TY - JOUR AB - Purpose The purpose of this paper is to facilitate understanding of how to mitigate the privacy concerns of users who have experienced privacy invasions.Design/methodology/approach Drawing on the communication privacy management theory, the authors developed a model suggesting that privacy concerns form through a cognitive process involving threat-coping appraisals, institutional privacy assurances and privacy experiences. The model was tested using data from an empirical survey with 913 randomly selected social media users.Findings Privacy concerns are jointly determined by perceived privacy risks and privacy self-efficacy. The perceived effectiveness of institutional privacy assurances in terms of established privacy policies and privacy protection technology influences the perceptions of privacy risks and privacy self-efficacy. More specifically, privacy invasion experiences are negatively associated with the perceived effectiveness of institutional privacy assurances.Research limitations/implications Privacy concerns are conceptualized as general concerns that reflect an individual’s worry about the possible loss of private information. The specific types of private information were not differentiated.Originality/value This paper is among the first to clarify the specific mechanisms through which privacy invasion experiences influence privacy concerns. Privacy concerns have long been viewed as resulting from individual actions. The study contributes to literature by linking privacy concerns with institutional privacy practice. VL - 32 IS - 6 SN - 0959-3845 DO - 10.1108/ITP-01-2018-0020 UR - https://doi.org/10.1108/ITP-01-2018-0020 AU - Wang Le AU - Sun Zao AU - Dai Xiaoyong AU - Zhang Yixin AU - Hu Hai-hua PY - 2019 Y1 - 2019/01/01 TI - Retaining users after privacy invasions: The roles of institutional privacy assurances and threat-coping appraisal in mitigating privacy concerns T2 - Information Technology & People PB - Emerald Publishing Limited SP - 1679 EP - 1703 Y2 - 2024/09/25 ER -