Communication privacy management theory
Communication Privacy Management Theory (CPM) explores the dynamics of how individuals manage their private information and decide what to disclose about themselves. It posits that individuals believe they have the right to control their personal data, and they establish personal privacy rules to protect this information. When private information is shared with others—such as healthcare providers or social media platforms—these parties become co-owners of that information, necessitating a shared agreement on privacy rules.
The theory highlights the concept of "boundary turbulence," which occurs when there is a conflict over how shared information is used, especially if co-owners do not adhere to the agreed-upon boundaries. With the rise of digital communication, particularly through social media, CPM has gained relevance as many users are often unaware of how their information is disseminated and used. This theory is particularly significant in sensitive contexts such as healthcare, where understanding privacy boundaries can impact patient-provider relationships, and in educational settings, where students navigate the complexities of sharing personal information online. Overall, CPM reveals how individuals navigate the intricate balance between sharing and protecting their private information in various social contexts.
On this Page
Communication privacy management theory
Overview
Communication scholars use communication privacy management theory to explain when and why individuals reveal private information about themselves. Many scholars are conducting studies about communication privacy management as it applies to social media. The field of study, however, is much older and has also addressed how information is shared face to face, over the phone, and in forms or surveys. Communication privacy management is especially important in fields such as education and medicine, where professionals have access to detailed personal information that individuals may not want to be shared with a larger group, or anyone at all. Scholars studying family issues are also very concerned with communication privacy management and the ways that children and young adults are protected when they participate in online discussions and sharing (Mullen & Hamilton, 2016).
Much of the study of communication privacy management deals with "self disclosure" or the times when individuals have freely shared information about themselves. However, the Internet has made it much easier to share information across multiple platforms, often without the knowledge of the individual whose data is being shared. For this reason, communications scholars have become interested in how much individuals know at the time of disclosure, and if they know about and approve of the many ways that their information is eventually used. The first and most famous study of communication privacy management was produced by Prof Sandra Petronio of Indiana University – Purdue. In the early 1990s, Petronio began to study the ways that individuals understand and conceptualize their own privacy. She conceptualized five general principles of communication privacy management: (1) individuals have the right to own and control their own personal data; (2) individuals control and protect their information through "personal privacy rules"; (3) when others, such as individuals, doctors, or corporations, are given an individual's private information, they become co-owners of the information; (4) co-ownership of information requires a shared and negotiated set of rules for how the information can be shared and used; and (5) if co-owners do not properly negotiate with the individual, or do not follow the agreed upon privacy rules, there will be a conflict over how private information is used and shared. This is called "boundary turbulence."
Further Insights
Communications scholars frequently discuss communication privacy management in terms of boundaries, or the limits that individuals will not cross. These boundaries are based on the types of information to be shared. For example, an individual might decide that she will share the city that she lives in, but not her street address. There are two types of boundaries discussed in communication privacy management. Personal information, which has not been shared, is protected by a "personal boundary." Personal information which has been shared is protected by a "collective boundary." The use of collective boundaries can be difficult, because some are strictly protected while others are freely accessible to a variety of users with very little effort. Problematically, the individual for which the information is personal might have a differing opinion about how and when their information should be shared. For example, the Sandy might share her address when she orders a pair of shoes online. She will need to tell the shoe company where she lives so that the order can be delivered. Sandy most likely accepts that the shoe company will share her address with a shipping company. However, Sandy might object if the shoe company also shares her address with other companies that sell shoes and clothing. These secondary companies want to access Sandy's address so that they can send her catalogs advertising more shoes. She may object to the additional mail that is produced by this sharing, or Sandy may object that the secondary company now also has her information and might share it yet again, with other companies that sell items that she is even less interested in. In this example, Sandy shared her personal information with one company, and in doing so created a situation in which there was co-ownership of multiple pieces of information—that is, she shared her address, but the shoe company shared that Sandy buys and most likely wears shoes. This is a rather innocent example as almost all humans buy and wear shoes. The co-ownership and sharing of Sandy's information might be more egregious if she had bought something she might not want many people to know about. Her purchase might have been of items ranging from religious attire and books to pornography to weapons. In each of these example purchases, Sandy might not want her neighbors or community to know about her purchases. For example, if Sandy had ordered a weapon, her purchase would be easy to keep private because it would come in a box at an assigned time addressed only to her. However, if the weapon sales company shared or sold her information, Sandy might begin receiving unsolicited magazines, catalogs, and promotional materials for a broad assortment of weapons. Those would be harder to keep private, and Sandy might be annoyed or distressed because it her information had obviously been shared without her consent.
Sandy's example demonstrates the different types of boundaries used in communication privacy management. Sandy first shared her information with the shoe company, the boundaries to sharing her information became permeable. Scholars call this "boundary permeability" and discuss the ways that the boundaries become thinner and thinner the more times and ways that information is shared. When she first shared her information with the shoe company, the boundary was very thick—that is, the information was shared only between Sandy and one company. The link, therefore between the sharers of information was very strong. However, the boundary became thinner and thinner as Sandy's information was shared with more companies, and the link became weaker as well, to the point that Sandy might not be able to tell who had access to her information. The potential disagreement between Sandy and the companies that now have her information is known as boundary turbulence, and draws on a metaphor of riding in an airplane and encountering unexpected pockets of air. Individuals may feel that their information is bouncing around in unknown and untraceable ways.
Boundary turbulence occurs for many reasons. Some companies simply do not work hard enough to protect data. Others attempt to protect user data but are overwhelmed by technology or demands being made on their company. Data is also at times shared by mistake, stolen by hackers, or sold either when a company is sold or when a company chooses to sell a list of its customers. In each of these examples, an individual has lost some control of his or her data. The individual might be accommodating of this loss, or understanding of why it occurred, or they may be very upset and decide to sue for their loss of privacy. The risks of accidental data sharing have increased as more information is made available online, and as such, scholars of communication privacy management are working to better understand both how individuals expect that their information is protected and how companies attempt to follow their customers' wishes and expectations.
Boundary turbulence occurs when individuals never wanted anyone except for a small group to know specific pieces of information. However, it also occurs when individuals were preparing for a specific time to release information (DeGroot & Vik, 2017). This could include announcing a pregnancy or miscarriage (Bute, Brann & Hernandez, 2017), sexual identity (McKenna-Buchanan, Munz & Rudnick, 2015), or romantic relationship (Thorson, 2015) before the user is ready for others to know. These breaches of privacy often result in the individual demanding that privacy boundaries be rethought or applied differently, but even when that is done, it is too late to get the shared information back. The lasting effects of sharing that information will continue to affect the individual after the privacy boundary has been breached.
Issues
Communication privacy management theory plays a significant role in the ways that medical information is produced, shared, and discussed, especially when it comes to a doctor communicating bad news. For example, Ngwenya, Farquhar, and Ewing (2016) have studied the ways that individuals decide to share or keep a cancer diagnosis private. Understanding this process of sharing helps doctors to better work with the patient as well as to design treatment plans that work within the patient's privacy boundaries. For example, a patient is already assumed to have shared the diagnosis with her doctor but may not want anyone else to know about the diagnosis. A doctor needs to know about this privacy barrier so that she does not accidentally tell the patient's family. This privacy barrier may mean that the doctor needs to be careful when leaving messages for the patient or when sending mail and bills to the patient's house. Small acts, like sending a bill in an unmarked envelope could ensure that the patent's privacy boundaries are respected, which would maintain a strong relationship between the patient and her doctor.
One of the most commonly discussed topics in communication privacy management theory is the use of social media platforms such as Facebook. Scholars are concerned that Facebook users may not understand the many ways that their information is being used. A user may expect a solid privacy boundary, when in fact the privacy boundary is very permeable. Scholars are concerned that users of social media are expiring "context collapse" in which information that they would never share in a face-to-face interaction with a stranger is shared freely online. For example, it is unlikely that a social media user would show pictures of his children to each stranger on a subway, but he might feel very comfortable posting that same picture of a social media page. He might expect that this image was protected and only able to be seen by select acquaintances, but it is difficult to ensure that this privacy is protected online because information is often shared between different groups and across multiple user platforms. A 2020 study conducted by van der Schyff, Flowerday, and Furnell found that females were especially vulnerable to privacy risks when using Facebook.
One study, by Beam, Child, Hutchens, and Hmielowski (2017), analyzed the behavior of 771 social media users and found that context collapse is positive as it expanded the friend groups of individuals to include people from many ethnic, religious, and economic groups. However, other studies of context collapse found that university students were at times uncomfortable with the ways that the boundaries between their private and educational lives were blurred. This sometimes occurred as coursework was shared on Facebook, making it possible for students and professors to connect with each other both in the classroom and online (Imlawi, Gregg & Karimi, 2015). Dennen and Burner's (2017) study of Facebook as a teaching tool found that while some students supported this interconnectivity, others were concerned that requiring the use of Facebook infringed on the privacy barriers of students who had specifically decided not to use social media, or not to use social media in this particular way.
In the workplace, communication privacy management theory is used to describe when and how employees decide to share information about themselves. This information might range from their sexuality to their religion, from their family makeup to their political views—that is, any information that does not specifically pertain to the specific job for which they have been employed. For example, in a study of female employees, Helens-Heart (2017) found that females determined when to disclose their sexual identity based on three risk factors: job loss, altered perceptions of professional image, and interference with ability to work. The analysis of these risks is often completed by an individual who might choose to share her sexuality with a small number of friends or colleagues but does not want to share that information with the entire company. Communications scholars are interested in how individuals choose to share this kind of information, who the information is first shared with, and what the expectations for privacy are after the information has been shared.
This understanding of sharing with a few people but not an entire group is fascinating to scholars because it shows the fine-tuned ways in which individuals make decisions about specific pieces of information and specific friends with whom that information is to be shared. De Wolf, Willaert, and Pierson (2014) have studied many Facebook accounts in an attempt to predict when this kind of information will be shared, and the ways in which individuals expect that their privacy is protected. In a study of nine hundred Facebook users who participated in a youth group, De Wolf's team found that individuals with stronger ties to the group were more likely to share their information. Additionally, De Wolf's team found that women were more likely to use individual privacy management strategies—that is, they decided who specifically to share information with, sometimes sharing with only a few members of the group. Men, on the other hand, were more likely to use group privacy management strategies—that is, they shared with the entire group and expected the group to then keep their information private. There are limitations to this generalization as De Wolf's study is based on Flemish students whose experiences and expectations might be different from other groups, ethnicities, or nationalities. However, what we can take away from De Wolf and colleagues' study is that there are varying expectations of information sharing between members of the same community.
Bibliography
Beam, M. A., Child, J. T., Hutchens, M. J., & Hmielowski, J. D. (2017). Context collapse and privacy management: Diversity in Facebook friends increases online news reading and sharing. New Media & Society, 1461444817714790.
DeGroot, J. M., & Vik, T. A. (2017). "We were not prepared to tell people yet": Confidentiality breaches and boundary turbulence on Facebook. Computers in Human Behavior, 70, 351–359. doi:10.1016/j.chb.2017.01.016
Dennen, V. P., & Burner, K. J. (2017). Identity, context collapse, and Facebook use in higher education: putting presence and privacy at odds. Distance Education, 38(2), 173–192.
De Wolf, R., Willaert, K., & Pierson, J. (2014). Managing privacy boundaries together: Exploring individual and group privacy management strategies in Facebook. Computers in Human Behavior, 35, 444–454.
Helens-Hart, R. (2017). Females' (non)disclosure of minority sexual identities in the workplace from a communication privacy management perspective. Communication Studies, 68(5), 607–623.
Imlawi, J., Gregg, D., & Karimi, J. (2015). Student engagement in course-based social networks: The impact of instructor credibility and use of communication. Computers & Education, 88, 84–96.
McKenna-Buchanan, T., Munz, S., & Rudnick, J. (2015). To be or not to be out in the classroom: Exploring communication privacy management strategies of lesbian, gay, and queer college teachers. Communication Education, 64(3), 280–300.
Mullen, C., & Hamilton, N. F. (2016). Adolescents' response to parental Facebook friend requests: The comparative influence of privacy management, parent-child relational quality, attitude and peer influence. Computers in Human Behavior, 60, 165–172.
Ngwenya, N., Farquhar, M., & Ewing, G. (2016). Sharing bad news of a lung cancer diagnosis: Understanding through communication privacy management theory. Psycho‐Oncology, 25(8), 913–918.
Sapron, I. (2021). Public and private on a social media profile through the lens of Sandra Petronio's theory. Ideas and Ideals, 13(2), part 1, pp. 126–142, dx.doi.org/10.17212/2075-0862-2021-13.2.1-126-142
Thorson, A. R. (2015). Investigating adult children's experiences with privacy turbulence following the discovery of parental infidelity. Journal of Family Communication, 15(1), 41–57.
Van der Schyff, K., Flowerday, S. & Furnell, S. (2020) Privacy risk and the use of Facebook apps: A gender focused vulnerability assessment. Computers & Security, 96, doi.org/10.1016/j.cose.2020.101866
Wang, Y., Zheng, D., and Fang, Y. (2023). Public information sharing in enterprise social networks: A communication privacy management perspective. Internet Research, doi.org/10.1108/INTR-09-2022-0745