Search results

In the online environment, consumers increasingly feel vulnerable due to firms’ expanding capabilities of collecting and using their data in an unsanctioned manner. Drawing from gossip theory, this research focuses on two key suppressors of consumer vulnerability: transparency and control. Previous studies conceptualize transparency and control from rationalistic approaches that overlook individual experiences and present a unidimensional conceptualization. This research aims to understand how individuals interpret transparency and control concerning privacy vulnerability in the online environment. Additionally, it explores strategic approaches to communicating the value of transparency and control.

An interpretivism paradigm and phenomenology were adopted in the research design. Data were collected through semi-structured interviews with 41 participants, including consumers and experts, and analyzed through thematic analysis.

The findings identify key conceptual dimensions of transparency and control by adapting justice theory. They also reveal that firms can communicate assurance, functional, technical and social values of transparency and control to address consumer vulnerability.

This research makes the following contributions to the data privacy literature. The findings exhibit multidimensional and comprehensive conceptualizations of transparency and control, including user, firm and information perspectives. Additionally, the conceptual framework combines empirical insights from both experiencers and observers to offer an understanding of how transparency and control serve as justice mechanisms to effectively tackle the issue of unsanctioned transmission of personal information and subsequently address vulnerability. Lastly, the findings provide strategic approaches to communicating the value of transparency and control.

The privacy paradox refers to the situation where users of online services continue to disclose personal information even when they are concerned about their privacy. One recent study of Facebook users published in Internet Research concludes that laziness contributes to the privacy paradox. The purpose of this study is to challenge the laziness explanation. To do so, we adopt a cognitive dispositions perspective and examine how a person’s external locus of control influences the privacy paradox, beyond the trait of laziness.

A mixed method approach is adopted. We first develop a research model which hypothesises the moderating effects of both laziness and external locus of control on privacy issues. We quantitatively test the research model through a two-phase survey of 463 Facebook users using the Hayes PROCESS macro. We then conduct a qualitative study to verify and develop the findings from the quantitative phase.

The privacy paradox holds true. The findings confirm the significant influence of external locus of control on the privacy paradox. While our quantitative findings suggest laziness does not affect the association between privacy concerns and self-disclosure, our qualitative data does provide some support for the laziness explanation.

Our study extends existing research by showing that a person’s external locus of control provides a stronger explanation for the privacy paradox than the laziness perspective. As such, this study further reveals the boundary conditions on which the privacy paradox exists for some users of social networking sites, but not others. Our study also suggests cognitive dissonance coping strategies, which are largely absent in prior investigations, may influence the privacy paradox.

The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management culture and HR records privacy control in organisations in Ghana.

Structural equation modelling was used in analysing the data. Following the specification of the model, three main types of analyses were carried out. They were reflective measurement model analyses to test reliability and validity; formative measurement model analyses to test redundancy, collinearity, significance and relevance of the lower-order constructs; and structural model analyses to ascertain the explanatory and predictive powers of the model, significance of the hypotheses and their effect sizes.

The study confirmed that communication, privacy awareness and training and risk assessment are dimensions of HR records management culture. Concerning the hypotheses, it was established that HR records management culture is related to HR records privacy control. Also, the study showed that employee experience positively moderated the relationship HR records management culture has with HR records privacy control. However, top management commitment negatively moderated the relationship HR records management culture has with HR records privacy control.

Organisations committed to the privacy control of HR records need to ensure the retention of their employees, as the longer they stay with the organisation, the more they embody the HR records management culture which improves the privacy control of HR records. For top management commitment, it should be restricted to providing strategic direction for HR records privacy control, as the day-to-day influence of top management commitment on the HR records management culture does not improve the privacy control of HR records.

This study demonstrates that communication, privacy awareness and training and risk assessment are dimensions of HR record management culture. Also, the extent of employee experience and top management commitment required in the relationship between HR records management culture and HR records privacy control is revealed.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

Past research shows that users of smart home devices (SHDs) have privacy concerns. These concerns have been validated from technical research that shows SHDs introduce a lot of privacy risks. However, there is limited research in addressing these concerns and risks. This paper aims to bridge this gap by informing the design of data-related privacy controls for SHDs.

In this paper, the authors follow a user-centered design approach to design data-related privacy controls from design requirements backed by literature. The authors test the design for usability and perceived information control using psychometrically validated scales. For this purpose, two variations of the prototype (MyCam1 with a listing of data-related privacy controls and MyCam2 with three privacy presets) were created and tested them in a between-subjects experimental setting. Study participants (n = 207) were recruited via Mechanical Turk and asked to use the prototype app. An online survey was distributed to the participants to measure some usability and privacy-related constructs.

Findings show that the presented prototype designs were usable and met the privacy control needs of users. The prototype design with privacy presets (MyCam2) was found to be significantly more usable than the list of privacy controls (MyCam1).

The findings of this paper are original and build on the paper presented at the International Symposium on Human Aspects of Information Security and Assurance (HAISA 2022). This paper contributes improved and usable designs of privacy controls for smart home applications.

The purpose of this research is to study the impact of reading a web site's privacy statement on the perceptions of control over privacy and trust in a cyber merchant.

Two experiments were designed to monitor the actual reading of the privacy statement. Study one compares the influence of actual reading with self‐reported claims. Study two manipulated the format of the privacy statement (opt‐in or opt‐out) and included a control condition to assess the influence of the presence of a privacy statement and the influence of the format on the dependent variables.

The findings show that the mere presence of a privacy statement has a positive influence on perceived control. However, reading the privacy statement does not necessarily have a positive influence on perceived control and trust, contrary to commonly held assumptions. Participants who read the opt‐in format felt significantly more control and trust than the participants who read the opt‐out format. The opt‐out format decreases perceived control compared with the group that did not read the privacy statement when it was available.

The sample size for both experiments was relatively modest, which limits the generalisability of the findings.

Cyber merchants should devote particular attention to the strategic role of the format of the privacy statement.

In contrast to other studies that relied on surveys, this paper assesses the impact of the actual reading of the privacy statement via an experimental approach. Moreover, the impact of the format of the privacy statement has been empirically tested.

This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs. The paper aims to discuss these issues.

The ontology-based access-control scheme is designed to fit two characteristics of blog activities: social relationships and tags. A laboratory experiment is conducted to assess the perceived privacy benefit and perceived ease of use of the two mechanisms.

Analytical results indicate that, with the ontology-based access-control scheme, users perceive more privacy benefit than with the password-protected access-control scheme. The perceived ease of use with the ontology-based and password-protected access-control systems did not differ significantly.

Cross-boundary collaborations need an appropriate approach to control communication access. Further study is required to evaluate the ontology-based access-control scheme applied in cross-organizational and cross-departmental collaborations.

From a knowledge management perspective, blogs can store personal and organizational knowledge and experiences. The ontology-based access-control scheme encourages knowledge sharing for appropriate persons.

The new ontology-based access-control mechanism can help online users keep secrets from selected people to gain more privacy benefits than the existing password-protected access-control mechanism.

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.

For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.

The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.

Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

Push notification service (PNS) is an important approach to distribute personalized information to users timely and is getting more and more popular. However, users' privacy concerns are a major inhibiting factor in their continuance usage of PNS. This study investigates the effect of privacy protection functions provided by PNS sites in enhancing users' perceived fairness on the basis of justice theory to mitigate users' concerns of information privacy. The mechanism underlying such influence on users' continuance usage of PNS comprises privacy concern and privacy-control self-efficacy.

Four scenario-based surveys are conducted to test the proposed hypotheses. The authors test the research model with a sample of 360 participants by ANOVA and PLS.

Results show that the proposed privacy protection functions have direct positive effects on users' privacy-control self-efficacy, negative effects on privacy concern and indirectly affect their continuance usage of PNS. Furthermore, the interaction effects between two approaches have different impacts on users' privacy concern and privacy-control self-efficacy.

This study provides some suggestions and guidance for PNS providers to design effective privacy protection technologies.