Organizational Privacy Research Articles

Fostering Information Sharing Willingness: An Organizational Privacy Calculus for Industry 4.0 Supply Chains

ABSTRACT Supply chain partners exchange information to achieve shared performance goals. However, information sharing is fraught with risks and concerns around organizational data privacy and security. Extant studies provide connectivity and supply chain partners’ willingness to share information as factors driving information-sharing. In an Industry 4.0 supply chain, technology provides the capability to share information across organizations. Literature highlights the role of technological capabilities and privacy by design in addressing the risks and concerns in information sharing that may influence the willingness of supply chain partners to share information. We introduce the framework of organizational privacy calculus comprising privacy by design to balance the needs and willingness to share information against environmental dynamism, regulations, and data sensitivity risks that can impact information sharing in the supply chain and procurement. We use OIPT and privacy calculus as theoretical lenses to derive empirically the balancing framework. The contribution of our study is twofold: proposing an organizational privacy calculus that focuses on organizational information sharing and highlighting the importance of privacy by design to alleviate risks of sharing sensitive information. The study empirically establishes that technology capabilities and privacy protection measures are essential for enhancing inter-organizational willingness to share information to balance against concerns.

Benefits of Artificial Intelligence and its Innovation in Organizations

This article reviews the advances, benefits and contributions of artificial intelligence to business organizations, without ignoring the need for skilled human labor and talent that companies have always required and which is essential for the economic development of a company. The implementation of legal frameworks and regulations that will in turn address issues such as organizational privacy, cybersecurity and liability are important aspects to be addressed in this article. Thus, this paper focuses on the compilation of scientific articles, books and other texts in which important topics were evidenced such as (i). - Innovation and invention, (ii). - Big Data, (iii). -Implementation of artificial intelligence in organizations, and (iv). -legality and responsibility of decisions, likewise, it examines the legal challenges of AI and highlights that smart contracts are a technological innovation that allows secure, fast and low-risk transactions using blockchain technology, this is why the literature review aims to explore how technology, artificial intelligence and communication tools can facilitate the work of the population, decreasing the time spent on some activities

Role-based privacy cynicism and local privacy activism: How data stewards navigate privacy in higher education

This study examines the impact of role-based constraints on privacy cynicism within higher education, a workplace increasingly subjected to surveillance. Using a thematic analysis of 15 in-depth interviews conducted between 2017 and 2023 with data stewards in the California State University System, the research explores the reasons behind data stewards’ privacy cynicism, despite their knowledge of privacy and their own ability to protect it. We investigate how academic data custodians navigate four role-based tensions: the conflict between the institutional and personal definitions of privacy; the mutual reinforcement between their privacy-cynical attitudes and their perceptions of student privacy attitudes; the influence of role constraints on data stewards’ privacy-protective behaviors; and the contrast between the negatively valued societal surveillance and the positively valued university surveillance. The findings underscore the significance of considering organizational privacy cultures and role-based expectations in studying privacy cynicism. The study contributes to the theoretical understanding of privacy cynicism and offers practical implications for organizations, emphasizing the importance of aligning organizational definitions of privacy with employees’ understanding. Future research should further explore the mutual reinforcement of privacy cynicism in the relationship between data providers and data consumers (which we call the “spiral of resignation”) and consider the impact of role-based constraints in other organizational contexts.

E-resource librarians perceptions on library patron privacy

Libraries are tasked with upholding a code of ethics for patron privacy according to the Library Bill of Rights and the American Library Association's (ALA) Code of Ethics. However, patrons' personal identifiable information (PII) is being shared through various channels. As libraries move to more technical and digital based collections this creates more challenges to safeguarding patrons' privacy. This technical environment is where information now serves as a platform for library assessment analysis, access for patrons, and demonstration of impact.This study examines the values of e-resource librarians about privacy, the environmental factors influencing decisions, and if the e-resource librarian has a role in their organization's privacy standards. Data was collected through surveys, and the study found that there is a direct correlation between an organization having a policy on privacy and the e-resource librarians' values being represented in their role. There are also indications that the e-resource librarian believes their employer shares their values on privacy. Lastly, the study revealed two major external driving forces on privacy policy are vendors and US privacy policy.

Examining the case of French hesitancy toward IDaaS solutions: Technical and social contextual factors of the organizational IDaaS privacy calculus

Identity-as-a-service (IDaaS) is a cloud security service to which companies can outsource the identity and access management (IAM) functions that administer their employee's access to organizational resources. Engaging with the information systems (IS) privacy literature, our qualitative analysis develops a framework for an organizational privacy calculus that informs French organizational consumers’ decisions to pursue IDaaS solutions. We collect data from employees of a multinational IDaaS provider operating in Europe but headquartered in the US. Our case study reveals the organizational privacy calculus associated with transferring control of a primary security control to a multinational cloud service provider.

Uncovering the structures of privacy research using bibliometric network analysis and topic modelling

PurposeThis paper aims that privacy research is divided in distinct communities and rarely considered as a singular field, harming its disciplinary identity. The authors collected 119.810 publications and over 3 million references to perform a bibliometric domain analysis as a quantitative approach to uncover the structures within the privacy research field.Design/methodology/approachThe bibliometric domain analysis consists of a combined directed network and topic model of published privacy research. The network contains 83,159 publications and 462,633 internal references. A Latent Dirichlet allocation (LDA) topic model from the same dataset offers an additional lens on structure by classifying each publication on 36 topics with the network data. The combined outcomes of these methods are used to investigate the structural position and topical make-up of the privacy research communities.FindingsThe authors identified the research communities as well as categorised their structural positioning. Four communities form the core of privacy research: individual privacy and law, cloud computing, location data and privacy-preserving data publishing. The latter is a macro-community of data mining, anonymity metrics and differential privacy. Surrounding the core are applied communities. Further removed are communities with little influence, most notably the medical communities that make up 14.4% of the network. The topic model shows system design as a potentially latent community. Noteworthy is the absence of a centralised body of knowledge on organisational privacy management.Originality/valueThis is the first in-depth, quantitative mapping study of all privacy research.

Information Privacy Assimilation

This paper proposes a framework to understand organizations' perspectives while safeguarding customers' information privacy. Following a detailed literature review, a broad conceptual model was developed to build a theory based on a multi-site, multi-case study approach. The current manuscript treats information privacy as distinct from information security. From an organizational standpoint, this research reveals that legal policy, technology, and industry standards drive privacy assimilation. At a detailed level, adherence to compliance, competitive best practices, and data management controls significantly impact an organization's opportunistic perspective, resulting in higher-order assimilation (infusion) of organizational privacy practices. Resistance to compliance, investment cost, and reactive approach results in lower-order assimilation (adaptation) of organizational privacy practices. This study delivers practical implications related to how businesses perceive privacy practices while maintaining the right balance of privacy risks and opportunities.

The Influence of Individuals' Concerns about Organization's Privacy Information Practices on Customers' Online Purchase Intentions: The Mediating Role of Online Trust

The Influence of Individuals' Concerns about Organization's Privacy Information Practices on Customers' Online Purchase Intentions: The Mediating Role of Online Trust

Organisational Privacy Culture and Climate: A Scoping Review

New regulations worldwide are increasingly pressing organisations to review how they collect and process personal data to ensure the protection of individual privacy rights. This organisational transformation involves implementing several privacy practices (e.g., privacy policies, governance frameworks, and privacy-by-design methods) across multiple departments. The literature points to a strong influence of the organisations’ culture and climate in implementing such privacy practices, depending on how leaders and employees perceive and address privacy concerns. However, this new hybrid topic referred to as Organisational Privacy Culture and Climate (OPCC), remains poorly demarcated and weakly defined. In this paper, we report a Scoping Review (ScR) on the topic of OPCC to systematically identify and map studies, contributing with a synthesis of the existing work, distinguishing core and adjacent publications, research gaps, and pathways of future research. This ScR includes 36 studies categorised according to their demographics, research types, contribution types, research designs, proposed definitions, and conceptualisations. Also, 18 studies categorised as primary research were critically appraised, assessing the studies’ methodological quality and credibility of the evidence. Although published research has significantly advanced the topic of OPCC, more research is still needed. Our findings show that the topic is still in its embryonic stage. The theory behind OPCC has not yet been fully articulated, even though some definitions have been independently proposed. Only one measuring instrument for privacy culture was identified, but it needs to be further developed in terms of identifying and analysing its factors, and evaluating its validity and reliability. Initiatives of future research in OPCC will require interdisciplinary research efforts and close cooperation with industry to further propose and rigorously evaluate instruments. Only then OPCC would be considered an evidence-based research topic that can be reliably used to evaluate, measure, and embed privacy in organisations.

Guidance for Professional Use of Social Media in Nutrition and Dietetics Practice

Guidance for Professional Use of Social Media in Nutrition and Dietetics Practice

Privacy engineering superheroes

Privacy engineers are essential to both preventing and responding to organizational privacy problems.

Counteracting consumer subversion: Organizational privacy ethical care as driver of online information sharing

AbstractWith an ever‐increasing hunger for consumer data by firms, and despite many organizational efforts to reduce consumer privacy concerns, consumer subversion behavior towards information provision persists. Organizational privacy ethical care, an organizational behavior that goes beyond legislative action and moral codes, provides a new theory of how to overcome this issue. Across three studies, we develop and test theory which suggests an organizational ethic of care approach to privacy will have a positive impact on reducing consumer subversion behavior (i.e. increase consumers' willingness to share information and the accuracy of information they share). The correlational and causal results indicate that perceived organizational privacy ethical care is a positive driver of the amount and the accuracy of information consumers are willing to share with firms. The results also suggest partial support that this relationship is mediated through perceived information control and trust towards the organization. Thus, we provide some support for a better corporate approach to privacy, beyond previously suggested legislative and social responsibility standards, which allows for the reduction of consumer privacy concerns and subsequent subversion behaviors.

Understanding employees' adoption of the Bring-Your-Own-Device (BYOD): the roles of information security-related conflict and fatigue

PurposeWhile the bring-your-own-device (BYOD) trend provides benefits for employees, it also poses security risks to organizations. This study explores whether and how employees decide to adopt BYOD practices when they encounter information security–related conflict.Design/methodology/approachUsing survey data from 235 employees of Chinese enterprises and applying partial least squares based structural equation modeling (PLS-SEM), we test a series of hypotheses.FindingsThe results suggest that information security–related conflict elicits information security fatigue among employees. As their information security fatigue increases, employees become less likely to adopt BYOD practices. In addition, information security–related conflict has an indirect effect on employee's BYOD adoption through the full mediation of information security fatigue.Practical implicationsThis study provides practical implications to adopt BYOD in the workplace through conflict management measures and emotion management strategies. Conflict management measures focused on the reducing of four facets of information security–related conflict, such as improve organization's privacy policies and help employees to build security habits. Emotion management strategies highlighted the solutions to reduce fatigue through easing conflict, such as involving employees in the development or update of information security policies to voice their demands of privacy and other rights.Originality/valueOur study extends knowledge by focusing on the barriers to employees' BYOD adoption when considering information security in the workplace. Specifically, this study takes a conflict perspective and builds a multi-faceted construct of information security–related conflict. Our study also extends information security behavior research by revealing an emotion-based mediation effect, that of information security fatigue, to explore the mechanism underlying the influence of information security–related conflict on employee behavior.

Information privacy in e-service: Effect of organizational privacy assurances on individual privacy concerns, perceptions, trust and self-disclosure behavior

The increasing use of the Internet for service delivery has paralleled an increase of e-service users' privacy concerns as technology offers ample opportunities for organizations to store, process, and exploit personal data. This may reduce individuals' perceived ability to control their personal information and increase their perceived privacy risk. A systematic understanding of individuals' privacy concerns is important as negative user perceptions are a challenge to service providers' reputation and may hamper service delivery processes as they influence users' trust and willingness to disclose personal information. This study develops and validates a model that examines the effect of organizational privacy assurances on individual privacy concerns, privacy control and risk perceptions, trust beliefs and non-self-disclosure behavior. Drawing on a survey to 547 users of different types of e-services – e-government, e-commerce and social networking – in Rwanda, and working within the framework of exploratory analysis, this study uses partial least square-structural equation modeling to validate the overall model and the proposed hypotheses. The findings show that perceptions of privacy risks and privacy control are antecedents of e-service users' privacy concerns, trust and non-self-disclosure behavior. They further show that the perceived effectiveness of privacy policy and perceived effectiveness of self-regulations influence both perceptions of privacy risks and control and their consequences; users' privacy concerns, trust and non-self-disclosure behavior. The hypotheses are supported differently across the three types of e-services, which means that privacy is specific to context and situation. The study shows that the effect of privacy assurances on trust is different in e-government services than in other services which suggest that trust in e-government may be more complex and different in nature than in other contexts. The findings serve to enhance a theoretical understanding of organizational privacy assurances and individual privacy concerns, trust and self-disclosure behavior. They also have implications for e-service providers and users as well as for regulatory bodies and e-services designers.

BOTNET FORENSIC: ISSUES, CHALLENGES AND GOOD PRACTICES

Unethical hacking of sites, probing, click frauds, phishing, denial of services attack and many such malicious practices affects the organizational integrity and sovereignty. Such activities are direct attacks on the safety, security and confidentiality of the organization. These activities put organizational privacy at stake. Botnet forensic is utilized to strengthen the security issues by understanding the modus operandi of the attacks. The available observations can be utilized in future also to prevent a potential threat to network security. This paper enlightens the novel summary of previous survey including life cycle, classification, framework, detection, analysis and the challenges for botnet forensics.

An Efficient & Secure Content Contribution and Retrieval content in Online Social Networks using Level-level Security Optimization & Content Visualization Algorithm

<span lang="EN-US">Online Social Networks (OSNs) is currently popular interactive media to establish the communication, share and disseminate a considerable amount of human life data. Daily and continuous communications imply the exchange of several types of content, including free text, image, audio, and video data. Security is one of the friction points that emerge when communications get mediated in Online Social Networks (OSNs). However, there are no content-based preferences supported, and therefore it is not possible to prevent undesired messages. Providing the service is not only a matter of using previously defined web content mining and security techniques. To overcome the issues, Level-level Security Optimization & Content Visualization Algorithm is proposed to avoid the privacy issues during content sharing and data visualization. It adopts level by level privacy based on user requirement in the social network. It evaluates the privacy compatibility in the online social network environment to avoid security complexities. The mechanism divided into three parts namely like online social network platform creation, social network privacy, social network within organizational privacy and network controlling and authentication. Based on the experimental evaluation, a proposed method improves the privacy retrieval accuracy (PRA) 9.13% and reduces content retrieval time (CRT) 7 milliseconds and information loss (IL) 5.33%.</span>

Privacy in Location-Sensing Technologies

Data analysis is becoming a popular tool to gain marketing insights from heterogeneous and often unstructured sensor data. Online stores make use of click stream analysis to understand customer intentions. Meanwhile, retail companies transition to locating technologies like RFID to gain better control and visibility of the inventory in a store. To further exploit the potential of these technologies, retail companies invest in novel services for their customers, such as smart fitting rooms or location of items in real time. In such a setting, a company can not only get insights similar to online stores, but can potentially also monitor customers. In this chapter, we discuss various location-sensing technologies used in retail and identify possible direct and indirect privacy threats that arise with their use. Subsequently, we present technological and organisational privacy controls that can help to minimize the identified privacy threats without losing on relevant marketing insights.

German Translation of the Concerns for Information Privacy (CFIP) Construct

We present and validate a German translation of the construct Concerns for Information Privacy (CFIP). This construct, consisting of four sub-constructs, measures the privacy concerns of individuals with regard to organizational privacy practices. With this scope, the construct has a wide applicability for quantitative research on privacy. We surveyed participants on the location-based mobile augmented reality game Pokemon Go. We conducted the translation with the help of two independent and certified translators and tested the validity and reliability of the constructs by conducting a confirmatory factor analysis (CFA). The analysis is based on a sample of 681 active players of the game. The participants were acquired with the help of a certified German panel provider. The results indicate the validity and reliability of the German translation of the CFIP construct for the case of Pokemon Go. Professional translations of existing constructs are necessary to apply established models and associated questionnaires in other countries. This holds in particular, because language may influence survey responses, especially with regard to attitudes. However, these translations are associated with high monetary costs and efforts and seldom published. Therefore, we provide opportunities for future work by making our valid and reliable German translation of the CFIP construct accessible to interested researchers.

Privacy by designers: software developers’ privacy mindset

Privacy by design (PbD) is a policy measure that guides software developers to apply inherent solutions to achieve better privacy protection. For PbD to be a viable option, it is important to understand developers' perceptions, interpretation and practices as to informational privacy (or data protection). To this end, we conducted in-depth interviews with 27 developers from different domains, who practice software design. Grounded analysis of the data revealed an interplay between several different forces affecting the way in which developers handle privacy concerns. Borrowing the schema of Social Cognitive Theory (SCT), we classified and analyzed the cognitive, organizational and behavioral factors that play a role in developers' privacy decision making. Our findings indicate that developers use the vocabulary of data security to approach privacy challenges, and that this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization; that organizational privacy climate is a powerful means for organizations to guide developers toward particular practices of privacy; and that software architectural patterns frame privacy solutions that are used throughout the development process, possibly explaining developers' preference of policy-based solutions to architectural solutions. Further, we show, through the use of the SCT schema for framing the findings of this study, how a theoretical model of the factors that influence developers' privacy practices can be conceptualized and used as a guide for future research toward effective implementation of PbD.

Examining the intended and unintended consequences of organisational privacy safeguards

Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation’s privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.