Data breaches are rising in magnitude and cost, with technology and privacy threats advancing at a faster pace than privacy regulation. A more sustainable approach to privacy beyond regulation is required. Whilst privacy studies suggest that exceeding regulatory minimums reduces privacy incidents, there is a dearth of scholarship researching privacy activities beyond regulatory minimums. Organisations typically conduct activities beyond regulatory minimums in the nonmarket environment e.g., political and socially responsible activity. Thus, the nonmarket environment provides a starting point for insight into privacy activities beyond regulation. This research utilises a three-stage sequential mixed-methods approach. Each stage is underpinned by theories of control and justice. In the first stage, an Online Delphi Survey is conducted to develop a taxonomy of control-based and justice-based nonmarket privacy activities. A theoretical framework of four primary approaches to privacy in the nonmarket environment is then developed. In the second stage, a number of CSR (CSR) reports (n=90) are reviewed using thematic analysis (leveraging the taxonomy previously developed). Control and justice totals are then calculated for the privacy activities reported in these publications, enabling their approach to nonmarket privacy to be positioned in one of four primary nonmarket privacy orientations. In the third stage, a theoretical framework is developed, based on the Power Responsibility Equilibrium (PRE) theory. Using this framework, a number of hypotheses are formulated regarding the relationships between nonmarket privacy activities and consumer trust, privacy concern, and purchase intention/continuance intention. These hypotheses are explored quantitatively using an experimental vignette methodology (n=396 for the first experiment, and n=503 for the second experiment). Control is found to be associated with increased privacy concern, and reduced consumer trust and purchase/continuance intention. Justice is found to be associated with reduced privacy concern, and increased consumer trust and purchase/continuance intention. This research describes a typology of nonmarket privacy for the first time, and examines a previously unexplored phenomenon. This research extends PRE Theory to the context of nonmarket privacy activities. This research also extends CSR posture theory with the addition of an additional posture called the Warrior posture, and extends the three Generations of CSR with a Fourth Generation of CSR. The research findings provide insights which can assist organisations to address consumers’ privacy concerns and enhance their corporate reputation and bottom line results.