Privacy over the Internet in Malaysia: A Survey of

General Concerns and Preferences among Private Individuals

by
Dr Muniruddeen Lallmahamood
ABSTRACT
This study sought to examine online privacy concerns and their relationship with several
factors, namely online purchase, privacy policy, Web cookies, privacy laws, Internet seal
of approval, gender and Internet usage towards privacy concerns. Seven hypotheses were
suggested for the above examination. Questions that made up the main survey instrument
were based on numerous surveys which have been conducted to assess levels of privacy
concerns in the United States in recent years. The 206 respondents were mainly from the
urban areas of Malaysia. Overall, it was found that the respondents were highly
concerned (92.4%) about privacy matters. Only one of the seven hypothetical situations
was substantiated, while the difference between Internet buyers and non-Internet buyers,
gender and the influence of Web cookies, privacy laws, Internet seal of approval and
Internet usage showed no relationship to an individuals privacy concern. Therefore, the
posting of privacy policy over websites and providing clear and valid information on the
purpose of data collection may be a pre-requisite condition for website operators. This
study is one of the first online privacy studies in Malaysia and thus may contribute to the
literature in the field of online privacy in Malaysia.

Keywords: Privacy, E-commerce, Cyberlaws
I. INTRODUCTION

Malaysia is positioning itself as a premier investment hub for ICT and multimedia in
Asia, and new developments are taking place in this field on a daily basis. The Malaysian
governments most important initiative in the global information communication and
telecommunication (ICT) industry has been the creation of the Multimedia Super
Corridor or MSC (MDC, 2005).

Today, Malaysia is attracting global ICT companies to locate their industries in the MSC.
These companies along with local companies are undertaking research, developing new
products and technologies. For instance, the national multipurpose card and tele-health
applications are amongst the first initiatives to jumpstart the MSC vision and create a
multimedia utopia for innovative producers and users of multimedia technology (MDC,
2005).

Both the above projects involve handling of sensitive personal information. Yet, while
new laws enacted provide guidelines for the ICT industry, they do not address the right to
personal information privacy while the proposed Personal Data Protection Act is still
under review.

In spite of the wide interest in privacy as a topic, little is still known of the ways in which
people, in their ordinary lives, perceive privacy and what their reactions to the collection
and use of personal information are (Hine & Eve, 1998 p. 253). Spiekermann, Grosskiags
and Berendi (2001) claim there is some willingness of online users to provide data,
depending on the situation. Further, Tam (2000) claims that personal data privacy control
in the Asia Pacific region is complex due to diversity in cultures, types of governments,
differences in legislation and business practices.

Therefore conducting research in this area is answering a real need. Tam (2000 p. 260)
also suggests four specific critical issues that need to be addressed:
ensuring the confidentiality of personal information;
securing privacy on the Internet,
being aware of the various websites which practise privacy; and
making appropriate choices in disclosing information on the Web.

While it is interesting to explore the numerous online privacy surveys which have been
conducted in the United States (Westin, 1998; Cranor, Reagle & Ackerman, 1999; Harris,
2002; Harris, 2003), Australia (Roy Morgan Research, 2004) and India (Kumaraguru &
Cranor, 2004), no similar study has yet been published on online privacy concerns in
Malaysia. This exploratory study was therefore conducted to investigate privacy concerns
amongst Malaysian Internet users. It aims at filling the gap in the literature by describing
Malaysians attitudes and preferences relating to personal information privacy over the
Internet.

2. THEORETICAL BACKGROUND OF THE STUDY

A. Malaysia, ICT and Cyberlaws
Malaysia is a middle-income country, with a population of 27 million people, comprising
different ethnic groups with a majority of Malays. The country has transformed itself
since 1971 from a producer of raw materials into an emerging multi-sector economy
(CIA, 2005). The GDP growth rate in 2004 was 7.1 percent and the per capita gross
national income was US$4,372 (DOS, 2005). With the current global expansion of the
ICT industry and through the Malaysian Governments initiatives, some of the major
global ICT companies of the world have commenced operations in the MSC.

An Internet World Statistics report in March 2005 reveals that Internet penetration in
Malaysia had reached 37.9 percent with approximately 10 million Internet users. This
places Malaysia seventh amongst the 35 Asians countries, behind Hong Kong, South
Korea, Japan, Taiwan, Singapore and Macao, respectively. The Malaysian
Communication and Multimedia Commission (2005) reports that for every 100
Malaysian inhabitants in the year 2004, there were 12.7 Internet dial-up users, 17.3
landline telephone lines and 56.3 cellular telephone line users. Furthermore, 16.6 percent
of the population owned personal computers in the year 2003 (ITU, 2005). As at March
2004, 0.006 percent of the population had subscribed to broadband Internet services
(NBP, 2004) and the number of websites increased significantly over a five-year period
from 10,000 in the year 2000 to 50,000 by the end of 2004 (MYNIC, 2005). The results
of a global e-commerce study conducted by Taylor Nelson Sofres (TNS, 2002) show that
only 1 percent of the total population and 3 percent of Internet users buy online in urban
Peninsular Malaysia.

In order to regulate this growing convergence in the information, communication and
technology (ICT) industry, the Malaysian parliament has passed a number of legislative
laws, known as cyberlaws. The cyberlaws which have been tabled and passed by the
Parliament include the Digital Signature Act (1997), the Computer Crime Act (1997), the
Telemedicine Act (1997), the Copyright (Amendment) Act (1997), the Communications
and Multimedia Act (1998), the Malaysian Communications and Multimedia
Commission Act (1998) and the Optical Discs Act 2000 (MSC, 2005).

In addition to the above cyberlaws, the Malaysian Government has proposed to introduce
a Personal Data Protection Act to regulate the collection, holding, processing and use of
personal data by any person (Business Times, 2001). Delays in enacting the proposed
personal data protection bill may be the cause of some forms of online privacy intrusion
for instance, practices such as requests for compulsory information in return of online
services are common on Malaysian websites.

Currently, only the Banking and Financial Institutions Act 1989 (BAFIA) and the
Payment Systems Act 2003 restrict bank officials and financial institutions from
revealing details of their customers accounts to third parties. The latter act is directed
towards the divulging of credit card information (NST, 2003). Since website operators
are not regulated under the above acts, the risk of invasion of online information is high.
Attaran (2000) suggests that a significant aspect of privacy concerns is invasion. For
instance, online job search firms are increasingly sharing and selling job seekers
personal information to marketers and employers hoping to target certain audiences
(Upfront, 2004).

Another privacy issue is that the collection of personal data from children and teenagers
has not yet been addressed in the Malaysian context. It is no secret that children and
teenagers are early adopters and avid users of the Internet (Aidman, 2000). Lenhart,
Madden and Hitlin (2005) report that in USA, nearly 87 percent of those aged 12 to 17
use the Internet. In the USA, the Childrens Online Privacy Protection Act 1998 requires
operators of websites and other online services to abide by specific guidelines with
respect to the collection, use and distribution of personally identifiable information from
children under the age of 13 (COPPA, 2000). In two separate studies in the USA, a
majority (85 and 93 percent, respectively) of respondents indicated their dislike relative
to the collection of information from children without parental consent (Westin, 1998;
Cranor, Reagle & Ackerman, 1999).

In following the discourse on the regulation between privacy and protection, it should not
be forgotten that the Constitution of Malaysia does not explicitly recognise the right to
privacy (Madieha, 2002). Miyazaki and Fernandez (2000 p. 55) state that policy
makers are tending toward regulations that make online retailers responsible for
disclosing consumer information acquisition, usage and protection practices.

Hence, this exploratory study may provide some new insights into privacy issues to the
countrys policy makers and industry leaders.

B. Privacy and the Internet
Existing literature on the right to privacy dates back to the nineteenth century, and its
importance has evolved over the past decades. Warren and Brandeis (1890) claim that the
recognition of new rights such as privacy has been brought about by political, social and
economic changes. Privacy has become one of the most important human rights of
modern age (Rotenberg, 2004). It is actually a value that is protected by the right to
control ones personal information (Privacilla, 2002).
From a business viewpoint, personal information privacy is viewed as an economic
interest and competitive advantage by businesses. With Internet technologies becoming
increasingly advanced, the issue of personal data protection has attracted significant
attention from consumers, policy makers, industries leaders and non-government
organisations.

The impact of personal information privacy on Internet usage is an important element of
this research. Personal information privacy is defined as the ability of the individual to
personally control information about ones self (Stone et al., 1983). The understanding of
personal information privacy has triggered website operators to look for new ways to
understand Internet users behaviour in order to attract and retain them to their websites.
In view of Internet users concern that personal and proprietary information may be
wrongly accessed and manipulated, personal information privacy is also referred to as
Internet privacy concerns in this study.

Several studies have effectively reported a growing privacy concern amongst online
users. Harris (2003) reports that several American surveys carried out between 1993 and
2003 show a trend of increasing levels of general privacy concerns. A recent privacy
survey in India reports that 80 percent of respondents are concerned with online privacy
(Kumaraguru & Cranor, 2004), while 62 percent of Internet users have more concerns
about the security of their personal details in Australia (Roy Morgan Research, 2004).

The Internet includes various modes of information exchange, such as e-mail, real time
communication and the use of the Word Wide Web (WWW). The WWW is the main
storefront that allows for interactive user-initiated information exchange (Hoffman &
Novak, 1996 cited in Miyazaki & Fernandez, 2000 p. 54), therefore in this paper, it is
sought to investigate the following main issue:

the level of privacy concern amongst Internet users/online consumers

and its relationship with the following factors:

I. Online Purchase
The relationship between online shoppers and privacy concerns has also been discussed
in several studies. The IBM Multinational Consumer Privacy study (2000) finds that 40
percent of consumers have made decisions not to purchase something online due to
privacy concerns. Godwin (2001) observes that privacy and security concerns among IT
users are the number one reason why Web users are not purchasing over the Web. Phelps,
DSouza and Nowak (2001) make the same observation and add that privacy may
influence purchase behaviour, purchase behaviour may also influence privacy concerns.
A more recent study shows that online invasion of privacy has a significant inverse
relationship with online purchase behavior (Brown & Muchira, 2004). It is therefore
apparent that privacy concerns have an influence on Internet shoppers. Accordingly, the
following hypothesis is formulated:

H1
O
There is no difference between an Internet buyer and non-Internet buyer
towards his/her privacy concerns.
H1
A
There is a difference between an Internet buyer and non-Internet buyer
towards his/her privacy concerns.


II. Privacy Policy
The abovementioned studies indicate that Internet privacy and security concerns have
kept online consumers from buying things online. This has led many academics and
business professionals to conduct further research on privacy issues. Among these
include an examination of the five online policies of a number of major e-commerce
companies during the period 1999-2001 by Desai, Richards and Desai (2003). The study
finds that these companies appear to have fair information policies and stress that the
sharing of contact information with other businesses is not practised (Desai et al. 2003).

Other reported issues on fair information policy include the collection of e-mail addresses
without peoples knowledge or consent which was also considered an important factor by
80 percent (Cranor, Reagle & Ackerman, 1999) and 70 percent of respondents (Westin
1998) in the USA, while 94 percent of Australian respondents considered the above an
invasion of privacy (Roy Morgan Research, 2004). Cranor, Reagle and Ackerman (1999)
observe that 79 percent of Internet users had rated the sharing of their information with
other organisations as the most important factor when making the decision to disclose
their personal information. Roy Morgan Research (2004) reports that a significant
percentage of Australian Internet users who had read a privacy policy felt more confident
and secure about using the site.

It appears evident that the display of a data privacy policy on a companys website is a
form of privacy assurance for Internet users regarding their personal data. Accordingly
the following hypothesis is proposed:

H2
O
A website privacy policy does not influence an individuals privacy concern.
H2
A
A website privacy policy influences an individuals privacy concern.

III. Web Cookies
Similarly, the compilation of e-mail marketing lists and tracking of websites visited and
using the information improperly were reported as an invasion of privacy. 87 percent
(Cranor, Reagle & Ackerman, 1999), 72 percent (Westin, 1998), and 93 percent (Roy
Morgan Research, 2004) of respondents viewed the monitoring of activities on the
Internet as an invasion of privacy. The tracking of websites visited is usually carried out
through use of web cookies. A web cookie usually gathers information about an Internet
user. It is defined as a file that a web server stores on a users computer when a website is
visited (Lawrence et al., 2002).

Although Internet users may adjust their web browsers to reject all or certain types of
cookies or to warn them before a cookie is placed on their hard drive, Miyazaki and
Fernandez (2000) claim that many Internet browsers lack knowledge of this function.
Thus, the following hypothesis is proposed:

H3
O
Cookies over websites do not influence an individuals privacy concern.
H3
A
Cookies over websites influence an individuals privacy concern.

IV. Legislation and Internet Seal of Approval
Additionally, the appearance of an Internet seal of approval has been purported to raise
consumer confidence in a website. An Internet seal of approval consists of logos
displayed on a website that assure users that the site has been audited for its privacy
practices and that personal information storage is secured (Miyazaki & Krishnamurthy,
2002). Examples of major Internet seals of approval are TRUSTe and BBBOnline.

Cranor, Reagle and Ackerman (1999) have found that while 28 percent of Internet users
would be more likely to provide information if the site had a privacy policy, 48 percent
said they would be more inclined to do so if there was a relevant law while 58 percent
would be more likely to do so if the site had both a privacy policy and a seal of approval.
In a study which adopted the BBBOnline as the framework for the analysis of 10 website
operators in Malaysia, Husnayati, Maram and Adam (2003) found that these operators
adhere well to some code of online business practices, but certain practices related to
customer privacy, security and child protection need more attention. While third party
assurance endorsements may appear useful in alleviating consumer concerns and reduce
the risks associated with websites, the existence of a law such as the Personal Data
Protection Act may have an influence on an individuals privacy concern. Therefore the
following hypothesis is proposed:

H4
O
A law such as the Personal Data Protection Act does not influence an
individuals privacy concern.
H4
A
A law such as the Personal Data Protection Act influences an individuals
privacy concern.

Miyazaki and Krishnamurthy (2002) claim that in the absence of a data privacy law, an
Internet seal of approval can act as an alternative to potential legislation. They also find
that the presence of an Internet seal of approval had a significant impact on potentially
high online shoppers and less impact on potentially low online shoppers with regard to
privacy concern. Accordingly, an Internet seal of approval can be a form of privacy
assurance for the Internet, therefore the following hypothesis is proposed:

H5
O
A privacy policy and Internet seal of approval do not influence an
individuals privacy concern.
H5
A
A privacy policy and Internet seal of approval influence an individuals
privacy concern.

V. Internet Users Characteristics

While personal information privacy is strongly indicated as a major concern over the
Internet, this concern may differ with respect to culture, language and laws. On this issue,
Westin (1967) has claimed that every society values privacy in some different form. Tam
(2000) also claims that in exploring the state of affairs in personal data privacy in the
Asia Pacific, there arises a need to examine privacy from a number of perspectives such
as computing, legislative, political, cultural and social perspectives. Tavani (2000)
suggests that attitudes, beliefs and cultures, with regard to the value of privacy, vary in
different parts of the world. He adds that in the South East Asian Pacific, privacy is
perceived as relatively less important than in Western countries. Bellman et al. (2004)
identify the need for localised privacy policies on the basis that cultural values are
associated with differences in privacy concerns and these cultural differences are
mediated by regulatory differences. There may also be a reciprocal relationship, in which
a countrys regulatory approach affects its inhabitants level of concern (Milberg et al.,
1995). For example, in Singapore because of cultural reasons, the government openly
uses information technology to track the activities of its citizens (Tavani, 2000).

Nonetheless, while the vast majority of Internet users appear concerned about privacy,
their reactions to scenarios involving personal online information collection are
extremely varied. Some report that they would rarely be willing to provide personal
information online, others show some willingness to provide information depending on
the situation, and others are quite willing to provide data, regardless of whether or not
they express a high level of concern about privacy (Westin, 1998; Cranor, Reagle &
Ackerman, 1999; Spiekermann, Grosskiags & Berendi, 2001; Harris 2003).

Singh and Hill (2003) claim that some online shoppers may be willing to exchange and
share information about themselves for valued rewards. They add that these rewards may
range from monetary, material incentives to simple convenience of transaction. Phelps,
Nowak and Ferrell (2000, p. 30) also claim that consumers overall concern about the
ways companies use personal information are determined by the type of personal
information requested, the amount of information control offered, the potential
consequences and benefits offered in exchange, and consumer characteristics. They also
find that consumers are most willing to provide marketers with demographic and lifestyle
information and least willing to provide financial information and personal identifiers
(Phelps, Nowak & Ferrell, 2000 p. 33). This may then suggest that the type of personal
information and consumer characteristics revolve around an individuals specific data. It
may also propose, in relation to the above studies, that an examination of how Internet
users in the local context would respond when an individuals specific personal
information such as name, identification number, credit cards are asked.

Accordingly, it is proposed that there is a relationship between privacy concern and
demographic data such as gender. Women are reluctant to seek product information or
place orders online mainly because of security concerns relating to stolen credit card
transactions, personal privacy and the lack of net regulation (Cyber Atlas News cited in
Nakra, 2001 p. 273). Males and females appear to use computers differently, and women
appear to be more concerned about personal privacy (Sheehan cited in Kolsaker & Payne,
2002 p. 210). Furthermore, there is a marginal difference of gender-based variations
observed by Kolsaker and Payne (2002) towards the use of computers and online
shopping. Thus, this seeks to examine the following hypothesis:

H6
A
There is no difference between males and females towards their privacy
concerns.
H6
O
There is a difference between males and females towards their privacy
concerns.

It was also found that privacy concerns would decline with Internet experience (Bellman
et al., 2004), thus the following hypothesis is proposed:

H7
O
There is no relationship between Internet usage and an individuals privacy
concern.
H7
A
There is a relationship between Internet usage and an individuals privacy
concern.

It also appears that the variation in willingness amongst Internet users to provide personal
data such as e-mail addresses may have contributed to e-mail spam, which targets
individual users, with direct mail messages concerning commercial advertising. It was
reported that Internet users concerns about unsolicited commercial e-mail or spam have
been reported at 52 percent (Cranor, Reagle & Ackerman, 1999) and 94 percent in the
USA (Harris, 2003), but only at 38 percent in India (Kumaraguru & Cranor, 2004). This
study may therefore contribute towards more understanding and providing some new
findings in the literature regarding personal information privacy and its practices amongst
Malaysian Internet users.

III. RESEARCH METHODOLOGY
The research method applied for this study is a quantitative approach, and a survey
instrument in the form of questionnaire was used.

A. Survey Instrument

The questions used have previously appeared in major privacy studies in the USA such as
those by Westin (1998), Cranor, Reagle and Ackerman (1999), Bauman (2001), Harris
(2002, 2003) and in a privacy study in India (Kumaraguru & Cranor, 2004). In this study,
the Cranor, Reagle and Ackerman (1999) questionnaire was mainly used to ensure that
the measures include an adequate and representative set of items that tap the concept
(Sekaran, 2000, p. 207).

Other than the questions on respondents demographic profile, the survey consisted of 27
questions, wherein 14 questions explored different scenarios. In these scenarios,
participants were asked to indicate their opinions on a Likert scale (1-5) as primary
anchors ranging from definitely not to definitely would and were subsequently given
a scenario on a Likert scale (1-3) with anchors ranging from less likely to more likely
(see appendices). Standard demographic data was also collected from the respondents and
questions were included to gauge respondents level of technological usage.

The survey also included questions where respondents were asked how comfortable they
would generally feel in providing each of 12 specific types of personal information to
websites. They were also asked what they would indicate in terms of very important,
somehow important or not important in 10 specific items relating to web browsers
privacy practices. Subsequently, participants were asked to select only three items that
they would consider to be most important to them from the aforementioned 10 specific
items. The selection of only three items may be considered a measure to verify
consistency with selected items in the survey. In the last 4 questions of the survey,
respondents were asked to rate the seriousness of various privacy issues on a scale of 1 to
10, where 1 meant not serious at all while 10 meant extremely serious.

B. Data Collection Procedure
The study included an online and an offline survey. Invitations to complete the web-
based survey were e-mailed to 200 people. Another 400 surveys were distributed.
Participants were made up of Malaysian Internet users ranging from executives and
professionals in all sectors, to university and college students in urban areas. This sample
was considered to comprise regular Internet users and was expected to represent a wide
range of Malaysian Internet users, an important point for the understanding of future
online privacy issues in Malaysia.
It was somehow difficult to convince participants to respond to the survey, which
ironically dealt with privacy issues. Altogether 223 questionnaires were completed and
received. There were 52 (or 23.4%) online respondents and 171 (or 76.6%) offline
respondents, the total rate of response being 37 percent. Seventeen surveys (13 online and
4 offline) were eliminated because the respondents did not complete at least one to two
pages; therefore the total number of questionnaires used for the analysis was 206.
IV. RESULT ANALYSIS
A. Demographic Profile and Technology Usage
Table 1 presents a brief profile of the respondents in which 59.7 percent of respondents
were male. The Malay ethnic group formed 46.6 percent of the total respondents, and the
majority of them were from within the age bracket of 20-29 years old. Most respondents
had a bachelors degree (37.4%) or a postgraduate qualification (35.0%). The majority of
respondents had incomes from less than the range of RM1,000 to RM5,000 (63.5%).
Since, the Malaysia Salary Guide (MSG) 2005 indicates that the average salary for
Malaysians is from less than RM1,000 to RM5,000, this would seem to indicate that the
sample was representative of the population in terms of income.

Since the Childrens Online Privacy Protection Act of 1998 in the USA has specific
guidelines pertaining to collection of data from children under the age of 13, the
participants were asked to indicate how many children between the ages of 8 and 12 live
in their household, out of which 70.9 percent indicated that they did not have children
aged between 8 to 12 years old.

Table 1: Demographic Profile
Demographic Profile No. of Respondents (N) Valid Percentage (%)
(1) Gender
Male
Female

123
83

59.7
40.3
(2) Race
Malay
Chinese
Indian
Others

96
64
28
9

46.6
31.1
13.6
4.4
(3) Age
< 20 years
20-29 years
30-39 years
40-49 years
50 years

15
98
66
20
7

7.3
47.6
32.0
9.7
3.4
(4) Highest Education Attained
Certificate
Vocational / Training school

24
2

11.7
1.0
Diploma / Matriculation
Bachelors degree
Post graduate
Professional qualification
21
77
72
10
10.2
37.4
35.0
4.9
(5) Monthly Income Group
< RM1,000
RM1,000-3,000
RM3,001-5,000
RM5,001-10,000
RM10,001-20,000
>RM20,000
Not applicable

37
49
43
23
14
5
32

18.2
24.1
21.2
11.3
6.9
2.5
15.8
(6) Number of children between 8-12
None
1 - 2
3 4
5

146
44
14
2

70.9
21.4
6.8
1.0


As shown in Table 2, most respondents indicated that they either used a personal
computer or PC at home (87.9%) or at the office (83.5%). Those who used a PC at other
locations constituted a further 57.8 percent. Most respondents accessed the Internet
several times a day (63.4%). Out of the 206 respondents, 56.7 percent had been accessing
the Internet for more than 5 years while nearly three-quarters claimed using the Internet
at least once a day (74.1%) and 43.2 percent had never used the Internet for e-commerce
transactions.


Table 2: Computer/Internet Related Experience
Computer/Internet Related Experience No. of Respondents
(N)
Valid Percentage (%)
(1) Use computer Home
Yes
No

181
25

87.9
12.1
(2) Use computer Office
Yes
No

172
34

83.5
16.5
(3) Use computer Other location
Yes
No

119
87

57.8
42.2
(4) E-Commerce (Buying online)
Yes
No

89
117

43.2
56.8
(5) Year(s) of using Internet
Year 1
1 < Year 2
2 < Year 5
5 < Year 10
Year > 10
5
7
53
115
23
2.5
3.4
26.1
56.7
11.3
(6) Frequency of Internet usage
Several times a day
Several times a week
Several times a month
Once a day
Once a week
Once a month

130
42
5
22
3
3

63.4
20.5
2.4
10.7
1.5
1.5


B. Statistical Analysis Hypothesis Testing
In the following section, each of the proposed hypotheses is tested to identify any
significant differences and influences on the level of privacy concern. The results are
illustrated as follows:

I. No difference between Internet buyers and non-Internet buyers towards their
privacy concerns

H1
O
There is no difference between Internet buyers and non-Internet buyers
towards their privacy concerns.
H1
A
There is a difference between Internet buyers and non-Internet buyers
towards their privacy concerns.

A t-test will indicate if privacy concerns are significantly different for Internet buyers and
non-Internet buyers. The results of the t-test done are shown in Table 4.0. As can be seen,
the difference in the means of 3.596 and 3.547 with standard deviations of 0.578 and
0.701 for Internet buyers and non-Internet buyers on their privacy concerns (see table 3)
is not significant (see table 4, showing t-test for Equality of Means). This implies that
there is no difference between Internet buyers and non-Internet buyers on the level of
privacy concerns.

Table 3: Group Statistic - Internet buyer/Non-Internet buyer & Privacy Concern
Purchase Online N Mean
Std.
Deviation
Yes 89 3.596 0.578
Privacy
Concern No 117 3.547 0.701

Table 4: Independent Sample Test - Internet Buyer/Non-Buyer & Privacy Concern


Levene's Test for Equality of
Variances t-test for Equality of Means
F Sig. T Df Sig. (2-tailed)
Equal variances
assumed 1.753 0.187 0.530 204.000 0.597
Privacy
Concern
Equal variances not
assumed 0.544 202.615 0.587


II. Influence of a website privacy policy on an individuals privacy concern

H2
O
A website privacy policy does not influence an individuals privacy concern.
H2
A
A website privacy policy influences an individuals privacy concern.

In this case, the F Value of 5.164 (2.095/0.406) is significant at the 0.05 level (see table
5). Therefore, the hypothesis is substantiated. That is, there are significant influences in
the mean of all the individuals privacy concern and the null hypothesis can be rejected.
This implies that there is an influence of a privacy policy over websites on an
individuals privacy concern.

Table 5: ANOVA Test Privacy Policy & Privacy Concern


Sum of
Squares df Mean Square F Sig.
Between Groups
4.190 2 2.095 5.164 .006
Within Groups
82.358 203 .406
Total
86.549 205


To determine among which groups the true influence lies, the Duncan test was performed
for this purpose. The results showed that the mean privacy concern for the three groups
was 3.82 for less likely, 3.42 for reaction would not change and 3.6 for more likely.
The reaction would not change is the one that is significantly different from less likely
and more likely at p<0.05.



III. No influence of cookies over websites on an individuals privacy concern

H3
O
Cookies over websites do not influence an individuals privacy concern.
H3
A
Cookies over websites influence an individuals privacy concern.


In this case, the F Value of 1.267 (5.33/4.21) is not significant at the 0.05 level (see table
6). Therefore the hypothesis is not substantiated and the null hypothesis cannot be
rejected. This implies that there is no influence of cookies over websites on an
individuals privacy concern.

Table 6: ANOVA Test Web Cookies & Privacy Concern


Sum of
Squares df Mean Square F Sig.
Between Groups
1.067 2 .533 1.267 .284
Within Groups
85.482 203 .421
Total
86.549 205




IV. No influence of a law such as Personal Data Protection Act on an individuals
privacy concern

H4
O
A law such as the Personal Data Protection Act does not influence an
individuals privacy concern.
H4
A
A law such as the Personal Data Protection Act influences an individuals
privacy concern.

Here, the F-Value of 0.372 (0.158/0.425) is not significant at the 0.05 level (see table 7).
This implies that the hypothesis is not substantiated and that there is no influence of a law
such as the Personal Data Protection Act on an individuals privacy concern.


Table 7: ANOVA Test Law & Privacy Concern


Sum of
Squares df Mean Square F Sig.
Between Groups
.316 2 .158 .372 .690
Within Groups
86.232 203 .425
Total
86.549 205


V. No influence of a privacy policy and Internet seal of approval on an individuals
privacy concern

H5
O
A privacy policy and Internet seal of approval do not influence an
individuals privacy concern.
H5
A
A privacy policy and Internet seal of approval influence an individuals
privacy concern.

The F-Value of 0.154 (0.066/0.426) is not significant at the 0.05 level (see table 8). This
implies that the hypothesis is not substantiated and that there is no influence of a privacy
policy and Internet seal of approval on an individuals privacy concern.

Table 8: ANOVA Test Privacy Policy, Internet Seal of Approval & Privacy Concern


Sum of
Squares df Mean Square F Sig.
Between Groups
.131 2 .066 .154 .857
Within Groups
86.417 203 .426
Total
86.549 205



VI. No difference between males and females towards their privacy concerns

H6
A
There is no difference between males and females towards their privacy
concerns.
H6
O
There is a difference between males and females towards their privacy
concerns.

Here, the F value 7.767 rejects the equality of variance (see table 9). The T-test value of -
1.594 is less than t
0.05, 204
= 1.645; therefore the null hypothesis is not rejected. This
implies that there is no difference between the two gender groups towards privacy
concerns.

Table 9: Independent Samples Test Gender & Privacy Concern
Levene's Test for Equality of
Variances t-test for Equality of Means

F Sig. t df Sig. (2-tailed)
Equal variances
assumed 7.767 0.006 -1.504 204.000 0.134
Privacy
Concern Equal variances not assumed -1.594 202.397 0.113*
* Not significant at 0.05

VII. No relationship between Internet usage and concern level on privacy

H7
O
There is no relationship between Internet usage and an individuals privacy
concern.
H7
A
There is a relationship between Internet usage and an individuals privacy
concerns.

The result of the Pearson Chi-Square value of 5.597 is less than [X
2
0.05, 205
= 124.34]
(see table 10). Therefore we do not reject the null hypothesis. This implies that there
is no relationship between an individuals Internet usage and his/her privacy concern.
The cross-tabulation count of the percentage of Internet usage per level of concern on
privacy is illustrated in Appendix A.


Table 10: Chi-Square Tests Internet Usage & Privacy Concern

Value df
Asymp. Sig.
(2-sided)
Pearson Chi-Square
5.597(a) 15 .986
Likelihood Ratio 7.635 15 .938
Linear-by-Linear
Association
.721 1 .396
N of Valid Cases
205
(a) 17 cells (70.8%) have expected count less than 5. The minimum expected count is .04.


V. RESULT DISCUSSION

The study incorporated some basic questions in order to describe the current privacy
concern practices. In the following sections, these descriptions are compared with several
prior studies and discussed together with the hypothetical situations.

A. Privacy Concerns
The respondents indicated that they were somehow concerned and very concerned
(75.3%) with their personal privacy when not using the Internet. 94.2 percent of
respondents indicated that they felt their personal privacy might be threatened when using
the Internet. This may imply that the respondents are more concerned about online rather
than offline privacy and the ability of an individual to personally control information
about himself (Stone et al., 1983) is important.

Table 11: General Privacy Concerns

As seen in Table 12, of the 206 respondents, 67.5 percent reported never having been
victims of privacy invasion.

Table 12: Victim of Internet privacy invasion
1. Have you ever personally been the victim of what you felt was an invasion of
your privacy when using the Internet? Frequency
Valid
Percent
Yes 67 32.5
No 139 67.5
Total 206 100

The above results support findings from several studies where the trend across several
American surveys carried out between 1993 and 2003 showed increasing levels of
general privacy concerns (Harris, 2003). Westin (1998) found that 81 percent were
concerned about online privacy while Cranor, Reagle and Ackerman (1999) found that 87
percent were concerned about online privacy. In another study, 86 percent of respondents
were highly and moderately concerned about online privacy (Harris, 2002). A recent
Level of Concerns
Not
concerned
at all
Not
very
concerned
Somehow
concerned
Very
concerned
1. Threats to the personal privacy
when NOT using the Internet
5.8 18.9 37.9 37.4
2. Threats to the personal privacy
when using the Internet
1.5 4.4 30.1 64.1
privacy survey in India reported that 80.0 percent of respondents were concerned about
online privacy (Kumaraguru & Cranor, 2004).

When the respondents were asked to rate the seriousness of various privacy issues, they
rated the seriousness of privacy issues as significantly high. The rating was between 7.5
and 8.7 of the issues raised (see Table 13) where 1 was perceived as not serious at all,
while 10 was defined as a very serious issue.

Table 13: Rating of the Seriousness of Privacy Issues
Privacy Rating Mean score
1. Unsolicited commercial e-mail (spam). 7.5
2. Collecting personal information from children without getting parental consent. 8.8
3. Collecting the e-mail addresses of site visitors without their knowledge or consent,
to compile e-mail marketing lists. 8.3
4. Tracking of websites people visited and using that information improperly. 8.7

The above results tally with those of various other surveys carried out on the same topic
elsewhere. Harris (2002) reports that 94 percent of American Internet users surveyed
said spam was a concern. There are also similarities with the Westin (1998) study as well
as Cranor, Reagle and Ackermans (1999) study where issues such as collecting personal
information from children without getting parental consent (93%-85%), collecting the e-
mail addresses of site visitors without their knowledge or consent (80%-70%), compiling
e-mail marketing lists, and tracking of websites visited and using the information
improperly (87%-72%) were identified as being issues. On the other hand, hypothesis 1
shows that there is no difference between Internet buyers and non-Internet buyers on
privacy concern. This therefore does not support Brown and Muchiras (2004) findings
that online invasion of privacy has a significant inverse relationship with online purchase
behaviour.

B. Trade- Off

Several questions, through different scenarios, were posed to gauge the willingness of
respondents to provide personal information, for example in the case where information
to be obtained was perceived as being useful, when a useful item was promised in return
or where a privacy policy was in place etc.

As illustrated in Figure 1, when information was perceived as useful, half of the
respondents would definitely or probably provide information about income and
investment, which is not identifiable.

Figure 1: Willingness to provide income and investment-related data without identifiable
information, or with identifiable information but been promised with useful materials in
return

14
28
9
41
9
11
25
14
44
7
0
10
20
30
40
50
Def initely
not
Probably
not
Not sure Probably
would
Def initely
would
%

o
f

r
e
s
p
o
n
d
e
n
t
s
No identif ication inf o With identif ication inf o


It is interesting to note from Figure 1 that the number of respondents who said that they
would definitely not or probably not provide requested information, reduced slightly
when they were asked to provide identifiable information in exchange for some useful
item to be sent to them. It may suggest that a form of trade-off between the identifiable
information and useful material can be foreseen. These are interesting findings which
could be used by website operators wishing to attract more visitors, or to optimise the
data collection on current prospective customers.

Figure 2 shows that people were generally willing to provide information relating to their
areas of interest (9% definitely would and 55% probably would). With ceteris paribus,
what would be the response when they were requested to fill in their name? The positive
response dropped when such identifiable information was requested and when nothing
was to be obtained in exchange for this additional information.

Moreover, a mere 11.7 percent of respondents would likely change their minds if the
policy of the website visited stated that all information collected would be deleted should
it not be visited for 3 months.

Figure 2: Willingness to provide information with and without identifiable information in
particular interest

8
18
10
55
9
17
29
14
36
5
0
10
20
30
40
50
60
Def initely
not
Probably
not
Not sure Probably
would
Def initely
would
%

o
f

r
e
s
p
o
n
d
e
n
t
s
No identif ication inf o With identif ication inf o


It is interesting to note that the scenario involved in Figure 1 is related to banking
websites, whereas the scenario in Figure 2 involved news, weather and sports websites.
This may be interpreted to mean that respondents have established a trusted relationship
with online banking service providers. Nearly 63 percent of web users in another study
who declined to provide personal information to websites reported that it was because
they did not trust those who were collecting the data (Hoffman, Novak & Peralta, 1999).

C. Web Privacy Policies

Respondents were asked if they would provide their name and postal address in order to
get free pamphlets and coupons of a companys products. 10.2 percent of the respondents
indicated that they would definitely provide the above information and 45.6 percent
indicated they probably would.

As indicated in Figure 3, with a legal framework as a barrier to preventing websites to
use the details except than processing the request, 28 percent of the respondents would
disclose their names and postal addresses. 42 percent said they would if the website had a
privacy policy indicating that names and addresses are used for sending requested
materials, while 55 percent said they would should the website provide both a privacy
policy and a seal of approval from a well-known organisation, e.g. the Better Business
Bureau or TRUSTe. However, if sharing names and addresses with the other company
were involved, only 20% of respondents would be inclined to change their minds to
disclose the above.

Figure 3: Re-evaluation of the decision to fill in Name and Postal Address under various
scenarios
31
42
28
18
39
42
14
31
55
50
30
20
0
10
20
30
40
50
60
Less likely Your reaction
wouldnt change
More likely
%

o
f

r
e
s
p
o
n
d
e
n
t
s
Law Privacy policy only
Privacy policy and seal of approval Share with other company


It could be inferred that respondents are more comfortable in providing personal
information if there are laws or privacy policies or even an Internet seal of approval to
protect their interests. However, the inferential statistical test showed that the presence of
legislation and an Internet seal of approval did not influence an individuals privacy
concern. On the contrary, the posting of a privacy policy over websites have a significant
relationship on an individuals privacy concerns.

A random browsing of the 50 Malaysian websites has shown that only 17 (34%) had
privacy policy posted. The recent poll in India reported that merely 29% of Indian
websites had a privacy policy (Kumaraguru & Cranor, 2004).

D. Comfort Level of Sharing Different Types of Data

Participants were asked on how comfortable they were in providing twelve types of
information on themselves and the children under their care aged between 8 and 12 years.
Their comfort levels varied across the twelve types of information even though they were
generally low. Nevertheless, respondents were most willing to share their favourite
television programme, favourite snack food, and e-mail address with websites. They were
least comfortable in sharing credit card number, identification number, annual household
income, postal mail address and phone number.

The comfort levels of sharing their childrens information fairly mirrored the comfort
levels of sharing information about themselves. Figure 4 shows that parents were
generally more careful about sharing their childrens information, except for three types
of information in which the comfort levels were slightly higher as compared to sharing
their own information.

Figure 4: Comfort level in sharing different types of data of their own and their children
ages between 8 and 12 years

6.3
4.9
17.5
4.9
8.7
14.6
8.3
2.4
29.6
31.1
4.9
0.5
6.4
4.4
9.3
2.9
8.8
11.3
9.3
3.4
25.5
27.5
0 5 10 15 20 25 30 35
Full name
Postal mail address
E-mail address
Phone number
Computer hardware or sof tware
Age
Health / medical history
Identif ication number
Favorite snack f ood
Favorite television program
Annual household income
Credit card number
% of people 'always f eel comf ortable'
Own Child (age between 8 to 12 year old)


Table 14 demonstrates that differences in willingness exist in the sharing of three types of
contact information: postal mail address, phone number and e-mail address. Respondents
were most comfortable sharing their e-mail address, and least comfortable sharing their
phone number. This shows a similar trend with the Indian privacy survey (Kumaraguru &
Cranor, 2004).

Table 14: Comfort Level Sharing Contact Information with Websites
Contact Information Postal mail address E-mail address Phone number
Always feel comfortable 5% 18% 5%
Usually feel comfortable 17% 33% 8%
Sometime feel comfortable 25% 25% 11%
Rarely feel comfortable 30% 16% 33%
Never feel comfortable 24% 9% 44%


E. Web Cookies
Since the result of the hypothesis testing has implied that there is no influence of web
cookies on an individuals privacy concern, additional detailed analysis might be useful
to understand this relationship. It was found that 54.9 percent of respondents had
indicated they were concerned about web cookies, while almost a quarter of them
(24.8%) did not know what a web cookie was. Among those who were concerned about
web cookies, only 12 percent of respondents had never changed the cookie settings from
the default setting. This figure is low compared to the Indian survey 47%, (Kumaraguru
& Cranor, 2004) and 23% for Cranor, Reagle and Ackermans (1999) study as shown in
Figure 5. Although there is no relationship, this sample was seen to be most concerned
about web cookies with a higher percentage selecting warn about all cookies and reject
all cookies as compared to the above-mentioned surveys (see Appendix B for complete
count in %). It might be due to the fact that a number of websites require the use of
cookies in order to get access to information or to complete the purchase process.

Figure 5: Web cookies configuration reported by Malaysians compared with 2004 Indian Study and Cranor, Reagle &
Ackermans 1999 Survey (AT&T).
25
46
13
4
12
8
14
10
15
47
3
33
13
21
23
0 10 20 30 40 50
Reject all cookies
Warn about all cookies
Accept cookies f rom originating server
without warning
Accept cookies without warning
I have never changed cookie settings
% of respondents
Malaysia India AT&T


As per Figure 6, when respondents were presented with two scenarios in relation to two
choices, namely customised service and customised advertising, in which identification
numbers would be used to customise their pages such as providing name and postal
address for return visits, they appeared to be more accepting of the use of identification
numbers when they were provided customised service rather than when they were
provided customised advertising. It was found that 54 percent of respondents would
definitely or probably agree to the use of identification numbers provided by websites to
receive customised service. Only 40 percent indicated the same when asked about the use
of customised advertising.

Identification numbers are basically web cookies. It is interesting to note that while the
above scenario could have been posed using cookies, 54 percent of respondents would
definitely or probably accept identification numbers, while 54.9 percent were concerned
about web cookies. This may suggest that the respondents did not seem to understand
web cookies, and there is a need to do more to educate Internet users about them.


Figure 6: Use of user identification numbers stored in cookies that websites could be
used for specific purposes


When respondents were asked about the importance of certain features in a web browser,
they indicated that a trusted company, a privacy seal of approval, type of information
collected and an opt-out option were their most important concerns. When respondents
were asked to select only three items from the same list, trusted company, existence of a
privacy policy and existence of privacy seal of approval were ranked top in terms of the
level of importance (see Figure 7). Those categorised as the least important criteria were
duration of such information to be kept, and user identifiable from the information
collected.
To provide customized service
Definitely
not
11%
Probably
not
17%
Not sure
18%
Probably
would
43%
Definitely
would
11%
To provide customized advertising
Definitely
not
15%
Probably
not
26%
Not sure
19%
Probably
would
33%
Definitely
would
7%
56
48
47
35
26
24
23
22
12
5
44
52
53
66
74
76
77
78
88
95
0 20 40 60 80 100
Trusted company or organization
Privacy seal of approval
Privacy policy
Option to withdraw from the mailing list
Type of information kept in database
Type of information want to collect
Purpose of collect such information
Sharing of such information with other
companies/ organizations
Identifiable of the information collected
Duration for the information will be kept
% of respondents
Important feature Least Important feature

Figure 7: Three Most Important Criteria of Privacy Practices

Surprisingly not many respondents were concerned with the practice of sharing
information collected by websites with other companies or organisations. This may be
attributed to the general belief that such personal information is unlikely to be misused by
a trusted company or organisation. The finding also showed that only 70 percent of
respondents would be more likely to get off a mailing list even though the website had a
privacy policy and would send additional pamphlets and coupons to them. It is also
evident that a means to opt out of the mailing lists of websites in the future is a feature
sought by the respondents.


VI. MANAGERIAL IMPLICATIONS

Trusted company or organisation
Purpose of collecting such
information
Duration of such information to be
kept
User identifiable from the
information collected
Type of information requested
Sharing of such information with
other companies/organisations
The collection and use of online consumers transaction information is a common
practice among most businesses. The findings of this study show that Malaysian
respondents are highly concerned about their online privacy.

Moreover, the findings show that respondents are comfortable with a privacy policy.
Respondents are more likely to provide their names and addresses when they are
informed that website operators are not sharing their personal details with other
companies that sell products which they might be interested in. Therefore, the posting of
a privacy policy over websites and providing clear and valid information on the purpose
of data collection should be a pre-requisite condition observed by website operators.

Since the proposed Personal Data Protection Act is not yet enacted, the respondents seek
the assurance of online trust from website operators. Wang, Le and Wang (1998) argue
that a more consumer-oriented information privacy model will elicit commercial valuable
relationship, which should lead to a trusted relationship between online consumers and
companies doing business on the Internet. Similarly, if an Internet seal of approval is
proposed as a non-legislative method of ensuring online privacy standards, these third
party assurances would need to do more to educate Internet users.

It may be suggested that the awareness of the Internet users on their rights to control their
personal information may enhance their relationship with website operators. This may be
achieved if website operators adopt an opt-out policy regarding information exchange.
VII. LIMITATIONS & FUTURE RESEARCH RECOMMENDATIONS
This study is apparently one of the first online privacy studies in Malaysia. Obviously it
contains several limitations. Firstly, the sample of this study does not cover the entire
spectrum of Malaysian Internet users as the sample respondents are mainly from the
urban population. The study does not therefore provide a national benchmark on the
demographic profile data.
Another limitation of the study is the use of a single-item measure to assess the
dependent variable privacy concern. This single-item measure may not provide a
comprehensive measurement of the level of concern on privacy nor may it help determine
if consumers' concerns are in fact justified.
A 15-item scale for measuring information privacy concerns (Smith, Milberg & Burke
1996) was discovered after the collection of data for this study. The survey in this study
involved some scenarios. The length of these scenarios was long and participants were
subsequently asked to respond to situations involving the previous scenario. This might
therefore introduce some biases in some questions.
This study adapted a questionnaire by Cranor, Reagle and Ackerman (1999). Most of the
questions have also appeared in other privacy surveys (Westin, 1998; Harris, 2003;
Kumaraguru & Cranor, 2004). The results were mostly described and compared with the
above studies. The comparison may be limited due to the different types of environment.
The study has also not discussed the cultural aspects of privacy concerns.
Another limitation of the study lies in its measurement of the attitudes of respondents
towards online privacy concern in general. For example, consumers decision to purchase
items online may vary according some factors, such as product category and prices. The
findings also showed that trust was ranked among the top three in terms of the level of
importance, whereas trust-related factors were not examined in this study. Nevertheless,
all of the above limitations could pave the way for future studies.
A prime future research recommendation is the replication of this study. This is due to the
fact that the Internet population is continually changing. The survey reports that 56.7
percent have been accessing the Internet for more than 5 years while nearly three-quarters
claimed to use the Internet at least once a day (74.1%). Bellman et al. (2004) suggest that
as individuals gain more Internet experience, their concerns about online privacy tend to
decrease. This may suggest a bias in the current research results. In addition, the ICT
players are providing technological assurances to protect an individuals privacy concern,
for example, newer versions of e-mail applications have spam filters and software
application are available to protect anonymity online (Roy Morgan Research, 2004).
Another future research recommendation is the significance of cultural attitudes on
privacy issues. This study does not cover the topic in depth. Cultural attitudes may appear
to be an important dimension of privacy concerns as a topic in the existing literature
review. Therefore, it is worth pursuing further research in this field.
VIII. CONCLUSION
The way in which personal data is handled appears to be critical to Internet users in the
B2C e-commerce environment. This exploratory study found that 94.2 percent of the
respondents are concerned about personal information privacy. Only one of the seven
hypotheses was substantiated. Some contentious facts were derived from this study. For
instance, while there was no relationship between web cookies and privacy concern, this
sample was concerned with web cookies, where a higher percentage had selected warn
about all cookies and reject all cookies. This sample seemed to be more comfortable in
providing personal information if there were a privacy law or privacy policy or even an
Internet seal of approval to protect respondents personal data. However, statistical
testing showed that the presence of legislation and an Internet seal of approval would not
influence an individuals privacy concern. On the contrary, the posting of a privacy
policy over websites should have a significant relationship to ones privacy concerns.

The findings also show some similarities to studies which have been conducted in recent
years in the USA. It appears that that some types of data were more sensitive to Internet
users than others, for instance, data relating to identification cards, credit cards and
names. In addition, the sharing of information with third parties was a major privacy
concern to the respondents. The replication of the examination of privacy concerns may
find new implications for various parties such as websites operators, third party assurance
and policy makers.

Finally, the study suggests that recognising consumers right to data control on the
Internet is an important step for website operators. A trust model approach will more
likely enhance a fair relationship between Internet users and website operators with
regard to personal information privacy.







REFERENCES

Aidman, A., 2000. Childrens Online Privacy. Educational Leadership. October issue
[Online] Available at: http://course1.winona.edu/lgray/el675/StuPrivacy.pdf
[Accessed 14 July 2002].

Attaran, M., 2000. Managing legal liability of the net: a ten step guide for IT Managers.
Information Management and Computer Security. Vol. 8, Issue 2. pp. 98-100.

Bauman, S., 2001. Privacy concerns related to distance shopping. Direct Marketing
Research Association, Wirthlin Worldwide [Online] Available at:
http://energycommerce.house.gov/107/hearings/05082001Hearing209/bauman.pdf
[Accessed 16 June 2002].

Bellman, S., Johnson, E. J., Kobrin, S. J. and Lohse, G. L. 2004. International differences
in information privacy concerns: a global survey of consumers. In Proceedings of
the International Telecommunications Society Asia-Australasian Regional
Conference. Perth, WA: Communication Economics and Electronic Markets
Research Centre. pp. 313-24.

Brown, M. and Muchira, R., 2004. Investigating the relationship between Internet privacy
concerns and online purchase behavior. Journal of Electronic commerce research.
Vol. 5, No. 1, pp. 62-70 [Online] Available at:
http://www.csulb.edu/Web/journals/jecr/issues/20041/Paper6.pdf [Accessed 2
January 2005].

Business Times (Malaysia), 11 April 2001. Personal Data Protection Act to safeguard
privacy, viewed on the 30 August 2004. Available from EBSCO Host.

CIA, 2005, The World Fact Book. [Online] Available at:
http://www.cia.gov/cia/publications/factbook/geos/my.html [Accessed 29 August
2005].

Campbell, A., 1997. Relationship marketing in consumer markets: a comparison of
Managerial and Consumer Attitudes About Information Privacy. Journal of Direct
Marketing. Vol. 11, No. 8; pp. 44-57.

Clarke, R., 2000. Beyond the OECD guidelines: privacy protection for the 21st century.
Available at: http://www.anu.edu.au/people/Roger.Clarke/DV/ PP21C.html or
http://privacy.gov.au/act/review/Att5-PP21C.pdf [Accessed 03 August 2003].

Childrens Online Privacy Protection Act of 1998 (COPPA), 2000. Journal of Internet
Law. January. pp. 22-3.

Cranor, F. L., Reagle, J. and Ackerman, S. M., 1999. Beyond Concern: Understanding
Net Users' Attitudes about Online Privacy, AT &T Labs-Research Technical Report
TR, Available at:
http://www.research.att.com/resources/trs/TRs/99/99.4/99.4.3/report [Accessed 30
September 2003].

Desai, M. S., Richards, T. C. and Desai, K. J., 2003. E-commerce policies and customer
privacy. Information Management and Computer Security. Vol. 11, No. 1. pp. 19-
27.

Department of Statistics (DOS) Malaysia, 2005. Key Statistics. [Online] Available at:
http://www.statistics.gov.my/english/frameset_keystats.php [Accessed 28 July
2005].

Godwin, J. U., 2001. Privacy and security concerns as a major barrier for e-commerce: a
survey study. Information Management and Computer Security. Vol. 9, No. 4, pp.
165-74.

Kolsaker, A. and Payne, C., 2002. Engendering trust in e-commerce: a study of gender-
based concerns. Marketing Intelligence and Planning, Vol. 20, No. 4, pp. 206-14.

Kumaraguru, P. and Cranor, F. L., 2005. Privacy in India: attitudes and awareness. In
Proceedings of the 2005 Workshop on Privacy Enhancing Technologies,
Dubrovnik, Croatia [Online] Available at:
http://lorrie.cranor.org/pubs/PET_2005.pdf [Accessed 30 July 2005].
Harris Louis and Associates and Westin, A. F., 1998. E-commerce and Privacy: What
Net Users Want. Hackensack, NJ: Privacy and American Business.
Harris Interactive, 2002. Privacy On and Off the Internet: What Consumers Want.
Available at: http://www.aicpa.org/download/Webtrust/priv_rpt_21mar02.pdf
[Accessed 15 July 2005].

Harris Interactive, 2003. Harris Interactive Poll on Surveillance Issues. Available at:
http://www.harrisinteractive.com/harris_poll/index.asp?PID=365 [Accessed 15
January 2005].

Hine, C. and Eve, J., 1998. Privacy in the marketplace. The Information Society. Vol. 14,
No. 4, pp. 253-62.

Hoffman, D. L., Novak, T. P. and Peralta, M., 1999. Building consumer trust online.
Communications of the ACM. Vol. 42, No. 4, pp. 80-5.

Husnayati, H, Adam M. S. and Maram M. M., 2003. Towards an ethical e-commerce
practice: A review on Malaysian Websites. In Proceedings of the National
Conference on Information and Communication Technology. Kuala Lumpur: KICT,
IIUM October 21-22, pp. 185-202.

International Telecommunication Union (ITU), 2005. World Telecommunication
Indicators Database. 8
th
edn, CD-ROM version.

Madieha, I., 2002. E-Commerce and Privacy Issues: An Analysis of the Personal Data
Protection Bill, International review of law computers and technology. Vol. 16, No.
3, pp. 31730.

Internet World Statistic, 2005. Internet usage in Asia. Available at:
http://www.Internetworldstats.com/stats3.htm [Accessed 30 August 2005].

Lawrence, E., Newton, S., Corbitt, B., Braithwaite, R., and Parker, C., 2002. Technology
of Internet Business. Australia: John Wiley and Sons.

Lenhart, A., Madden, M. and Hitlin, P., 2005. Teens and Technology: Youth are Leading
the Transition to a Fully Wired and Mobile Nation. Pew Internet and American Life
Project. Available at: http://www.pewInternet.org/PPF/r/162/report_display.asp
[Accessed 10 September 2005].
Malaysia Communication and Multimedia Commission (MCMC), 2005. Facts and
Figures Statistic and Records. Available at:
http://www.mcmc.gov.my/facts_figures/stats/index.asp [Accessed 30 August 2005].

Malaysia Salary Guide (MSG), 2005. Available at:
http://www.kellyservices.com.my/res/content/my/services/en/docs/salary_guide_05.
pdf [Accessed 5 May 2005].

Malaysian Network Information Centre (MYNIC), 2005. Statistic. Available at:
http://www.mynic.net.my/ [Accessed 30 August 2005].

Milberg, S. J., Burke, S. J., Smith, H. J. and Kallman, E. A., 1995. Values personal
information privacy and regulatory approaches. Communications of the ACM.
December, Vol. 38, issue 12, pp. 65-74.

Milne, G. R., 2000. Privacy and ethical issues in database / interactive marketing and
public policy: a research framework and overview of the special issue. Journal of
Public Policy and Marketing. Vol. 19 (1), p. 1-6.


Miyazaki, A. D. and Fernandez, A., 2000. Internet Privacy and Security: An Examination
of Online Retailer Disclosures. Journal of Public Policy and Marketing. Vol. 19
(1), pp. 54-61.

Miyazaki, A. D. and Krishnamurthy, S., 2002. Internet seals of approval: effects on
online privacy policies and consumer perceptions. Journal of Consumer Affairs. Vol. 36,
No. 1, pp. 28-49.

Multimedia Development Corporation (MDC), 2005. Websites. Available at:
http://www.msc.com.my/msc/msc.asp [Accessed 30 August 2005].

Multimedia Super Corridor (MSC), 2005. Malaysian Cyberlaws. Available at:
http://www.msc.com.my/cyberlaws/ [Accessed 15 July 2005].

Nakra, P., 2001. Consumer privacy rights: CPR and the age of the Internet. Management
Decision. Vol. 39, No. 4, pp. 272-78.

National Broadband Plan (NBP), 2004. Connecting communities- Widening private
access. Slides presented at the Economic And Social Commission For Asia And The
Pacific. UNCC, Bangkok.

New Straits Times (Malaysia) 2003. Banks have to practice privacy. 3 July.

Phelps, E. J., DSouza, G. and Nowak, G. J., 2001. Antecedents and consequences of
consumer privacy concerns: An empirical investigation. Journal of Interactive
Marketing. Vol. 15, No. 4, pp. 2- 17.

Phelps, E. J., Nowak, G. J. and Ferrell, E., 2000. Privacy concerns and consumer
willingness to provide personal information. Journal of Public Policy and
Marketing. Vol. 19(1), pp. 27-41.

Rotenberg, M., 2004. Overview of Privacy; An International Survey of Privacy Law and
Developments. Privacy and Human Rights. Available at:
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-
82589andals[theme]=Privacy%20and%20Human%20Rightsandheadline=PHR2004
[Accessed 15 June 2005].

Roy Morgan Research, 2004. Community attitudes towards privacy. Report prepared for
the Office of the Federal Privacy Commissioner, Australia. Available at:
http://www.privacy.gov.au/publications/rcommunity04.pdf [Accessed 15
September 2005].

Sekaran, U., 2000. Research Methods for Business: A Skill-building Approach. USA:
John Wiley and Sons.

Singh, T. and Hill, M. E., 2003. Consumer privacy and the Internet in Europe: a view
from Germany. Journal of Consumer Marketing. Vol. 20, No. 7, pp. 643-651.

Spiekermann, S., Grosskiags, J. and Berendi, B., 2001. E-privacy in 2nd generation e-
commerce: privacy preferences versus actual behavior. In Proceedings of 1
st
E-
commerce Conference. Tampa, Florida, USA.

Stone, E., Gardner, D., Gueutal, H. G. and McClure, S., 1983. A field experiment
comparing information - privacy value, beliefs and attitudes across several types of
organisations. Journal of Applied Psychology. Vol. 68, No. 3, pp. 459-68.

Tam, C. J., 2000. Personal data privacy in the Asia Pacific: a real possibility,
computers. In Proceedings of the Tenth Conference on Computers, Freedom and
Privacy: Challenging the Assumptions. Toronto, Ontario, Canada, pp. 259-62.

Taylor Nelson Sofres (TNS), 2002. The Third Annual Global E-commerce Report.
Available at: http://www.tnsofres.com/ger2002 [Accessed 2 August 2002].

Upfront, 2004. Wanted: online privacy police. The Information Management Journal. 1
st

January issue.

Wang, H., Lee, M. and Wang, C., 1998. Consumer privacy concerns about Internet
marketing. Communications of the ACM. Vol. 41, No. 3, pp. 63-70.

Warren, S. and Brandeis, L., 1890. The right to privacy. Harvard Law Review. Vol. 4,
No. 5, pp. 193-220.
Westin, A. F., 1998. E-commerce and privacy: what net users want. Hackensack, NJ:
Privacy and American Business.
Westin, A. F., 1967. Privacy and freedom. New York: Atheneum Publishers.


BIBLIOGRAPHY

Ackerman, M. S., Cranor L. F. and Reagle, J., 1999. Privacy in E-commerce: examining
user scenarios and privacy preferences. In Proceedings of the 1
st
ACM Conference
on Electronic Commerce. November, Denver, pp. 1-8.

Carroll, K., 1999. E-commerce success may depend on online privacy. Telephony. Vol.
237, No. 17, pp. 46-8.

Corbitt, J. B., Thanasankit, T. and Han, Yi, 2003. Consumer perception and trust on the
World Wide Web. Journal of Electronic Commerce Research and Application.
Volume 2, Issue 3, Autumn, pp. 203-15.

Culnan, M., 1995. Consumer awareness of name removal procedures: implications for
direct marketing. Journal of Direct Marketing. Vol. 9, No. 2, pp.12-18.

Federal Trade Commission. Privacy policies on-line: Improving for Consumers.
Consumers Research Magazine. Vol. 82, No. 10, pp. 26-30.

Harris Interactive, 1999. Industry leadership group to tackle privacy concerns privacy
leadership initiative focuses on consumers: concerns about privacy and offers rapid
work plan. [Online] Available at:
http://www.harrisinteractive.com/news/allnewsbydate.asp?NewsID=113 [Accessed
12 June 2003].

Hinduja, S., 2004. Theory and policy in online privacy. Knowledge, Technology, and
Policy. Spring, Vol. 17, No. 1, pp. 3858.

Kandra, A., 2002. National security vs online privacy. Consumer Watch, PC World.
January issue.

Margulis, T. S., 2003. Privacy as a social issue and behavioral concept. Journal of Social
Issue. Vol. 59, No. 2, pp. 243-61.

Mack, B. 2002. Online privacy critical to research success. Marketing News. Nov. 25.

Miyazaki, A. D. and Fernandez, A., 2001. Consumer perceptions of privacy and security
risks for online Shopping. Journal of Consumer Affairs. Vol. 35, pp 27-44.

Moor J., 1997. Towards a theory of privacy in the information age. In Van Den.

Hoven, M. L., Ed., 1997. Proceedings of The Conference on Computer Ethics:
Philosophical Enquiry: CEPE 97. Rotterdam: Erasmus University Press. pp. 40-9.

Nowak, G. and Phelps, J., 1992. Understanding privacy concerns: An assessment of
consumer information related knowledge and beliefs. Journal of Direct
Marketing. Vol. 6, No. 4, pp. 28-39.

Nyshadham, E. A., 2000. Privacy policies of air travel websites: a survey and analysis.
Journal of Air Transport Management. Vol. 6, pp. 143-52.

Ramus, K. and Nielsen A. N., 2005. Online grocery retailing: what do consumers think?
Internet Research. Vol. 15, No. 3, pp. 335-52.

Stead, B. A. and Jackie, G., 2001. Ethical issues in electronic commerce. Journal of
Business Ethics. Vol. 34, No. 2, pp. 75-85.

Stone, E. F. and Stone D. L., [year unknown] Privacy in organisation: theoretical issues,
research findings and protection mechanisms, in Research in Personnel and
Human Resources Management, Vol. 8, pp. 349-411.

Tweney, D., 1998. The consumer battle over online information privacy has just begun.
InfoWorld. Vol. 20, No. 25, p. 65.

Waak, E., 2002. The global reach of privacy invasion. The Humanist. November and
December issue [Online] Available at:
http://www.thehumanist.org/humanist/articles/waakND02.htm [Accessed 11 July
2005].

Wang, P. and Petrison, L.,1993. Direct marketing activities and personal privacy: a
consumer survey. Journal of Direct Marketing. Vol. 7, No. 1, pp. 7-19.

Westin, A. F., 2003. Social and political dimension of privacy. Journal of Social Issues.
Vol. 59, No. 2, pp. 431-53.