I’m Glenn Sparks, and I’m talking with Sandra Petronio, who is a professor at Indiana University-Purdue University at Indianapolis, and the author of communication privacy management theory, or “CPM” for short. Sandra, how would you summarize the essence of the theory? Well, I think that it’s important to know that you have—that people believe that they own their private information, that they control their private information, and that when they tell other people they believe those people will become co-owners of that information. And that means that they have certain expectations for how it is they are going to be treating the information you give them. The best way to think about it is in terms of privacy boundaries, so that the information that’s considered private to you is within a boundary that sometimes has thick walls and sometimes has permeable or thin walls, depending on who it is you want to tell or not tell the information to. And with those pieces, we can begin to see how people actually manage private information. The theory has to have a way of dealing, though, with the times that people don’t manage the private information in the way that they wanted to or other people don’t manage the information. So we have a concept of turbulence in the theoretical frame because that allows us to not only see how things don’t work, it allows us to see how it’s a self-regulating system because people try to do that. Let’s say I have some private information that I would like to disclose to you. Do you? (chuckles) (laughs) OK. OK! (laughs) Should I seek to set the rules for managing that private information before I disclose the information to you, or do I disclose the information first, and then try to negotiate the rules afterwards? Well, frankly, I think it matters somewhat, but as long as you negotiate the rules, you’re in much better shape than if you assume I’m going to know exactly what I should do with the information. Always negotiating what you want is perfect. Whether or not the individual will abide by that is not necessarily, but that you—chances are greater. Once I disclose some information to you, do you have—as a co-owner, do you have equal rights in coming back to me, to try— That’s a good question. —to renegotiate those privacy rules, or do I as the person who disclosed it have the primary rights in sort of setting up that, how that’s managed? Well, I would always believe I owned my information, and I had all the rights to control that information. If I give it to you, it is a guardianship, or a stewardship. It is not—you can’t appropriate—although people do this all the—you cannot appropriate total control over the information. Let’s talk about turbulence. OK. You’ve used that term— I love turbulence. —a few times. What exactly do you mean by that term, turbulence? Can you give an example? I can. (Sparks: Yeah.) I can. If you think about—suppose you’re on a lake or an ocean in a sailboat, and a motor boat comes by, and starts to do this (waving hands up and down) to the sailboat. That’s what I mean by turbulence, OK, so that, you’re going along just fine, you have all your friends lined up, you’ve told them all the rules you want them to follow, and then all of a sudden somebody goes off and does something, and it upsets the whole system of privacy management. And so you’re rocking around in the boat, wondering, “how am I going to right this boat?” And so that it’s the turbulence that’s the precursor to full breakdowns. So things don’t go right, but it’s turbulence, because you have the ability at that point to recalibrate. So, on the boat metaphor, I understand the difference between the boat rocking— —and the boat capsizing. —and the boat capsizing! So that’s a disruption versus a breakdown. How would you give that meaning in terms of the management of private, of privacy information? So, can you give an example of where I might be experiencing a disruption, or there might be disruption in the system, versus a complete breakdown? What does that look like? The disruption in the work that we’ve done on blogging, we find that when people blogged and then they forgot that their mother was on their blog and they said something about their mother, and so they try to go and take it offline if they can do that, and if they can’t—we call that blog “scrubbing,” trying to get rid of it—and if they can’t, then they go and do face-to-face repair. That would be a turbulence, because it wasn’t a complete breakdown, they realized what they did, and they were able to manage their privacy boundary in a way that was functional. A full breakdown is like an invasion of privacy. When you don’t have—it could be unintentional invasions of privacy; you were cleaning something, you found a diary from your now-adult child, you read it, when they—the child wrote it when he or she was a teenager, and talks—you talk to the child, and it’s, and the child believes, the adult child believes that was a complete invasion of privacy: “You should’ve never opened that thing,” “You didn’t ask my permission,” “You shouldn’t have seen that information,” “I didn’t want you to see it, I would’ve given it to you if I’d wanted to.” Once that’s happened, is there a way to right the boat? Well, I think that it’s harder. It’s—because one of the interesting issues is that, you know, in most cases we come with a whole bucket of “trust credit points”—I like to think about it that way. So you have this basket of trust credit points, and, you know, you have it with your parents, you have it with your friends, and as soon as that basket is emptied out, it is very hard to put those points back again. It’s easier to add them, but it’s much harder once the basket’s empty to be able to refill that enough so that you can have the same kind of relationship, and it takes a long time. If I knew this theory as well as you know this theory, what question would I have asked you that I haven’t asked you so far? Well, a lot of times people ask me the question about what’s missing. And I think that they—there are a couple of different areas that I’ve been trying to work to cope with the neglect of, and—one is issues of emotion, because emotion does play, I think, significantly, not only in the reactions of people who have their information really sort of co-opted by other people and, you know, and given away in ways that they hadn’t really expected. But, it—you yourself sometimes deal with information that you tell other people and then you have their emotional reaction to going, “Oh my gosh, I just violated my entire own privacy boundary!” And so those—the emotional levels and issues and impact on the way privacy is managed, I think, is an open door, we haven’t really done, I haven’t done much, other people haven’t really done too much with it either. I think it’s hard because you have—because it’s a time and place thing, you have to capture what that is right then and there, you can’t—you almost have to do experimental designs on those things, because you have to, you know, simulate the feeling, and then see what happens with how people make judgments, you know, how does it affect judgment in privacy management.