Search results
1 – 10 of over 5000
The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.
Abstract
Purpose
The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.
Design/methodology/approach
The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.
Findings
Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.
Research limitations/implications
The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.
Originality/value
Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.
Details
Keywords
The purpose of this paper is to explain the role of trust in cloud computing services based on empirical evidence from interviewing executives of financial institutions in Ghana…
Abstract
Purpose
The purpose of this paper is to explain the role of trust in cloud computing services based on empirical evidence from interviewing executives of financial institutions in Ghana. The paper answers the questions: what is the role of trust in cloud computing service acquisition, and what policies promote trusted cloud computing services?
Design/methodology/approach
This is an explanatory paper that is based on literature review and empirical data on exploring reasons for cloud computing service acquisitions. A combination of interviews and focus group discussions was used as methods for data collection. Information technology and electronic banking executives of five major commercial banks in Accra, Ghana, between January and July 2013 were interviewed. A total of ten respondents were interviewed, two in each of the selected banks. A purposive sampling technique was used in the selection of informants. This approach allows the selection of qualified informants to ensure extensiveness and diversity of opinion.
Findings
Although previous literature proffers various factors as key to cloud computing adoption, uses or provisioning, this study brings trust to the fore as an imperative for cloud computing service acquisition by financial institutions. It also shows that trust increases if users perceive that cloud computing service providers act in honesty and in users’ interest, making trust a fundamental factor that informs financial institutions’ decision to acquire cloud computing services.
Research limitations/implications
The research introduces a new dimension about the widely held perceptions of the factors that influence adoption of cloud computing services.
Practical implications
Developers of cloud computing solutions that are targeted at corporate users must focus on systems that enhances their trustworthiness, as it is a primary criteria for user buy-in. Similarly, any trust-building effort by cloud computing service providers minimizes users’ concerns and pushes the services providers closer to the trust threshold.
Originality/value
The paper outlines the trust factors that are imperative for cloud computing uses by financial institutions. This is one of the pioneering papers that address trust issues in cloud computing from the perspective of financial institutions.
Details
Keywords
The purpose of this conceptual paper is to delve into the implications of blockchain technology adoption for brands and consumers. Drawing on the existing branding literature and…
Abstract
Purpose
The purpose of this conceptual paper is to delve into the implications of blockchain technology adoption for brands and consumers. Drawing on the existing branding literature and real-life applications of blockchain, the challenges, risks and opportunities from blockchain adoption for four important areas of the branding literature are canvassed (i.e. brand positioning and corporate brand image, consumer–brand relationships, online brand communication and consumers’ trust in the brand). Also, a future-oriented discussion is provided that highlights some important avenues for researchers in the field.
Design/methodology/approach
This conceptual paper sheds light on the potential implications of blockchain technology for brand–consumer relationships. To do so, an analytical review of the blockchain literature is conducted, the nature of blockchain technology is presented and its unique features and functions for brand–consumer interactions are discussed.
Findings
This paper ignites an exploratory discussion around how blockchain applications and platforms can affect consumer–brand relationships, drawing on a number of real-life examples of blockchain adoption. This discussion sheds light on how blockchain features can impact on various areas of interest for strategic brand management, such as the adoption of digital currencies, brand storytelling, use of blockchain-enabled loyalty programmes, role of intermediaries in online advertising, counterfeit consumption, brand transparency and trust for brands in online marketplaces, amongst others.
Originality/value
This is one of the first conceptual efforts in the branding literature that draws on the scarce existing knowledge around blockchain adoption and discusses the potential implications of blockchain technology for brands and consumers whilst also providing directions for future research.
Details
Keywords
– The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation.
Abstract
Purpose
The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation.
Design/methodology/approach
The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes.
Findings
There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a “compliance action framework” which builds on work existing in other domains in relation to education, process control and governance.
Research limitations/implications
The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field.
Originality/value
The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection.
Details
Keywords
Majed Alshammari and Andrew Simpson
Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers…
Abstract
Purpose
Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances.
Design/methodology/approach
The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance.
Findings
The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.
Originality/value
First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.
Details
Keywords
Anca C. Yallop, Oana A. Gică, Ovidiu I. Moisescu, Monica M. Coroș and Hugues Séraphin
Big data and analytics are being increasingly used by tourism and hospitality organisations (THOs) to provide insights and to inform critical business decisions. Particularly in…
Abstract
Purpose
Big data and analytics are being increasingly used by tourism and hospitality organisations (THOs) to provide insights and to inform critical business decisions. Particularly in times of crisis and uncertainty data analytics supports THOs to acquire the knowledge needed to ensure business continuity and the rebuild of tourism and hospitality sectors. Despite being recognised as an important source of value creation, big data and digital technologies raise ethical, privacy and security concerns. This paper aims to suggest a framework for ethical data management in tourism and hospitality designed to facilitate and promote effective data governance practices.
Design/methodology/approach
The paper adopts an organisational and stakeholder perspective through a scoping review of the literature to provide an overview of an under-researched topic and to guide further research in data ethics and data governance.
Findings
The proposed framework integrates an ethical-based approach which expands beyond mere compliance with privacy and protection laws, to include other critical facets regarding privacy and ethics, an equitable exchange of travellers’ data and THOs ability to demonstrate a social license to operate by building trusting relationships with stakeholders.
Originality/value
This study represents one of the first studies to consider the development of an ethical data framework for THOs, as a platform for further refinements in future conceptual and empirical research of such data governance frameworks. It contributes to the advancement of the body of knowledge in data ethics and data governance in tourism and hospitality and other industries and it is also beneficial to practitioners, as organisations may use it as a guide in data governance practices.
Details
Keywords
Muhammad Al-Abdullah, Izzat Alsmadi, Ruwaida AlAbdullah and Bernie Farkas
The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a…
Abstract
Purpose
The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.
Design/methodology/approach
The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.
Findings
The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.
Research limitations/implications
The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.
Practical implications
The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.
Originality/value
With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.
Details
Keywords
Ghulam Mustafa, Waqas Rafiq, Naveed Jhamat, Zeeshan Arshad and Farhana Aziz Rana
This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and…
Abstract
Purpose
This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.
Design/methodology/approach
The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.
Findings
The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.
Research limitations/implications
Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.
Practical implications
The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.
Social implications
Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.
Originality/value
This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.
Details
Keywords
This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’…
Abstract
Purpose
This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy.
Design/methodology/approach
A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers.
Findings
The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities.
Research limitations/implications
This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers.
Originality/value
This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.
Details
Keywords
This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information…
Abstract
Purpose
This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.
Design/methodology/approach
A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.
Findings
The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.
Practical implications
Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.
Originality/value
The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.
Details