Search results

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

The purpose of this study is to investigate the impacts of regulations and governance of artificial intelligence (AI) on personal data sharing (PDS) in the context of sociolegal, technology and policy perspective.

With the help of theories and literature review, some hypotheses have been formulated and a conceptual model has been developed. These are statistically validated. The validated model has been compared again using impact of regulation and governance of AI as a moderator. The validation has been done using survey by PLS analysis.

The study found that there is a high level of positive impact of regulation and governance of AI on the online PDS by the users.

This study has provided a statistical model which can provide the antecedents of PDS by the online users with the impact of AI regulation and governance as a moderator. The proposed model has explanative power of 92%.

The study highlighted that there is a necessity of having appropriate AI regulations so that users could share their personal data online without any hesitation. Policymakers and legal fraternity should work together to formulate a comprehensive AI regulation and governance framework.

To the best of the authors’ knowledge, there is no study on the impact of AI regulation and governance towards PDS and how it impacts on the security, privacy and trust of the online users.

This paper presents an initial development of a personal data attitude (PDA) measurement instrument based on established psychometric principles. The aim of the research was to develop a reliable measurement scale for quantifying and comparing attitudes towards personal data that can be incorporated into cybersecurity behavioural research models. Such a scale has become necessary for understanding individuals’ attitudes towards specific sets of data, as more technologies are being designed to harvest, collate, share and analyse personal data.

An initial set of 34 five-point Likert-style items were developed with eight subscales and administered to participants online. The data collected were subjected to exploratory and confirmatory factor analyses and MANOVA. The results are consistent with the multidimensionality of attitude theories and suggest that the adopted methodology for the study is appropriate for future research with a more representative sample.

Factor analysis of 247 responses identified six constructs of individuals’ attitude towards personal data: protective behaviour, privacy concerns, cost-benefit, awareness, responsibility and security. This paper illustrates how the PDA scale can be a useful guide for information security research and design by briefly discussing the factor structure of the PDA and related results.

This study addresses a genuine gap in research by taking the first step towards establishing empirical evidence for dimensions underlying personal data attitudes. It also adds a significant benchmark to a growing body of literature on understanding and modelling computer users’ security behaviours.

A legal obligation to adopt reasonable information security procedures exists in a variety of laws around the world, such as the EU Data Directive (Directive 95/46), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and sectoral and state privacy laws in the U.S. The latter include security breach notification laws, and laws establishing a general duty of security. This paper compares and contrasts the privacy and information security landscape inside and outside the U.S. and offers suggestions for corporate “best practices” in data security designed to enhance consumer trust and minimize liability.

Rapid technological advancements present many opportunities in the way people work, communicate and conduct business. That growth is especially prevalent in the World Wide Web. In the last five years, the Internet has expanded the market place to a global arena. More and more companies are conducting business online. Multinational corporations are becoming extremely dependent on the exchange of information across the Internet. As information flows across national borders, the concern for data security increases. Accordingly, personal data and business transactions collected by international companies are no longer safe once they enter the realm of the Internet. This paper addresses privacy concerns of e‐commerce customers, the security regulations imposed on multinational companies transferring data across international boundaries, and the risks of not complying with data protection regulations.

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of academic users regarding cloud security and technical issues and how such problems may influence their continuous use in daily life.

This qualitative study used a semi-structured interview approach comprising six main open-ended questions to explore the information security and technical issues for the continuous use of cloud storage services by 20 undergraduate students in Hong Kong.

The analysis revealed cloud storage service users' major security and technical concerns, particularly synchronization and backup issues, were the most significant technical barrier to the continuing personal use of cloud storage services.

Existing literature has focused on how cloud computing services could bring benefits and security and privacy-related risks to organizations rather than security and technical issues of personal use, especially in the Asian academic context.

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.

The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.

The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.

The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.

This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.

The study focusses on the legal issues surrounding artificial intelligence (AI), which are being investigated and debated about several European Union initiatives to manage and regulate Information and Communication Technologies. The goal is to discuss the benefits and drawbacks of adopting AI technology and the ramifications for the articulations of law and politics in democratic constitutional countries. Thus, the study aims to identify socio-legal concerns and possible solutions to protect individuals’ interests. The exploratory study is based on statutes, rules, and committee reports. The study has used news pieces, reports issued by organisations and legal websites. The study revealed computer security vulnerabilities, unfairness, bias and discrimination, and legal personhood and intellectual property issues. Issues with privacy and data protection, liability for harm, and lack of accountability will all be discussed. The vulnerability framework is utilised in this chapter to strengthen comprehension of key areas of concern and to motivate risk and impact mitigation solutions to safeguard human welfare. Given the importance of AI’s effects on weak individuals and groups as well as their legal rights, this chapter contributes to the discourse, which is essential. The chapter advances the conversation while appreciating the legal work done in AI and the fact that this sector needs constant review and flexibility. As AI technology advances, new legal challenges, vulnerabilities, and implications for data privacy will inevitably arise, necessitating increased monitoring and research.

This paper aims to investigate the cooperative governance mechanisms for personal information security, which can help enrich digital governance research and provide a reference for the formulation of protection policies for personal information security.

This paper constructs an evolutionary game model consisting of regulators, digital enterprises and consumers, which is combined with the simulation method to examine the influence of different factors on personal information protection and governance.

The results reveal seven stable equilibrium strategies for personal information security within the cooperative governance game system. The non-compliant processing of personal information by digital enterprises can damage the rights and interests of consumers. However, the combination of regulatory measures implemented by supervisory authorities and the rights protection measures enacted by consumers can effectively promote the self-regulation of digital enterprises. The reputation mechanism exerts a restricting effect on the opportunistic behaviour of the participants.

The authors focus on the regulation of digital enterprises and do not consider the involvement of malicious actors such as hackers, and the authors will continue to focus on the game when assessing the governance of malicious actors in subsequent research.

This study's results enhance digital governance research and offer a reference for developing policies that protect personal information security.

This paper builds an analytical framework for cooperative governance for personal information security, which helps to understand the decision-making behaviour and motivation of different subjects and to better address issues in the governance for personal information security.

This paper aims to extend the technology acceptance model (TAM) to explore the factors influencing a hotel customer’s intention to use a fingerprint system instead of a traditional keycard system and the moderating factors (i.e. gender and age) on the relationships between the proposed factors and the customer’s intention to use fingerprint technology. When hotels add new technologies, the potential vulnerability of their systems also increases. Underestimating such risks can possibly result in massive losses from identity theft and related fraud for hoteliers. Customers who are aware of these risks may become more open to innovative methods of identification or verification, such as biometrics.

The online survey instrument was developed based on TAMs. The authors collected complete 526 responses from hotel customers and tested the hypotheses using structural equation modeling.

This study found seven factors (i.e. perceived usefulness, perceived ease of use, subjective norm, perceived convenience, perceived data security, perceived property security and personal concerns) which significantly influence a hotel customer’s intention to use fingerprint technology. Gender and age played important moderating roles in the relationships between some of these factors and the intention to use.

Recommendations are made as to how hotels can benefit from the implementation of biometrics, particularly fingerprint systems. For example, a hotel’s marketing campaign can be more effective by emphasizing the advantages of fingerprint technology related to “data security and convenience” for younger consumers (i.e. Gen X and Gen Y).

Both educators and practitioners will benefit from the findings of this empirical study, as there are very few published studies on a customer’s fingerprint technology acceptance in the hotel context.