Abstract
The occurrence of information privacy breaches is increasing recently in both private companies and public organizations in many countries. These incidents have raised public concerns and made an organization’s response more and more important. This research categorizes responses by companies in case of privacy breach incidents into four kinds: apology, compensation, managerial step, and information provision. By reviewing existing research about trust repair, this study proposes possible research suggestions about repair after privacy breach incidents.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Angst CM & Agarwal R (2009) Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly 33(2):339–370.
Bottom WP, Gibson K, Daniels S, & Murnighan JK (2002) When talk is not cheap: Substantive penance and expressions of intent in the reestablishment of cooperation. Organization Science 13(5):497–513.
Crant JM & Bateman TS (1993) Assignment of credit and blame for performance outcomes. Academy of Management Journal 36(1):7–27.
Desmet PTM, Cremer DD, & van Dijk E (2010) On the psychology of financial compensations to restore fairness transgressions: when intentions determine value. Journal of Business Ethics 95(Supplement 1):105–115.
Desmet PTM, Cremer DD, & van Dijk E (2011) In money we trust? The use of financial compensations to repair trust in the aftermath of distributive harm. Organizational Behavior and Human Decision Processes 114(2):75–86.
Dinev T & Hart P (2005) Internet privacy concerns and social awareness as determinants of intention to transact. International Journal of Electronic Commerce 10(2):7–29.
Dinev T & Hart P (2006) An extended privacy calculus model for e-commerce transactions. Information Systems Research 17(1):61–80.
Dirks KT, Lewicki RJ, & Zaheer A (2009) Repairing relationships within and between organizations: building a conceptual foundation. Academy of Management Review 34 (1):68–84.
Dirks KT, Kim PH, Ferrin DL, & Cooper CD (2011) Understanding the effects of substantive responses on trust following a transgression. Organizational Behavior and Human Decision Processes 114(2):87–103.
Donovan F (2013) Data breaches are significantly underreported, survey of IT pros finds. http://www.fierceitsecurity.com/story/data-breaches-are-significantly-underreported-sur vey-it-pros-finds/2013-11-10. Accessed on 2014-09-23.
Ferrin DL & Dirks KT (2003) The use of rewards to increase and decrease trust: Mediating processes and differential effects. Organization Science 14(1):18–31.
Ferrin DL, Kim PH, Cooper CD, & Dirks KT (2007) Silence speaks volumes: The effecttiveness of reticence in comparison to apology and denial for repairing integrity-and competence-based trust violations. Journal of Applied Psychology 92(4):893–908.
Finkel E, Rusbult CE, Kumashiro M, & Hannon PA (2002) Dealing with betrayal in close relationships: Does commitment promote forgiveness. Journal of Personality and Social Psychology 82(6):956–974.
Gillespie N & Dietz G (2009) Trust repair after an organization-level failure. Academy of Management Review 34(1):127–145.
Griffin M, Babin BJ, & Attaway JS (1991) An empirical investigation of the impact of negative public publicity on consumer attitudes and intentions. In: Holman RH and Solomon MR (eds.) Provo UT: Advances in Consumer Research 18:334–341.
Heider F (1958) The Psychology of Interpersonal Relations. Wiley, New York.
Hong SJ & Lee SH (2010) The effect of services recovery effort on continuous use intention of internet user-focusing mainly on personal information security exposure. Journal of the Korea Safety Management and Science 12(2):89–97.
Informationweek (2014a) What healthcare can learn from CHS data breach. http://www.informationweek.com/healthcare/security-and-privacy/what-healthcare-can-learn-fromchs- data-breach/a/d-id/1317696. Accessed on 2014-11-27.
Informationweek (2014b) Worst government data breaches of 2014. http://www.informationweek.com/government/cybersecurity/4-worst-government-data-breaches-of-2014/d/ d-id/1318061. Accessed on 2014-12-11.
ITRC (Identity Theft Resource Center) (2014) Data Breach Reports.
Jones GR & George JM (1998) The experience and evolution of trust: Implications for cooperation and teamwork. Academy of Management Review 23(3):531–546.
Kim PH, Ferrin DL, Cooper CD, & Dirks KT (2004) Removing the shadow of suspicion: The effects of apology versus denial for repairing competence-versus integrity-based trust violations. Journal of Applied Psychology 89(1):104–118.
Kim PH, Dirks KT, Cooper CD, & Ferrin DL (2006) When more blame is better than less: The implications of internal vs. external attributions for the repair of trust after a competence-vs. integrity-based trust violation. Organizational Behavior and Human Decision Processes 99(1):49–65.
Kim PH, Dirks KT, & Cooper CD (2009) The repair of trust: a dynamic bilateral perspective and multilevel conceptualization. Academy of Management Review 34(3):401–422.
KISA (2010) Whitepapers on national information privacy protection in Korea, 2002-2010.
Komorita SS & Mechling J (1967) Betrayal and reconciliation in a two-person game. Journal of Personality and Social Psychology 6(3):349–353.
Lewicki RJ & Bunker BB (1996) Developing and maintaining trust in work relationships, In Kramer RM & Tyler TR (Eds.) Trust in organizations: Frontiers of theory and research. Sage, Thousand Oaks, CA. 114–139.
Lewicki DJ, McAllister DJ, & Bies RJ (1998) Trust and distrust: New relationships and realities. Academic Management Review 23(3):438–458.
Malhotra A & Malhotra CK (2011) Evaluating customer information breaches as service failures: An event study approach. Journal of Service Research 14(1):44–59.
Malhotra NK, Kim SS, & Agarwal J (2004) Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research 15(4):336–355.
Mattila AS (2009) How to handle PR disasters? An examination of the impact of communication response type and failure attributions on consumer perceptions. Journal of Services Marketing 23(4):211–218.
Mayer RC, Davis JH, & Schoorman FD (1995) An integrative model of organizational trust. Academy of Management Review 20(3):709–734.
McAfee & SAIC (2011) Underground economies: Intellectual capital and sensitive corporate data now the latest cybercrime currency. http://www.ndia.org/Divisions/Divisions/ Cyber/ Documents/rp-underground-economies.pdf. Accessed on 2014-05-15.
Moon B & Rhee Y (2009) Apology advertising message strategies and forgiveness in organizational crisis: An experimental study of a personal information leakage case. Korean Journal of Journalism and Communications Studies 53(6):354–421.
Morrison EW, Robinson SL (1997) When employees feel betrayed: A model of how psychological contract violation develops. Academy Management Review 22(1):226–256.
Nakayachi K & Watabe M (2005) Restoring trustworthiness after adverse events: The signaling effects of voluntary ‘hostage posting’ on trust. Organizational Behavior and Human Decision Processes 97(1):1–17.
NYMITY http://www.nymity.com/Free_Privacy_Resources/Privacy_Breach_Analysis.aspx. Accessed on 2014-06-25.
Ohbuchi K, Kameda M, & Agarie N (1989) Apology as aggression control: Its role in mediating appraisal of and response to harm. Journal of Personality and Social Psychology 56(2):219–227.
Ponemon Institute (2008) Consumers’ Report Card on Data Breach Notification. Research Report by Ponemon Institute LLC., April 15, 2008.
Ponemon Institute (2010) 2009 Annual study: Global cost of data breach. Research Report by Ponemon Institute LLC., Symantec Corporation, April 2010.
Ponemon Institute (2011a) 2010 Annual Study: U.S. Cost of a Data Breach. Ponemon Institute, LLC., Symantec Corporation.
Ponemon Institute (2011b) 2010 Annual study: Global cost of data breach. Ponemon Institute LLC., Symantec Corporation, May 2011.
Ponemon Institute (2012) 2011 Cost of Data Breach Study: Global. Ponemon Institute LLC., Symantec Corporation, March 2012.
Ponemon Institute (2013) 2013 Cost of Data Breach Study: Global Analysis. Ponemon Institute LLC., Symantec Corporation, May 2013.
Ponemon Institute (2014a) 2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute LLC., Symantec Corporation, May 2014.
Ponemon Institute (2014b) The Aftermath of a Data Breach: Consumer Sentiment. Ponemon Institute LLC., Symantec Corporation, April 2014.
Poppo L & Schepker DJ (2010) Repairing public trust in organizations. Corporate Reputation Review 13(2):124–141. PRC http://www.privacyrights.org/data-breach/new. Accessed on 2014-12-14.
Ren H & Gray B (2009) Repairing relationship conflict: How violation types and culture influence the effectiveness of restoration rituals. Academy of Management Review 34 (1):105–126.
Rhee M & Valdez ME (2009) Contextual factors surrounding reputation damage with potential implications for reputation repair. Academy of Management Review 34(1):146–168.
Riordan CA, Marlin NA & Kellogg RT (1983) The effectiveness of accounts following transgression. Social Psychology Quarterly 46(3):213–219.
Schlenker BR & Darby BW (1981) The use of apologies in social predicaments. Social Psychology Quarterly 44(3):271–278.
Schweitzer ME, Hershey JC, & Bradlow ET (2006) Promises and lies: Restoring violated trust. Organizational Behavior and Human Decision Processes 101(1):1–19.
Sitkin SB & Roth NL (1993) Explaining the limited effectiveness of legalistic ‘remedies’ for trust/distrust. Organization Science 4(3):367–392.
Sigal J, Hsu L, Foodim S, & Betman J (1988) Factors affecting perceptions of political candidates accused of sexual and financial misconduct. Political Psychology 9(2):273–280.
Smith A, Bolton R, & Wagner J (1999) A model of customer satisfaction with service encounters involving failure and recovery. Journal of Marketing Research 36(3):356–372.
Son JY & Kim SS (2008) Internet users’ information privacy-protective response: A taxonomy and a nomological model. MIS quarterly 32(3):503–529.
Takaku S (2001a) The effects of apology and perspective taking on interpersonal forgiveness: A dissonance-attribution model of interpersonal forgiveness. Journal of Social Psychology 141(4):494–508.
Takaku S, Weiner B, & Ohbuchi KI (2001b) A cross-cultural examination of the effects of apology and perspective taking on forgiveness. Journal of Language and Social Psychology 20(1/2):144–166.
Target Inc. (2014) Target Provides Preliminary Update on Second-Quarter Expenses Related to the Data Breach and Debt Retirement. http://pressroom.target.com/news/target-provides-preliminary-update-on-second-quarter-expenses-related-to-the-data-breach-and-de bt-retirement. Access on 2014-09-05.
Tomlinson EC, Dineen BR, & Lewicki RJ (2004) The road to reconciliation: Antecedents of victim willingness to reconcile following a broken promise. Journal of Management 30(2):165–187.
Tomlinson EC & Mayer RC (2009) The role of causal attribution dimensions in trust repair. Academy of Management Review 34(1):85–104.
USA Today (2014) JP Morgan reveals data breach affected 76 million households, http://www.usatoday.com/story/tech/2014/10/02/jp-morgan-security-breach/16590689/. Accessed on 2014-10-15.
Utz S, Matzat U, & Snijders C (2009) On-line reputation systems: The effects of feedback comments and reactions on building and rebuilding trust in on-line auctions. International Journal of Electronic Commerce 13(3):95–118.
Verizon Risk Team, U.S. Secret Servicem, & Dutch High Tech Crime Unit (2011) 2011 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/report/rp_databreach-investigations-report-2011_en_xg.pdf. April 2011. Accessed on 2014-05-12.
Wang S & Huff LC (2007) Explaining buyers’ respondes to seller’s violation of trust. European Journal of Marketing 41(9/10):1033–1052.
Washington Post (2014) Target says up to 70 million more customers were hit by December data breach, http://www.washingtonpost.com/business/economy/target-says-70-millioncustomers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html. Accessed on 2014-05-15.
Weiner B (1985) An attributional theory of achievement motivation and emotion. Psychological Review 92(4):548–573.
Weiner B (1986) An attributional model of motivation and emotion. Springer-Verlag, New York.
Wilson J (1988) Why forgiveness requires repentance. Philosophy 63(246):534–535.
Wood RE & Mitchell TR (1981) Manager behavior in a social context: The impact of impression management on attributions and disciplinary actions. Organizational Behavior and Human Decision Processes 28(3):356–378.
Xie Y & Peng S (2009) How to repair customer trust after negative publicity: The roles of competence, integrity, benevolence, and forgiveness. Psychology and Marketing 26(7): 572–589.
Author information
Authors and Affiliations
Corresponding author
Additional information
Lili Wan is a professor of business administration division in Hankook University of Foreign Studies in Korea. She holds a Bachelor degree from Tongji Medical College of Huazhong University of Science and Technology, a Master degree from Peking Union Medical College, Tsinghua University in China, and a Ph. D. from Korea University. Her research interests include areas such as medical information system, e-business, online privacy, and mobile business.
Chao Zhang is a doctoral student of digital management department in Korea University in Korea. He holds a Bachelor degree from Shandong Economic College, a second Bachelor degree from Beijing University in China, and a master degree from Korea University. His research interests include areas such as e-commerce system, online privacy and online security.
Rights and permissions
About this article
Cite this article
Wan, L., Zhang, C. Responses to trust repair after privacy breach incidents. J Serv Sci Res 6, 193–224 (2014). https://doi.org/10.1007/s12927-014-0008-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12927-014-0008-2