researchers have struggled with the link between privacy concern and behavior. Webb (1981) suggested that it is difficult to look at behaviors adopted by individuals faced with privacy concern because behaviors are likely to differ based on the specific situation encountered by individuals. He suggested that there is a continuum of situations in which behavior might be observed. One end of the continuum is anchored by situations in which privacy could not be said to be violated. An example of this would be a politician gi ving an interview to a newspaper reporter. By nature of their status, public figures must acknowledge that whatever they do in public is fair game for others to see and hear. In contrast, privacy problems are more likely to emerge for nonpublic figures unaware of the possibility that they are being observed, even in public situations. At the opposite end of the continuum are situations in which privacy is unquestionably violated. An example would be the publishing of a private conversation that took place between two individuals in their own home. This situation (a private conversation) is one where the participants clearly expect that their privacy will not be violated, since the conversation took place within what is generally considered a zone of privacy.

Between these extremes is an area in which it is difficult to draw distinct boundaries with regard to the level of privacy violation. Whether an individual determines that privacy is being invaded or not is likely to depend upon the characteristics of the situation and on an individual's own judgment of the situation. This contextual nature of privacy has been recognized by both scholars (e.g., Schoeman 1992) and regulatory entities (e.g., FTC 1998). People will adapt their behaviors depending on three things: the accessibility of their actions to the public, the accessibility of the individual to the public, and the amount of anonymity present during the action (Webb 1981).

Edwards (1993) suggested an additional reason for lack of research into behaviors when faced with privacy concerns. He posits that there are norms of privacy that are so strong that they serve as obstacles to investigating certain aspects of life and relationships. For example, he found that the domestic sphere (e.g., the home) is a fundamentally private place, and individuals regard activities in the home as a sensitive area of disclosure. Therefore, individuals hesitate to discuss effects of intrusions into the privacy in their own home (e.g., from intrusion from an unwanted piece of mail or a phone solicitor) with others, including researchers, simply because the intrusions occurred in a place that is considered fundamentally private.

Regan (1995) did not find a correlation between privacy concern and resultant behavior. For example, when surveys ask direct questions about privacy-related behaviors or experiences, the number of reports of some type of change in behavior is generally lower than the concern about privacy loss or invasion. This would suggest that even though individuals are concerned with privacy, they do not change anything about their behavior to address the concern. However, there have recently been indications that individuals are increasingly changing or adopting behaviors in light of information requests that they feel invade their privacy.

Responses to Privacy Concern: Voice, Private, and Third Party Responses

Consumer responses to privacy concern are varied, with some responses reflected in Singh's (1988) taxonomy of COB and some responses apparently unique to the issue of privacy concern. Relative to Singh's taxonomy, voice, private and third party responses to privacy concern are applicable. Individuals voice concern with their privacy when they ask the entity to remove their name and address from a mailing list. Nowak and Phelps (1992) reported that 46% of those respondents concerned about threats to personal privacy had requested removal from a mailing list, versus 31% among the unconcerned responses, suggesting increased privacy concern may have motivated this action. Individuals can also voice concern when they elect not to receive mail and phone solicitations by using services such as the Mail Preference Service (MPS) and Telephone Preference Service (TPS). Maynard (1996) reports that while there has been a gradual rise in the number of individuals who belong to these lists over the past seven years, both lists reflect a low percentage of the total population in the United States, as less than 2% of Americans take advantage of the MPS and less than .3 % of Americans have filed with the TPS. Culnan (1995) argues that the name-removal options are not effective because the Direct Marketing Association (DMA) has done a poor job of informing individuals of their rights. Nowak and Phelps (1992) found that while half of respondents polled had heard of MPS, less than a third had heard of TPS. This finding may suggest a general lack of awareness about some behavioral options available to individuals. Or, the finding may indicate that consumers do not wish to eliminate communications from all advertisers, recognizing that some products and services may be of interest to them (Cespedes and Smith 1993).

Online users adopt similar voice responses when they directly contact online entities that have sent them unsolicited e-mail. A recent study (Pitkow and Kehoe 1997) showed that 19% of online users contact mailers to request that they not receive additional mail. A small percentage (5%) retaliate with something like a mail bomb (a large file of data designed to crash a user's system or network) to mailers (Pitkow and Kehoe 1996; 1997). Online users have also banded together to voice dissatisfaction to companies with regard to privacy issues. This has been seen with the online concern about P-Trak, an online database of information published by Lexis-Nexis (Harvey 1996), and with an e-mail spam of immigration law practice (Bolt 1997).

Individuals in both the P-Trak and the e-mail spam circumstances took private actions. In both these situations, online users communicated with each other via newsgroups and e-mail (a private action) to discuss the situation, and then bombarded the offending companies with e-mail and other communications (a voice action). More recently, privacy groups discussed a boycott of Intel because of that company's decision to embed personal identification numbers in new chips, which would identify individual level information during Internet activities (CNN 1999). While Intel argued the identification numbers would increase security in online transactions, they altered the chips so online users would have to "turn on" the identification feature themselves (CNN 1999).

Third party actions have also been seen in several different manifestations. First, regulatory entities like the Better Business Bureau (BBB) and the Federal Trade Commission (FTC) have website forms where online users complain about practices they find on the Internet, which can include practices which online users feel violate privacy. Internet users themselves have created blacklists of advertisers that mass mail commercial messages to online users. For example, the "Blacklist of Internet Advertisers," monitors two Usenet newsgroups dedicated to documenting user-reported abuses of the Internet system (news.admins.net-abuse.e-mail and news.admin.netabuse.usenet) and develops its list from those sources. Visitors to this and similar web sites are urged not to patronize these advertisers. While these lists do not monitor the number of people who visit their sites, many online users check these lists regularly (Bolt 1997). SurveyNet (1998) reported that these lists were used by more than 10% of online users.

Responses to Privacy Concern: Withholding and Abstaining Responses

Certain privacy concern responses that do not appear in Singh's taxonomy are suggested in the literature. For example, some individuals faced with privacy concerns may withhold information or abstain from participating in a part of consumer society. For example, Harris-Equifax (1990) found that a substantial number of individuals do not supply complete information when asked to do so. The same study reported that 30% of individuals would not apply for something like credit or insurance because they did not want to provide specific information about themselves. Nowak and Phelps (1992) found that 51% of respondents in a direct marketing study said that they had refused to give information to a company because they thought it was either unnecessary or too personal.

Milne (1997) studied consumer reactions to specific information gathering practices in the direct marketing industry. Although he did not frame his research in the context of behaviors that consumers could adopt to protect their privacy, his findings indicate how consumers respond when factors which might influence their perceptions of privacy are introduced. Milne found respondents were more apt to join mailing lists when they were asked directly to join (opt-in) versus the traditional "opt-out" approach. Respondents were also more likely to agree to allow their names to be rented only when selected marketers would be able to obtain the lists. Importantly, Mime found an interaction between rental disclosure practice and third party selectivity. Respondents were least likely to comply with a request to join a mailing list when the disclosure of the rental practice was explicit than when no selectivity regarding who could rent the list was provided.

There are indications that online users act in manners similar to individuals in other marketing contexts when faced with privacy concerns. Comparable to Milne's findings (1997), online users withhold information or abstain from participating in activities that might cause privacy concern. Pitkow and Kehoe (1997) found that many online users do not visit sites requiring registration. Registration generally involves a user providing numerous information items about him or herself to access the site. Pitkow and Kehoe suggested that these individuals did not want to give out the information primarily since the web site did not provide information on how the data would be used. These individuals indicated that they would be more willing to provide data if the web site disclosed how they would use the information collected. Similarly, when faced with unsolicited e-mail, more than 60% of online users delete the mail without reading it (Pitkow and Kehoe 1997). This is yet another example of online users choosing no t to participate in the activity in response to privacy concern.

One unique feature of the Internet that online users treasure is the ability to participate in different activities anonymously (Kehoe, Pitkow and Morton 1997), which is another type of withholding behavior (i.e. withholding one's true identity). The presence of technologies such as anonymous remailers suggests that users enjoy the ability of not having their behaviors associated with their real self. Additionally, online advertisers who request user registration to access web sites or who include a "form" on their web site allowing users to answer surveys and provide information directly to the company are finding that users are reluctant to provide information about themselves in these registration activities. Online users may even withhold accurate information or provide inaccurate information about themselves when forced to do so (Fry 1996). SurveyNet (1997) reported that 13% of respondents to their web-based survey used "fake" e-mail addresses. Pitkow and Kehoe (1997) found that 40% of the respondents r egularly falsify information online, an increase of more than 20% from their previous study (Pitkow and Kehoe 1996). Respondents stated that they falsified information for several reasons: because the terms and conditions of the information use were not specified, because revealing the information was not worth the content of the site, and because they did not trust the sites.

A common theme regarding threats to online privacy is that once individuals become aware of these privacy violations, they take steps to protect their privacy. Without this awareness, it is impossible for individuals to protect themselves. Since online data gathering and other marketing activities can be performed to some extent without online users' knowledge, it will be difficult for these users to respond to any perceived threats to their privacy. However, as these previous examples have indicated, once individuals discover the practice, they will often take steps to protect their privacy. This is potentially damaging to advertisers for two reasons. First, advertisers would not have enough information about individuals to make sound managerial decisions. Second, advertisers would make poor decisions due to incorrect information. Either of these situations may result in decisions that could potentially abrogate any type of relationship and goodwill that the company has built with individuals.

Hypotheses

Given that privacy is highly contextual (e.g., Schoeman 1992), and that individuals will take steps to protect their privacy when they feel it has been violated, seven hypotheses are offered. Specifically, as individuals' concerns with privacy increase:

H1: the frequency with which they register for a web site will decrease.

H2: the frequency with which they provide inaccurate information to web sites which request information will increase.

H3: the frequency with which they provide incomplete information to web sites which request information will increase.

H4: the frequency with which they read unsolicited commercial e-mail will decrease.

H5: the frequency with which they contact an Internet Service Provider (ISP) about unsolicited e-mail will increase.

H6: the frequency with which they request their names be removed from mailing lists will increase.

H7: the frequency with which they send a highly negative message (i.e. a 'flame') to those sending unsolicited e-mail will increase.

Method

Overview

To investigate the seven hypotheses, an e-mail survey was sent to 3724 individuals whose e-mail addresses were randomly generated using the Four 11 Directory Service (http://www.four11.com). The 889 completed surveys constitute a 24% response rate. The survey included questions that assessed privacy concern with various online marketing-related scenarios, computer usage and demographic information, and past behaviors online. Respondents were asked to assess their privacy concerns with fifteen different online advertising and marketing practices that involved the collection and usage of information during online activities (see Table 1). These practices were adapted from other studies that assessed privacy concerns in both online and off-line contexts (e.g., Nowak and Phelps 1992; Rogers 1996; Sheehan and Hoy 1997b, 1998). From these previous studies, it was expected that five of the fifteen practices would generate a low level of concern, five of the practices would generate a moderate level of concern, and five of the practices would generate a high level of concern. The fifteen practices were provided in random order on the survey. Additionally, respondents were provided with seven actions they could adopt to safeguard their personal privacy online (see Table 1) and asked how often they took that action while online using a 1 (never) to 7 (always) interval scale.

Sampling Procedure

The sampling frame consisted of individuals with personal e-mail addresses who could be identified via the Four11 Directory Service, a global directory of 15 million names and e-mail addresses. The Four11 search engine allowed a search of an individual's email address based on completing some or all of the following search fields: name, city, state/province, country, or domain name of the ISP. The search field used to generate e-mail addresses for this study was "domain name." Thirty-five domain names were systematically selected from Network USA's Internet Service Provider Catalog, a comprehensive online list of commercial personal ISPs in the United States organized by state and area code. Every sixth service provider was selected for inclusion on the list resulting in representation of all regions of the country. No duplicate providers were selected.

By supplying only a domain name, the Four11 search engine provides either a complete list of entries if less than 200 people subscribe to the ISP or a randomly selected sample of 200 names and e-mail addresses within that domain if there were more than 200 entries. A random sample of provided addresses was used for the current study.

Survey Administration

One week before the survey was distributed, each prospective sample member received a solicitation email, which described the study and invited the individual to participate. This technique is frequently used in traditional mail surveys to enhance response rates and secure cooperation, but is imperative in the online environment because unsolicited e-mail surveys are "clearly unacceptable" (Mehta and Sivadas 1995). The e-mail solicitation provided potential respondents with the opportunity to indicate that they did not wish to receive the survey. Individuals who did not respond received the e-mail survey along with instructions on how to reply via e-mail and an assurance of confidentiality. Survey recipients were given the option of returning the survey via postal mail. This option was provided to allow the respondents to remain anonymous, if desired. Although there is no significant evidence that the lack of anonymity causes a decrease in response rates (Kanuk and Berenson 1975), the nature of the survey (i nformation privacy) obliged that the option of returning the survey through the U.S. postal service should be made available to respondents. Less than 2% of all responses were returned via postal mail, and these included the names of the individuals responding to the survey. This could indicate that individuals chose postal mail for reasons other than anonymity; for example, they may not have been able to use the reply function as instructed.

If the respondent had not returned the e-mail survey within one week, a reminder e-mail was sent along with another copy of the survey. Because return e-mail can include the sender's e-mail address, it was possible to identify individuals who had not yet responded and to insure that there were no duplicated responses (Sheehan and Hoy 1997a).

Two pretests of the procedure involving a total of 350 selected e-mail addresses revealed a 25% undeliverable e-mail rate, a 14% percent decline rate and a completed survey response rate of 23%. The traditional formula for calculating the necessary sample size to provide a representative sample of a population (McDaniel and Gates 1995) was used and resulted in a target sample size of 864 with a 95% confidence level. Therefore, assuming a 23% response rate, 3756 viable e-mail addresses would need to be solicited. To compensate for estimated undeliverable e-mail solicitations and replacement of individuals who declined to participate, 5000 e-mail addresses were selected. Actual administration of the solicitation and survey showed an undeliverable rate of 26%, a decline rate of 12% and a completed survey rate of 24%. A profile of respondents is provided in Table 2.

Hypotheses Test

To test the hypotheses, a variable was created called "total concern." This variable summed each of the concern scores for the fifteen situations described in Table 1. The total concern scores ranged from 15 to 105. A score of 15 would represent an individual for whom none of the situations caused concern with privacy. A score of 105 would represent an individual for whom every situation caused extreme concern with privacy. The mean total concern score was 58.86, with a standard deviation of 18.93. Cronbach's Alpha, an estimate of internal consistency, was .92. The total concern score was correlated with each of the seven behaviors to determine if a relationship existed between privacy concern and each of the seven behaviors. A summary of these correlations is provided in Table 3.

Results and Discussion

Registering for Web Sites

As predicted in Hypothesis 1, as individuals' concern with privacy increased, the frequency with which they registered for a web site decreased. In the current study, respondents occasionally registered for web sites (mean=3.17), and the likelihood of registering decreased as their concern increased. For the correlation between registering for web sites and the total sum of concern, the correlation coefficient is -0.21134. This negative coefficient is significant (p=.0001). This correlation coefficient was one of the highest of the seven correlations measured in this study. This result suggests that individuals view not registering as an optimal way to protect their own privacy.

This finding suggests a similarity between online and off-line behaviors with regard to registering and providing information. Nowak and Phelps (1992) found that 51% of respondents refused to give information to a direct marketer because respondents thought it was unnecessary or too personal. They also observed a decrease in providing information among the more concerned individuals in their study.

Providing Inaccurate Information When Registering

Contrary to Hypothesis 2, there was not a significant correlation (at .05) between individuals' concern with privacy and the frequency with which they provide inaccurate information to web sites which request information. While the correlation between registering and the total sum of concern is positive (0.08269), this correlation is not significant (p=0.0577). Not only was the correlation not significant, but respondents reported that they rarely provide inaccurate information (mean=2. 14).

This finding contradicts Pitkow and Kehoe's (1997) study which found that 40% of individuals regularly falsify information. The current study suggests that only about 15% of individuals falsify information more than half the time they are asked to provide it (calculated by summing the scores of 5, 6 and 7 from the response pool). This contradiction could be due to Pitkow and Kehoe's use of a web-based survey to collect data. Their results include responses from individuals who self-selected to participate in the study and thus would include respondents under the age of 18 as well as adults from outside of the United States; those groups might account for the difference. Additionally, Pitkow and Kehoe's study provided anonymity to individuals who respond to the survey while the current study provided confidentiality to individuals. This methodological difference might also account for the differences in response, since respondents to the current study may have provided more socially desirable answers given th e lack of anonymity. The tendency for certain traditional research methods to generate more socially desirable responses than others has been well documented (e.g., Hochstim 1967; Nuckols 1964; Rogers 1976).

Providing Incomplete In formation When Registering

As stated in Hypothesis 3, as individuals' concern with privacy increased, the frequency with which they provided incomplete information to web sites requesting information also increased. On average, respondents reported providing incomplete information during half of all online registrations (mean=3.65). For the total sum correlation, the correlation coefficient is 0. 13028, and the correlation is significant (p=0.000ll).

In a traditional marketing context, Harris-Equifax (1990) found that individuals often supply incomplete information in the course of a marketing exchange. However, no studies in either the traditional marketing context or the online marketing context have considered the correlation between privacy concern and providing incomplete information. This study shows that this relationship indeed exists. Providing incomplete information is one way that individuals can deal with the paradox presented by Cespedes and Smith (1993) as to how individuals can participate in the online environment without losing control of their own privacy. By not providing all the required information, individuals control the outflow of information about themselves without having to forfeit any online benefits.

Reading Unsolicited E-Mail

Contrary to Hypothesis 4, there does not appear to be a relationship between individuals' concern with privacy and the frequency with which they read unsolicited e-mail. Respondents reported reading about half of all unsolicited e-mail that they receive (mean=3.53). The mean score and total sum correlation coefficient is -0.07806. The negative coefficient suggests that as privacy concern increases, individuals are less likely to read their unsolicited e-mail. While the coefficient is negative, and therefore in the correct direction, the relationship is not significant (p=0.0652).

Individuals may continue to read unsolicited e-mail because it is still a novelty. For example, several respondents reported that the solicitation sent by this researcher was the first piece of unsolicited e-mail they had ever received. Ten percent of respondents reported never receiving unsolicited e-mail. Of those receiving unsolicited e-mail, about half reported receiving it only occasionally (several times a month or less). For individuals receiving a low volume of mail, reading unsolicited e-mail may not be seen as an inconvenience or a bother. Individuals might also be curious about the content of unsolicited e-mail, and this might influence whether they read the mail or not.

Notifying Internet Service Providers about Unsolicited E-Mail

As stated in Hypothesis 5, as individuals' concern with privacy increased, the frequency with which they contacted ISPs about unsolicited e-mail also increased. On average, respondents reported they rarely notify their ISPs about unsolicited e-mail (mean=1.76). The mean score correlated with the total concern score resulted in a Pearson Correlation Coefficient of .27841. The correlation is significant (p=.000l). This correlation was the strongest of all correlations measured in this study.

This behavior suggests that individuals are looking for assistance to protect their own privacy. Perhaps this behavior is similar to the "group backlash" phenomenon previously discussed (USA TODAY 1997). Individuals may hope that if enough complaints about offending advertisers are provided to their ISPs, the ISPs will take action against the advertiser. This type of action was seen when CompuServe addressed customer complaints by filing suit against several advertisers who sent mass e-mail to online users (USA TODAY 1997). Similarly, a group of online users who frequently read Usenet newsgroups complained to CompuServe about spamming to newsgroups. In response, CompuServe agreed to ban known spammers from joining CompuServe (New York Times 1997). In both these cases, users felt violated by the frequency of the unwanted contact, and concern reached a point where the ISP was contacted to resolve the situation.

Requesting Removal from Mailing Lists

As stated in Hypothesis 6, as individuals' concern with privacy increased, the frequency with which they requested that their names be removed from mailing lists also increased. Respondents reported that, on average, they occasionally requested removal from mailing lists (mean=2.83). The correlation between the total sum of concern and the activity is positive. The correlation coefficient is 0.12719, and is significant (p=0.0006). This "opting out" behavior is one that is seen in other contexts, specifically direct marketing (Maynard 1996). While formal "opting out" processes do not yet exist online, some mailers provide instructions to mail recipients on opting out from mail they send. In the direct marketing context, the incidence of "opting out" is increasing (Maynard 1996). In this study, it appears that the frequency of online users choosing to opt out increases as privacy concern increases.

Sending Highly Negative Messages ("Flaming")

As stated in Hypothesis 7, as individuals' concern with privacy increased, the frequency with which they sent a "flame" to those sending unsolicited e-mail also increased. Respondents reported that, on average, they rarely sent "flames" (mean=1.54). The correlation between the action and the total sum of concern is positive. The correlation coefficient is 0.11122, and is significant (p=0.0026).

The incidence of adopting this behavior is low overall. Pitkow and Kehoe (1997) also saw this low incidence. Since flaming can arguably be considered a "socially undesirable" behavior (since there is some malicious intent in the action--Gurak 1997), it could be that respondents were hesitant about indicating their adoption of this type of behavior in the study. However, the indication that increasing concern correlates with increasing frequency of flaming may indicate that a level of frustration with protecting their privacy may lead some respondents to adopt this socially undesirable behavior in some situations.

Discussion and Implications

Similar to Andreason and Best's (1977) findings, this study found that individuals do not regularly adopt a CCB response with regard to privacy concern; that is, they do not flame, complain or abstain from participating in online activities on a regular basis. The behavior most frequently adopted on average was providing incomplete information when registering for web sites (mean=3.65). This mean score suggests that individuals are adopting that specific behavior during less than half of their online registering activities. The other behaviors are adopted even less frequently. This inactivity may reflect individuals' lack of knowledge as to what options are available for protecting privacy online, similar to Maynard's (1996) findings with regard to the opting-out process with direct mail. For example, several individuals noted on their surveys that they weren't aware that they could provide inaccurate information. Additionally, other findings suggest online users tend to be fairly unresponsive to their dissa tisfaction with the Internet in general. For example, World Research Incorporated (1998) found that while about half of all Internet users were dissatisfied with their ISP, only about 16% were planning to change providers in the next six months.

It is important to note, however, that for five of the seven privacy-protecting behaviors assessed, the frequency of engaging in the behavior increased as concern with privacy increased. These findings refute Regan's (1995) supposition that there is a lack of correlation between privacy concern and resultant behavior. Indeed, there does seem to be a correlation between privacy concern and resultant behaviors. This study's findings suggest that Singh's (1988) taxonomy of CCB needs to be expanded to address more dimensions when privacy concern enters the picture. This study showed evidence that voice, private and third party COB responses were all adopted in response to online privacy concern. Online users adopt voice behaviors when they ask for removal from mailing lists or send flame messages to spammers. They adopt private behaviors when they tell others about problems they have had (such as responding to the study survey) or when they communicate their concern in newsgroups or in private e-mail. They adopt third party CCB responses when they complain to their ISPs about unsolicited e-mail. Additionally, a fourth category, withholding behaviors, is seen as an additional way that online users can safeguard their privacy. In this category of behaviors, individuals withhold information by providing inaccurate information, incomplete information, or by not registering for web sites. These withholding behaviors are unique because they combine elements of both voice and private actions: individuals are voicing their concern by not providing either the amount or the type of information requested by online advertisers.

The fifteen situations assessed involved two broad categories of practices: practices concerning the use of e-mail for advertising and marketing contacts, and practices concerning collection of data at web sites. The variation in total response scores was assessed to determine whether one or the other category accounted for increased privacy concerns among respondents. There did not appear to be an indication that one category accounted for higher levels of concern than the other. A difference in the frequency of adoption of those behaviors specific to the category was also not evident. For example, respondents who were highly concerned with web site registration issues (a practice concerning data collection) were as likely as respondents who were highly concerned with unsolicited e-mail issues (a practice concerning e-mail use) to notify their ISP about unsolicited e-mail. This finding suggests that online users may adopt a holistic approach to assessing Internet advertising and marketing practices, and do not discriminate based on the category of the practice.

The Problem of Poor Information

The reportage earlier of mean scores for the frequency of adopting a specific behavior may miss an important part of the overall privacy picture. A small percentage of online users are likely to adopt privacy protection behaviors fairly often. For example, about 15% of the respondents reported providing inaccurate information more than half the time when they registered for web sites. Almost 35% reported providing incomplete information more than half the time when they registered for web sites. Personalized online advertising is seen as one of the important benefits to advertising on the Internet (Jupiter Communications 1997), so much so that a company called Idealog has offered free computers to consumers who fit profiles desired by advertisers. Consumers receiving these computers will be exposed to advertising messages whenever they use the computer (Richtel 1999), and thus it is vital that advertisers have correct and complete information about customers to maximize their success online. However, given t he number of online users adopting behaviors to thwart this collection, the potential for this type of personalized communication may be impeded.

Online users' adoptions of these withholding behaviors suggest that advertisers need to build a relationship with potential consumers prior to information collection. Previous studies (Cespedes and Smith 1993; Rogers 1996; Sheehan and Hoy 1997a; 1998) have shown that consumer trust and confidence in advertisers increase when consumers have relationships with advertisers. Advertisers should be advised to build relationships in ways that are not seen as invasive of online users' privacy: that is, not through unsolicited e-mail or through some types of registration requests. Advertisers can build awareness through traditional advertising programs as well as non-invasive online advertisements like banner ads and listserv sponsorships. Advertisers should be cautioned against an over-reliance on data that is gathered from unknown respondents. It may be preferable for online advertisers to gather information from only those consumers with whom they have these relationships in order to insure that the information co llected is as clean as possible.

The Concern with Avoidance Behaviors

In this study, the strongest correlations seen were a negative correlation between privacy concern and registering for web sites (-0.21134) and a positive correlation between concern and contacting ISPs about unsolicited e-mail (0.27841). While one behavior is a withholding behavior and one is a third party behavior, both of these are avoidance behaviors. Individuals seek to avoid any contact with advertisers by either avoiding the web sites altogether, or by alerting their ISP to the problem. Avoidance behaviors have been studied as one way for individuals to cope with technology (Mick and Fournier 1998). As discussed earlier, many individuals believe any communication with an advertiser, even to request removal from a list or to send a "flame," will result in their names being placed on a list of confirmed "good" e-mail addresses, which would result in the receipt of even more e-mail. Avoidance behaviors are perhaps a solution to this problem. The written comments voluntarily provided by respondents indica ted that they adopted additional behaviors to avoid unwanted communications with advertisers. For example, respondents reported that they installed special programs on their computers, such as mail filters (programs that put all mass-mailed messages into a special file that individuals can immediately delete), and spam guards (programs that return mail from unrecognized senders directly back to the sender). These programs allow users to avoid many types of communication. Increasingly, ISPs are filtering unsolicited e-mail from their customer accounts on their behalf (Internet News 1998).

Respondents also mentioned other avoidance behaviors. Some individuals stated that they closed email accounts and opened new ones just to avoid the unsolicited e-mail. Others reported alerting authorities such as the Federal Trade Commission, Federal Communication Commission, and other government officials to unsolicited e-mail. While these behaviors allow individuals to avoid communicating with specific advertisers, they also presume that some action will be taken to address the problem. Avoidance behaviors may be preferred over confrontational behaviors where the individuals would interact with the advertiser because many individuals may see this direct communication as an invitation to more unsolicited e-mail.

Building relationships may be the solution to avoidance behaviors. If individuals have confidence in an advertiser, they may be more likely to "opt in" to receiving additional communications from that advertiser. Privacy policies are one way for advertisers to start building relationships with online users. A comprehensive privacy policy addressing all types of concerns is a good first step to develop trust among users. Advertisers might also recognize the holistic nature of user approaches toward privacy with a comprehensive policy.

Milne (1997) found that respondents would opt-in to be part of a mailing list, even if sensitive information was requested. He attributed this compliance to the existing relationship the respondents already had with advertisers. This suggests that advertisers must find ways to build relationships with consumers before an unsolicited contact or information request. A recent study (Internet News 1998) indicated that advertisements in online newsletters are successful, with 44% of newsletter readers taking some kind of action after seeing the ad and 40% of them visiting the web site noted in the ad. These types of advertisements (along with banner ads) appear to be less invasive than an unsolicited e-mail or a web site requiring registration, which may increase consumer confidence in their communications with online advertisers.

The Importance of Persuasion

It is important to note, however, that about 2% of respondents indicated in an open-ended format that they had taken an action requested by the unsolicited e-mail. For example, several stated that the invitation to the current survey was the only unsolicited email they had ever received, and responding to the survey was their action taken upon on receiving the e-mail. Two individuals indicated that they bought products advertised in an unsolicited e-mail, and three others stated they visited the web site that was mentioned in an unsolicited e-mail. Given that this study showed that individuals read unsolicited e-mail about half of the time they receive it, there are indications that this method could work for online advertisers, if the message is appropriate to the target audience and compelling enough for them to spend time reading.

These results echo other studies (NorthStar Interactive 1997) which found that many respondents said that the action they took depended on the content of the e-mail, so uninvited e-mail is not arbitrarily deleted from boxes. The NorthStar study also found that the e-mail topic line was key to determining whether individuals would or would not read a particular message. This suggests that the topic line must be compelling, persuasive and believable in order to maximize the chance of the e-mail being opened. Online advertisers, then, must focus on creating email messages that utilize the properties of a good advertising message regardless of the medium: an attention-getting opening and a compelling message that provides appropriate information and/or resonates with the selected target. The simplicity of implementing a mass e-mail program or an online registration screen should not override the need for a persuasive and targeted communication to appeal to appropriate consumers and optimize advertising goals.

Conclusions

This study investigated linkages between online privacy concerns and resultant behaviors using a national sample of e-mail users. While this study found several significant correlations between consumers' online privacy concerns and their behaviors, it is important to note that because the study used correlation to investigate such linkages one can not infer a causal relationship between privacy concern and behaviors. It is not yet known whether increases in the frequency of the behaviors examined in this study are actually due to privacy concern, or if the relationship is spurious. Additionally, the study examined only those concerns and behaviors associated with advertising and marketing activities; generalizing beyond this to other types of activities outside of the advertising arena (for example, concerns and behaviors associated with the collection and usage of medical records) is not possible.

The response rate of 24% may be considered a limitation to the study, and the study of sensitive topics such as privacy presents an ongoing challenge to researchers. As noted by Edwards (1993), individuals are often hesitant to discuss their privacy concerns with others. Indeed, an enhanced non-response rate appears to be a "hazard of the trade" when conducting research about sensitive topics. For example, Netemeyer, Burton, Cole, Williamson, Zucker, Bertman and Diefenbach (1998) had a response rate of 13% (n=385) to a mail survey regarding characteristics and beliefs related to pathological gambling which was sent to a regional, randomly selected sample. Similarly, Marshall (1998) reported a response rate of 12.8% (n=342) to a mail survey which was sent to a randomly selected sample in one public school district to examine issues related to support for public schools. These issues could be considered sensitive from a political viewpoint.

Many of the studies used by the media and the FTC as a basis for understanding the issue of online privacy concern are commissioned research, and either do not report response rates (e.g. Business Week 1998; Harris-Equifax 1996; Westin 1997) or else the concept of response rate is inappropriate due to the selfselection of respondents (i.e. non-probability sampling method used for participation in web-based surveys such as Pitkow and Kehoe 1996; 1997). In its discussion of their telephone survey methodology, the Gallup Organization (1999) states that "probability sampling is the fundamental basis for all survey research. The basic principle: a randomly selected, small percent of a population of people can represent the attitudes, opinions, or projected behavior of all of the people, if the sample is selected correctly (The Gallup Organization 1999)." Gallup goes on to point out that their typical surveys consist of a sample of about 1000 adults. The Gallup Organization's discussion does not address the issue of response rate (i.e. the number of telephone exchanges they dial to generate 1000 completed surveys) nor how the sensitivity of the survey topic might impact response rate and thus generalizability to the population at large.

It could be argued that individuals who are most concerned about privacy are not participating in the telephone surveys conducted by the national polling firms (e.g. Business Week 1998; Harris-Equifax 1996; Roper 1998; Westin 1997) because they are using answering machines or caller ID to screen their calls. An additional factor to note is the absence of the peer review process for these commissioned studies conducted by polling organizations. Currently, the primary source of previous research regarding online consumer privacy concern comes from non-academic citations. Our study's response rate of 24% does limit its generalizability to all online consumers' privacy concern and resultant CCB behavior. However, our study represents a national sampling frame, probability sampling method, sufficient sample size, and appropriate survey methodology for soliciting information from online consumers to provide foundational insight into this issue.

Given these limitations, however, this study provides guidelines for additional research in this area. Most importantly, controlled experiments could be designed to examine whether privacy concern actually causes individuals to engage in behavior to protect their own privacy online. Additionally, a wider range of behaviors, including the adoption of technological fixes such as spam guards and mail filters, could be studied. These behaviors can be examined to see if they are CCB responses to privacy concern. If so, a more comprehensive taxonomy of CCB responses to privacy concern can be developed. This study found, for example, similarities between two types of behaviors (voice and withholding behaviors) that could be seen as avoidance behaviors. A comparison of CCB responses to privacy concern and CCB responses in post-purchase situations could be undertaken. Additionally, a taxonomy of respondents, similar to Singh's (1990) taxonomy can be developed to analyze similarities and differences between online use rs. Finally, the impact of possible government regulation on both privacy concern and resultant behaviors should be examined. For example, in the time since this study was completed, the government has passed legislation requiring that online advertisers notify users when they are collecting information about children under the age of 13 (TechWeb 1999). This type of legislation, if enforceable, may lessen concern and increase confidence among online consumers. After a sufficient amount of time to watch the current legislation and determine if it is enforceable and to study whether online users become aware of the legislation, a replication of the current study would indicate whether the legislation had any effects on privacy concern and resultant behaviors.

Kim Bartel Sheehan (Ph.D., University of Tennessee) is an Assistant Professor at the University of Oregon.

Mariea Grubba Hoy (Ph.D., Oklahoma State University) is an Associate Professor at the University of Tennessee-Knoxville.

This study was funded in part by an award from the American Academy of Advertising. The authors wish to express their appreciation to Dr. Les Carlson and three anonymous reviewers for their helpful comments on earlier drafts of this article.

References

Andreason, Alexander and Arthur Best (1977), "Consumers Complain--Does Business Respond?" Harvard Business Review, (July), 93-96.

Bolt, Andrew (1997), Blacklist of Internet Advertisers [Internet, WWW], http://www.its.caltech.edu/[tilde]cbrown/BL/.

Business Week (1998), "A Little Privacy, Please," Business Week, 16, 98-100.

Cespedes, Frank V. and H. Jeff Smith (1993), "Database Marketing. New Rules for Policy and Practice," Sloan Management Review, 3 (Summer), 7-23.

ClickZ (1998), ClickZ Survey on Privacy [Internet, WWW], http://www.searchz.com/clickz/06l198.html.

CNN Interactive (1999), Privacy Groups to Announce Boycott of Intel Products [Internet, WWW], http://www.cnn.com/TECH/computing/990l/25/intel.privacy.

Culnan, Mary (1995), "Consumer Awareness of Name Removal Procedures: Implications for Direct Marketing," Journal of Direct Marketing, 9 (Spring), 12-18.

CyberDialogue/FINDSVP (1998), Email: Primary Online Business Application (Internet, WWW], http://www.cyberdialogue.com.

Edwards, Richard (1993), "An Education in Interviewing: Placing the Researcher and the Research," in Researching Sensitive Topics, C. Renzetti & R. M. Lee eds., Newbury Park, California: Sage, 45-57.

Federal Trade Commission (1998), Privacy Online: A Report To Congress [Internet, WWW], http://www.ftc.gov.

Fry, Jeff (1996), "The Move 'Beyond the Banner' Demands Better Measurements," Wall Street Journal Interactive [Internet, WWW], http://www.wsj.com.

The Gallup Organization (1999), How Polls Are Conducted [Internet, WWW], http://www.gallup.com/The_Poll/hpac.asp.

Gurak, Laura (1997), Persuasion and Privacy in Cyberspace, New Haven: Yale University Press.

Harris-Equifax Consumer Privacy Survey (1990), Atlanta: Equifax.

Harris-Equifax Consumer Privacy Survey (1996), Atlanta: Equifax.

Harvey, Drew A. (1996), "Online Privacy Fears Draw Upon Fantasy as Well as Fact [Internet, WWW]," Wall Street Journal Interactive, http://www.wsj.com.

Hirschman, Albert O. (1970), Exit, Voice and Loyalty: Responses to Declines in Firms, Organizations and States, Cambridge, MA: Harvard University Press.

Hochstim, James R. (1967), "A Critical Comparison of Three Strategies of Collecting Data from Households," American Statistical Association Journal, 62, 977.989.

Internet News (1998), Email Advertising Works [Internet, WWW], http://www.nua.ie/surveys/index.cgi?service=view_survey&survey_number =740&rel=no.

Jupiter Communications (1997), Market Research on the Consumer Online Industry [Internet, WWW], http://www.jup/com.

Kanuk, Leslie and Conrad Berenson (1975), "Mail Surveys and Response Rates: A Literature Review," Journal Of Marketing Research, 12, 440-453.

Kehoe, Colleen, James Pitkow and Kimberly Morton (1997), Eighth WWW User Survey [Internet, WWW], http://www.cc.gatech.edu/gvu/user_surveys/survey-1997-10/.

Keaveney, Susan M (1995), "Consumer Switching Behavior in Service Industries: An Exploratory Study," Journal of Marketing, 59 (April), 71-83.

Marshall, Kimball P. (1998), "Generalized Exchange and Public Policy: An Illustration of Support for Public Schools," Journal of Public Policy and Marketing, 17 (Fall), 274-286.

Maynard, Michael L. (1996), "Privacy as a Commodity: Implications for Direct Marketing Policy Makers," in Marketing and Public Policy Conference Proceedings, Ronald Paul Hill and Charles Ray Taylor, ads., Vol. 6, Chicago: American Marketing Association, 10-15.

McDaniel, Carl and Robert Gates (1995), Contemporary Marketing Research, Minneapolis: West Publishing.

Mehta, Rajiv and Ernst Sivadas (1995), "Comparing Response Rates and Response Content in Mail versus Electronic Mail Surveys," Journal of the Marketing Research Society, 17(4), 429-440.

Mick, David and Susan Fournier (1998), "Paradoxes of Technology: Consumer Cognizance, Emotions and Coping Strategies," Journal of Consumer Research, 25 (September), 125-146.

Milne, George (1997), "Consumer Participation in Mailing Lists: A Field Experiment," Journal of Public Policy and Marketing, 16 (Fall), 298-315.

Netemeyer, Richard G., Scot Burton, Leslie K. Cole, Donald A. Williamson, Nancy Zucker, Lisa Bertman and Gretchen Diefenbach (1998), "Characteristics and Beliefs Associated with Probable Pathological Gambling: A Pilot Study with Implications for the National Gambling Impact and Policy Commission," Journal of Public Policy and Marketing. 17 (Fall), 147-160.

New York Times (1997), Usenet Confronts CompuServe Spammers [Internet, WWW], http://www.nua.ie/surveys/index.cgi?f=VS&art_id=88124696&rel=true.

NorthStar Interactive (1997), Unsolicited Email -- Top Line Summary [Internet, WWW], http://www.primenet.com/[tilde]esearch/sv-97aac.htm.

Nowak, Glen J. and Joseph Phelps (1992), "Understanding Privacy Concerns: An Assessment of Consumers' Information Related Knowledge and Beliefs," Journal of Direct Marketing, 6 (Autumn), 28-39.

Nuckols, Robert C. (1964), "Personal Interview Versus Mail Panel Survey," Journal Of Marketing, 1, 11-16.

Pitkow, James E. and Colleen Kehoe (1996). Sixth WWW User Survey [Internet, WWW], http://www.cc.gatech.edu/gvu/user_surveys/survey-04- 1996/

Pitkow, James E. and Colleen Kehoe (1997), Seventh WWW User Survey [Internet, WWW], http://www.cc.gatech.edu/gvu/user_surveys/survey-04-1997/.

Regan, Patricia (1995), Legislating Privacy: Technology, Social Values and Public Policy, Chapel Hill: University of North Carolina Press.

Richards, Jef I. (1997), "Legal Potholes on the Information Superhighway," Journal of Public Policy and Marketing, 16 (Fall), 319-326.

Richtel, Matt (1999), "Plan for Free PC's has Few Attachments," The New York Tunes On the Web [Internet, WWW], http://www.nytimes.com/library/tech/99/02/biztech/article/.

Rogers, Jean L. (1996), "Mail Advertising and Consumer Behavior," Psychology and Marketing, 13 (Winter), 211-233.

Rogers, Thomas (1976), "Interviews by Telephone and In Person: Quality of Responses and Field Performance," Public Opinion Quarterly, 40 (Spring), 51-56.

Roper Starch Worldwide (1998), Nearly Half of Internet Users Say Internet Online Becoming a Necessity [Internet, WWW], http://www.roper.com/news/content/ news86.htm.

Schoeman, Frederick (1992), Privacy and Social Freedom, Cambridge: Cambridge University Press.

Sheehan, Kim Bartel and Mariea Grubbs Hay (1998), "Privacy and On-Line Consumers: Comparisons with Traditional Consumers and Implications for Advertising Practice," in Proceedings of the 1998 Conference of the American Academy of Advertising, Darrel D. Muehling, ed, Pullman, Washington: Washington State University, 77-78.

Sheehan, Kim Bartel and Mariea Grubbs Hoy (1997), "E-mail Surveys: Response Patterns, Process and Potential," in Proceedings of the 1997 Conference of the American Academy of Advertising, Cincinnati, OH: University of Cincinnati, 231-232.

Sheehan, Kim Bartel and Mariea Grubbs Hoy (1997), "Warning Signs on the Information Highway: An Assessment of Privacy Concerns of On-line Consumers," Presented at the Association for Education in Journalism and Mass Communications Annual Conference, August 2, 1997, in Chicago, IL.

Singh, Jagdip (1988), "Consumer Complaint Intentions and Behavior: Definitional and Taxonomical Issues," Journal of Marketing, 52 (January), 93-107.

Singh, Jagdip (1990), "A Typology of Consumer Dissatisfaction Response Styles," Journal of Retailing, 66 (Spring), 57-99.

SurveyNet (1997), Internet SPAM/UCE Survey #1 [Internet, WWW], http://www.surveynet.com.

TechWeb (1998), US Passes Controversial Child Protection Law [Internet, WWW], http://www.nua.ie/surveys/index.cig?f = VS&art_id=905354414&rell=true.

USA TODAY (1997), "Judges Stop Spammers on AOL, CompuServe," USA TODAY, February 5, 1997.

Webb, Eugene (1981), Nonreactive Measures in the Social Sciences, Boston: Houghton Mifflin.

Westin, Alan (1997), Privacy and American Business Study [Internet, WWW], http://www.pandab.org/pabsurve.htm.

Winner, Langdon (1991), "A Victory for Computer Populism," Technology Review, 94 (May), 66.

World Research Incorporated (1998), ISP Satisfaction Survey Results [Internet, WWW],http://www.survey.com/ispresults.html.

Situations and Behaviors Presented in Survey

Situations [*]

You receive e-mail from a company you have sent e-mail to in the past.

You receive e-mail from a company whose web page you recently visited.

You receive an e-mail and have no idea how the company got your address.

A company requests your e-mail address only to send information of interest.

A notice on a web page states that information collected is used by other divisions of that company.

A notice on a web page states that information collected on that web page may be sold to other companies.

You are asked to provide your name to access home page.

You are asked to provide names of newsgroups read to access home page.

You are asked to provide your Social Security Number to access home page.

You receive e-mail about a new product from a company you currently do business with.

You receive e-mail about a new product from known company you don't do business with.

You receive e-mail about a new product from a company you've never heard of.

A web page requires your e-mail address to access the page. Upon registration, you will receive a mouse pad

A web page requires your e-mail address to access the page. Upon registration, you will receive a 25% discount on future purchases.

A web page requires your e-mail address to access the page. Upon registration, you will be entered in a contest to win a computer (value: $1000).

Behaviors [**]

Reading unsolicited e-mail.

Registering (i.e. providing information about oneself) for Web sites.

Providing inaccurate information when registering for web sites.

Providing incomplete information when registering for web sites.

Notifying Internet Service Providers about unsolicited e-mail.

Requesting removal from e-mail lists.

Sending highly negative messages to entities sending unsolicited e-mail (e.g. "flaming")

(*.) Concern with privacy in each situation measured using a 1-7 scale where 1=not at all concerned and 7=extremely concerned.

(**.) Frequency of adopting behavior measured using a 1-7 scale where 1=never take action and 7=always take action

                 Respondent Profile: Demographics (N=889)
Demographic Characteristic
Gender                     Male
                           Female
Age                        18-24
                           25-34
                           35-44
                           45-54
                           55-64
                           65+
Household Income           Less than $20,000
                           $20,000-39,999
                           $40,000-59,999
                           $60,000-79,999
                           $80,000-99,999
                           $100,000+
Education Level            High School or Equivalent
                           Bachelor's Degree
                           Master's Degree
                           Doctoral Degree
Adopt an Online            Yes
Personae                   No
Access the WWW             Yes
in Past Six Months         No
Percent of Time Spent      Home
Online by Place            Work
of Access                  School
                           Other
Frequency of               Several Times each Day
Checking E-Mail            Once per Day
                           Several Times each Week
                           One time each Week
                           Less Often than One Time Each Week
Demographic Characteristic Percentage of Respondents
Gender                               70.4%
                                     29.6
Age                                  16.7%
                                     25.5
                                     27.3
                                     20.7
                                      7.1
                                      3.0
Household Income                      5.7%
                                     21.7
                                     28.6
                                     21.7
                                     12.7
                                      9.6
Education Level                      38.7%
                                     40.0
                                     15.7
                                      5.6
Adopt an Online                      28.6%
Personae                             71.4
Access the WWW                       99.0%
in Past Six Months                    1.0
Percent of Time Spent                72.8%
Online by Place                      22.0
of Access                             4.1
                                      1.1
Frequency of                         66.2%
Checking E-Mail                      20.6
                                     11.2
                                      1.7
                                      0.2
                   Correlations Between Online Behaviors
                           and Total Concern [*]
                                             Mean Frequency
H Behavior                                    of Behavior [+]
1 Registering for web site [++]                   3.17
2 Providing inaccurate information                2.14
3 Providing incomplete information                3.65
4 Reading unsolicited e-mail [++]                 3.53
5 Notifying ISP about unsolicited e-mail          1.76
6 Requesting removal from mailing list            2.83
7 Sending highly negative response ("flame")      1.54
  Correlation With
H  Total Concern [*]  Prob
1    -0.21134        0.0001
2     0.08269        0.0577
3     0.13028        0.0011
4    -0.07806        0.0652
5     0.28841        0.0001
6     0.12719        0.0006
7     0.11122        0.0026
(*.)Sum of all scores for privacy concern
(+.)1=never take action, 7=always take action
(++.)=correlation hypothesized to be negative