Information Privacy and Security for e-CRM

Introduction

New technologies have fostered a shift from a transaction-based economy through an Electronic Data Interchange (EDI) informational-exchange economy to relationship-based Electronic Commerce (EC) one (Keen 1999.) We have moved from “first order” transactional value exchanges through “second-order” informational value exchanges to “third-order” relational value exchanges (Widmeyer 2004.) Three important types of EC relationships have been identified: between enterprises and customers (B2C); between enterprises (B2B); and between customers (C2C) (Kalakota 1996.). Additional relationships between Governments (G2G), enterprises (G2B) and customers (G2C) have become more important as EC and e-government have matured and legislation, regulation and oversight have increased (Friel 2004; Reddick 2004); however these are not the focus of this paper. Relational value exchanges have become central to success and competitive advantage in B2C EC and it here that we focus on privacy and security in the age of virtual relationships.

Both enterprises and customers must carefully manage these new virtual relationships to ensure that they derive value from them and to minimize the possible unintended negative consequences that result from the concomitant exchange of personal information that occurs when goods are services are purchased through EC. The need to manage these relationships has resulted in the development of Electronic Customer Relationship Management (eCRM) systems and processes (Romano and Fjermestad 2001-2002). eCRM is used for different reasons by enterprises and customers. It is important to understand how and why both of the players participate in “relational value exchanges” that accompany the economic transaction and informational value exchanges of EC.

Enterprises use eCRM to establish and maintain intimate virtual relationships with their economically valuable customers to derive additional value beyond that which results from economic value exchanges to improve return-on-investment from customer relationships.

Customers obtain goods, services and information (economic value) through EC for purposes such as convenience, increased selection and reduced costs. EC requires customers to reveal personal information to organizations in order for transactions to be completed. The exchange of information between customers and organizations leads to the possibility of privacy violations perpetrated against the customer and the responsibility for organizations to provide privacy policies and security measures that will engender customer trust.

In this paper we present a series of models “sphere of privacy model,” “sphere of security model,” “privacy/security sphere of implementation model,” and then integrate them into the “relational value exchange model” to explain privacy and security in the context of eCRM from the perspective of both customers and enterprises to provide guidance for future research and practice in this important area. It is important for both customers and firms to understand each others’ vested interests in terms of privacy and security and to establish and maintain policies and measures that ensure both are satisfactorily implemented to minimize damage in terms of unintended consequences associated with security breaches that violate privacy and lead to relationship breakdowns.

The reminder of this paper is structured as follows: First, we explain why privacy and security are critically important issues for companies and customers that engage in EC and the consequences that can result from failure to recognize their importance or poor implementation of measures to ensure both for the organization and its customers. Second, we define privacy and security and their interrelationship in the context of CRM. Third, we present our relational value exchange model for privacy and security in eCRM; next, we discuss