Search results

The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.

The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.

Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.

The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.

Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.

The purpose of this paper is to explain the role of trust in cloud computing services based on empirical evidence from interviewing executives of financial institutions in Ghana. The paper answers the questions: what is the role of trust in cloud computing service acquisition, and what policies promote trusted cloud computing services?

This is an explanatory paper that is based on literature review and empirical data on exploring reasons for cloud computing service acquisitions. A combination of interviews and focus group discussions was used as methods for data collection. Information technology and electronic banking executives of five major commercial banks in Accra, Ghana, between January and July 2013 were interviewed. A total of ten respondents were interviewed, two in each of the selected banks. A purposive sampling technique was used in the selection of informants. This approach allows the selection of qualified informants to ensure extensiveness and diversity of opinion.

Although previous literature proffers various factors as key to cloud computing adoption, uses or provisioning, this study brings trust to the fore as an imperative for cloud computing service acquisition by financial institutions. It also shows that trust increases if users perceive that cloud computing service providers act in honesty and in users’ interest, making trust a fundamental factor that informs financial institutions’ decision to acquire cloud computing services.

The research introduces a new dimension about the widely held perceptions of the factors that influence adoption of cloud computing services.

Developers of cloud computing solutions that are targeted at corporate users must focus on systems that enhances their trustworthiness, as it is a primary criteria for user buy-in. Similarly, any trust-building effort by cloud computing service providers minimizes users’ concerns and pushes the services providers closer to the trust threshold.

The paper outlines the trust factors that are imperative for cloud computing uses by financial institutions. This is one of the pioneering papers that address trust issues in cloud computing from the perspective of financial institutions.

The purpose of this conceptual paper is to delve into the implications of blockchain technology adoption for brands and consumers. Drawing on the existing branding literature and real-life applications of blockchain, the challenges, risks and opportunities from blockchain adoption for four important areas of the branding literature are canvassed (i.e. brand positioning and corporate brand image, consumer–brand relationships, online brand communication and consumers’ trust in the brand). Also, a future-oriented discussion is provided that highlights some important avenues for researchers in the field.

This conceptual paper sheds light on the potential implications of blockchain technology for brand–consumer relationships. To do so, an analytical review of the blockchain literature is conducted, the nature of blockchain technology is presented and its unique features and functions for brand–consumer interactions are discussed.

This paper ignites an exploratory discussion around how blockchain applications and platforms can affect consumer–brand relationships, drawing on a number of real-life examples of blockchain adoption. This discussion sheds light on how blockchain features can impact on various areas of interest for strategic brand management, such as the adoption of digital currencies, brand storytelling, use of blockchain-enabled loyalty programmes, role of intermediaries in online advertising, counterfeit consumption, brand transparency and trust for brands in online marketplaces, amongst others.

This is one of the first conceptual efforts in the branding literature that draws on the scarce existing knowledge around blockchain adoption and discusses the potential implications of blockchain technology for brands and consumers whilst also providing directions for future research.

The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation.

The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes.

There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a “compliance action framework” which builds on work existing in other domains in relation to education, process control and governance.

The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field.

The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection.

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances.

The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance.

The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.

First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.

Big data and analytics are being increasingly used by tourism and hospitality organisations (THOs) to provide insights and to inform critical business decisions. Particularly in times of crisis and uncertainty data analytics supports THOs to acquire the knowledge needed to ensure business continuity and the rebuild of tourism and hospitality sectors. Despite being recognised as an important source of value creation, big data and digital technologies raise ethical, privacy and security concerns. This paper aims to suggest a framework for ethical data management in tourism and hospitality designed to facilitate and promote effective data governance practices.

The paper adopts an organisational and stakeholder perspective through a scoping review of the literature to provide an overview of an under-researched topic and to guide further research in data ethics and data governance.

The proposed framework integrates an ethical-based approach which expands beyond mere compliance with privacy and protection laws, to include other critical facets regarding privacy and ethics, an equitable exchange of travellers’ data and THOs ability to demonstrate a social license to operate by building trusting relationships with stakeholders.

This study represents one of the first studies to consider the development of an ethical data framework for THOs, as a platform for further refinements in future conceptual and empirical research of such data governance frameworks. It contributes to the advancement of the body of knowledge in data ethics and data governance in tourism and hospitality and other industries and it is also beneficial to practitioners, as organisations may use it as a guide in data governance practices.

The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.

The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.

The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.

The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.

The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.

With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.

This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.

The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.

The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.

Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.

The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.

Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.

This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.

This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy.

A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers.

The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities.

This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers.

This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.

A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.

The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.

Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.

The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.