Contemporary organisations struggle to develop effective responses to the complex challenge of deploying sophisticated information technology systems in an era characterised increasingly by customer demands for privacy. In this paper, we develop a conceptual framework of Company Information Privacy Orientation that attempts to reconcile the differences between the organisation’s information management objectives and its ethical and legal obligations to address customers’ privacy. Control theory and justice theory are utilised to build an organisation-level framework that is composed of a firm’s ethical obligation to its customers, its customer information management strategy and its assessment of the risks to its business created by legal demands to provide customer information privacy. The four different types of company privacy orientation profiles that emerge from this conceptual framework are then discussed, along with implications for future research.