Search results
1 – 2 of 2Efrosini Siougle, Sophia Dimelis and Nikolaos Malevris
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of…
Abstract
Purpose
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.
Design/methodology/approach
The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.
Findings
The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.
Practical implications
The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.
Originality/value
This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.
Details
Keywords
Princely Ifinedo, Francine Vachon and Anteneh Ayanso
This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.
Abstract
Purpose
This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.
Design/methodology/approach
A cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.
Findings
The exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.
Research limitations/implications
This study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.
Practical implications
The results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.
Originality/value
Antecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.
Details