Search results

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.

A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.

The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.

One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.

Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.

The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.

This paper aims to present pertinent research challenges in the field of (big) data-informed policy-making based on the research, undertaken within the course of the European Union-funded project Big Policy Canvas. Technological advancements, especially in the past decade, have revolutionised the way that both every day and complex activities are conducted. It is, thus, expected that a particularly important actor such as the public sector, should constitute a successful disruption paradigm through the adoption of novel approaches and state-of-the-art information and communication technologies.

The research challenges stem from a need, trend and asset assessment based on qualitative and quantitative research, as well as from the identification of gaps and external framework factors that hinder the rapid and effective uptake of data-driven policy-making approaches.

The current paper presents a set of research challenges categorised in six main clusters, namely, public governance framework, privacy, transparency, trust, data acquisition, cleaning and representativeness, data clustering, integration and fusion, modelling and analysis with big data and data visualisation.

The paper provides a holistic overview of the interdisciplinary research challenges in the field of data-informed policy-making at a glance and shall serve as a foundation for the discussion of future research directions in a broader scientific community. It, furthermore, underlines the necessity to overcome isolated scientific views and treatments because of a high complex multi-layered environment.

The purpose of this paper is clearly illustrate this convergence and the prescriptive recommendations that such documents entail. There is a significant amount of research into the ethical consequences of artificial intelligence (AI). This is reflected by many outputs across academia, policy and the media. Many of these outputs aim to provide guidance to particular stakeholder groups. It has recently been shown that there is a large degree of convergence in terms of the principles upon which these guidance documents are based. Despite this convergence, it is not always clear how these principles are to be translated into practice.

In this paper, the authors move beyond the high-level ethical principles that are common across the AI ethics guidance literature and provide a description of the normative content that is covered by these principles. The outcome is a comprehensive compilation of normative requirements arising from existing guidance documents. This is not only required for a deeper theoretical understanding of AI ethics discussions but also for the creation of practical and implementable guidance for developers and users of AI.

In this paper, the authors therefore provide a detailed explanation of the normative implications of existing AI ethics guidelines but directed towards developers and organisational users of AI. The authors believe that the paper provides the most comprehensive account of ethical requirements in AI currently available, which is of interest not only to the research and policy communities engaged in the topic but also to the user communities that require guidance when developing or deploying AI systems.

The authors believe that they have managed to compile the most comprehensive document collecting existing guidance which can guide practical action but will hopefully also support the consolidation of the guidelines landscape. The authors’ findings should also be of academic interest and inspire philosophical research on the consistency and justification of the various normative statements that can be found in the literature.

This paper examines the impact of a blockchain platform on the role and importance of trust in established buyer-supplier relationships.

A literature review provides insight into trust development in supply chains. Research uses a case study of two wine supply chains: the producers, importers, logistics companies and UK Government agencies. Semi-structured interviews determine how trust and trustworthiness develop in buyer-supplier relationships and the impact of a blockchain-based technology proof of concept on supply chain trust.

A blockchain-based platform introduces common trusted data, reducing data duplication and improving supply chain visibility. The platform supports trust building between parties but does not replace the requirements for organisations to establish a position of trust. Contrary to literature claims for blockchain trustless disintermediation, new intermediaries are introduced who need to be trusted.

The case study presents challenges specific to UK customs borders, and research needs to be repeated in different contexts to establish if findings are generalisable.

A blockchain-based platform can improve supply chain efficiency and trust development but does not remove the need for trust and trust-building processes. Blockchain platform providers need to build a position of trust with all participants.

Case study research shows how blockchain facilitates but does not remove trust, trustworthiness and trust relationships in established supply chains. The reduction in information asymmetry and improved supply chain visibility provided by blockchain does not change the importance of trust in established buyer-supplier relationships or the trust-based policy of the UK Government at the customs border.

This paper aims that privacy research is divided in distinct communities and rarely considered as a singular field, harming its disciplinary identity. The authors collected 119.810 publications and over 3 million references to perform a bibliometric domain analysis as a quantitative approach to uncover the structures within the privacy research field.

The bibliometric domain analysis consists of a combined directed network and topic model of published privacy research. The network contains 83,159 publications and 462,633 internal references. A Latent Dirichlet allocation (LDA) topic model from the same dataset offers an additional lens on structure by classifying each publication on 36 topics with the network data. The combined outcomes of these methods are used to investigate the structural position and topical make-up of the privacy research communities.

The authors identified the research communities as well as categorised their structural positioning. Four communities form the core of privacy research: individual privacy and law, cloud computing, location data and privacy-preserving data publishing. The latter is a macro-community of data mining, anonymity metrics and differential privacy. Surrounding the core are applied communities. Further removed are communities with little influence, most notably the medical communities that make up 14.4% of the network. The topic model shows system design as a potentially latent community. Noteworthy is the absence of a centralised body of knowledge on organisational privacy management.

This is the first in-depth, quantitative mapping study of all privacy research.

This paper outlines the development of a validated questionnaire for assessing information security behaviour. The purpose of this paper is to present data from the questionnaire validation process and the quantitative study results.

Data obtained through a quantitative survey (N = 263) at a South African university were used to validate the questionnaire.

Exploratory factor analysis produced 11 factors. Cronbach’s alpha for the 11 factors were all above 0.7, suggesting that the questionnaire is valid and reliable. The responses show that autonomy questions received positive perception, followed by competence questions and lastly relatedness questions. The correlation analysis results show that there was a statistically significant relationship between competence factors and autonomy factors. There was a partial significant relationship between autonomy and relatedness factors, and between competence and relatedness factors. The study results suggest that competence and autonomy could be more important than relatedness in fostering information security behaviour among employees.

This study used a convenience sampling, a cross-sectional design, and was carried out in a single organisation. This could pose limitations when generalising the study results. Future studies could use random sampling and consider other universities for further validation.

Universities can use the questionnaire to identify developmental areas to improve information security from a behaviour perspective.

This paper provides a research instrument for assessing information security behaviour from the perspective of the self-determination theory.

Big data and analytics are being increasingly used by tourism and hospitality organisations (THOs) to provide insights and to inform critical business decisions. Particularly in times of crisis and uncertainty data analytics supports THOs to acquire the knowledge needed to ensure business continuity and the rebuild of tourism and hospitality sectors. Despite being recognised as an important source of value creation, big data and digital technologies raise ethical, privacy and security concerns. This paper aims to suggest a framework for ethical data management in tourism and hospitality designed to facilitate and promote effective data governance practices.

The paper adopts an organisational and stakeholder perspective through a scoping review of the literature to provide an overview of an under-researched topic and to guide further research in data ethics and data governance.

The proposed framework integrates an ethical-based approach which expands beyond mere compliance with privacy and protection laws, to include other critical facets regarding privacy and ethics, an equitable exchange of travellers’ data and THOs ability to demonstrate a social license to operate by building trusting relationships with stakeholders.

This study represents one of the first studies to consider the development of an ethical data framework for THOs, as a platform for further refinements in future conceptual and empirical research of such data governance frameworks. It contributes to the advancement of the body of knowledge in data ethics and data governance in tourism and hospitality and other industries and it is also beneficial to practitioners, as organisations may use it as a guide in data governance practices.

This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.

The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.

The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.

Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.

The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.

Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.

This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.

The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation.

The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes.

There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a “compliance action framework” which builds on work existing in other domains in relation to education, process control and governance.

The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field.

The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection.