IT capability, customer information handling, and privacy protection: a resource-based view of organisational performance : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Auckland, New Zealand

Abstract

What is the influence of Information Technology (IT) capability, and customer relationship management (CRM) capability on organisational information privacy protection behaviour, and ultimately how do these relationships impact on organizational performance? What are the relationships between different types of IT capabilities (i.e. outside-in, inside-out, and spanning capabilities) and how do they impact on performance (i.e. directly or indirectly)? This survey study attempted to answer these questions by empirically testing a research model based on the Resource Based-View (RBV) of the firm and the Comparative Advantage Theory of Competition to examine these relationships in the context of New Zealand firms engaged in IT supported CRM activities. RBV theory claims different subsets of a firm's resources (i.e. assets and capabilities) enable it to achieve initial and long-term competitive advantage (Barney, 1991). The role of different types of IS resources in achieving advantage has not been fully explored with some prior work finding evidence of direct effects but most finding only indirect effects of IS resources in general (Wade & Hulland, 2004). In addition, Comparative Advantage Theory claims a comparative advantage in resources leads to a competitive advantage in market position which in turn leads to superior financial performance (Hunt & Morgan, 1995). In turn, an organisation's use of customer information primarily for internal knowledge or external relationship building may be related to its privacy protection capability and how it measures performance (Greenaway & Chan, 2005) but these propositions had not yet been empirically tested. A review of the Information Systems literature showed that very little prior work had been done on organisational level privacy protection behaviours. The findings from my study begin to address these gaps in the literature. This research makes the following contributions to the academic literature on CRM. First, it empirically tested proposals found in the literature which suggested considering information privacy protection as a resource based on claims made by RBV theory. Second, the research splits IS capabilities into three groups (IS inside-out capability, outside-in capability and spanning capability), splits CRM capabilities into two groups (customer knowledge capability and customer relating capability) and splits organisational performance into two groups (effectiveness and efficiency) in order to assess the role of privacy protection practice as a mediating mechanism between different IS and CRM capabilities and organisational performance outcomes. The response data was analysed using Confirmatory Factor Analysis based on the Partial Least Squares parameter estimation technique, a form of Structural Equation Modelling. The findings show inside-out (internally focused) IT capabilities have a weak negative direct effect on customer relating capability. However, this can be mediated by investing in IT outside-in and IT spanning capabilities which have a positive impact on customer relating capability. Interestingly, IT Outside-in (externally focused) capabilities had a direct positive influence on customer knowledge capability. This was unexpected as earlier work predicted this relationship would be mediated by IT spanning resources. As expected, a comparative advantage in customer knowledge capability had a moderate direct positive impact on efficiency, measured as financial performance. It also had a moderate direct positive impact on producing a comparative advantage in customer relating capability. This supports CRM theory which claims that a better understanding of customers based on collecting and processing customer information can lead to a better customer relating capability. But, as predicted, no relationship to privacy protection capability was found. In contrast, using IT to gain a comparative advantage in customer relating capability had a direct positive impact on establishing privacy protection behaviours that exceed guidelines. Treating privacy protection as a resource also appears to lead to greater effectiveness which in turn leads to greater efficiency. In addition to contributing empirical evidence to support the conditions under which the proposed theoretical model applied, the results had several implications for practice. First, the findings provide organisations with greater awareness of how others in their industry are using IT to support customer relating and customer knowledge capabilities and how safeguarding or not safeguarding information privacy contributes directly to effectiveness and indirectly improves financial performance. Second, the findings are useful for raising consumer awareness about actual organisational information privacy practices. Most organisations in New Zealand reported meeting or exceeding industry guidelines. If the reported safeguards are in place and fair information handling practices are being followed, awareness of the results may help to reduce the high levels of privacy concern reported in consumer surveys. Lastly, privacy protection capabilities have a positive impact on performance, giving organisations an incentive to implement them.