Abstract
How do organizations make strategic choices concerning information privacy and security practices? Focusing on organizational privacy strategy, this study describes patterns in response to information privacy threats, firms’ organizational strategy, and responses to institutional pressures. Two theoretical views are converged: Oliver’s (1991) strategic responses framework to institutional processes and Miles and Snow’s (1978) typology of organizational strategy, structure, and processes. Drawing on a healthcare industry study, variations, predictions, and illustrations of four quadrants of conformist, entrepreneur, transformer, and defender privacy strategies are provided. This work’s major contribution is the analysis and conceptualization of organizational privacy strategies, providing an umbrella-like theoretical perspective. Practical implications extend beyond the illustrative setting of the healthcare industry.