To read this content please select one of the options below:

Cloud privacy objectives a value based approach

David Lewis Coss (Department of Accounting and Legal Studies, School of Business and Economics, College of Charleston, Charleston, South Carolina, USA)
Gurpreet Dhillon (Department of Information and Supply Chain Management, Bryan School of Business and Economics, University of North Carolina at Greensboro, Greensboro, North Carolina, USA)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 14 February 2019

Issue publication date: 28 May 2019




To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.


For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.


The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

Research limitations/implications

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

Practical implications

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.


Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.



Coss, D.L. and Dhillon, G. (2019), "Cloud privacy objectives a value based approach", Information and Computer Security, Vol. 27 No. 2, pp. 189-220.



Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Related articles