Paul J. Hart

An Extended Privacy Calculus Model for E-Commerce Transactions

While privacy is a highly cherished value, few would argue with the notion that absolute privacy is unattainable. Individuals make choices in which they surrender a certain degree of privacy in exchange for outcomes that are perceived to be worth the risk of information disclosure. This research attempts to better understand the delicate balance between privacy risk beliefs and confidence and enticement beliefs that influence the intention to provide personal information necessary to conduct transactions on the Internet. A theoretical model that incorporated contrary factors representing elements of a privacy calculus was tested using data gathered from 369 respondents. Structural equations modeling (SEM) using LISREL validated the instrument and the proposed model. The results suggest that although Internet privacy concerns inhibit e-commerce transactions, the cumulative influence of Internet trust and personal Internet interest are important factors that can outweigh privacy risk perceptions in the decision to disclose personal information when an individual uses the Internet. These findings provide empirical support for an extended privacy calculus model.

Internet privacy concerns and their antecedents - measurement validity and a regression model

This research focuses on the development and validation of an instrument to measure the privacy concerns of individuals who use the Internet and two antecedents, perceived vulnerability and perceived ability to control information. The results of exploratory factor analysis support the validity of the measures developed. In addition, the regression analysis results of a model including the three constructs provide strong support for the relationship between perceived vulnerability and privacy concerns, but only moderate support for the relationship between perceived ability to control information and privacy concerns. The latter unexpected results suggest that the relationship among the hypothesized antecedents and privacy concerns may be one that is more complex than is captured in the hypothesized model, in light of the strong theoretical justification for the role of information control in the extant literature on information privacy.

Internet Privacy Concerns and Social Awareness as Determinants of Intention to Transact

This study focuses on antecedents to Internet privacy concerns and the behavioral intention to conduct on-line transactions. Perceptions of privacy are socially constructed through communication and transactions with social entities over a networked environment, a process that involves a certain level of technical skill and literacy. The research model specifies that social awareness and Internet literacy are related to both Internet privacy and intention to transact. Survey data collected from 422 respondents were analyzed using structural equation modeling (SEM) with LISREL and provided support for the hypothesized relationships. Social awareness was positively related and Internet literacy was negatively related to Internet privacy concerns. Moreover, Internet privacy concerns were negatively related and Internet literacy positively related to intention to transact on-line. This research explores the two alternative antecedents to Internet privacy concerns and intention to engage in e-commerce activity and contributes to our understanding of Internet privacy and its importance in the global information environment. The construct of social awareness can be broadened to develop a much-needed construct of awareness in MIS research related to the voluntary usage of information technology. A segmentation of Internet users with respect to privacy concerns is also proposed.

Privacy calculus model in e-commerce – a study of Italy and the United States

This study examines cross-cultural differences beliefs related to e-commerce use for Italy and the United States. We argue that for both cultures, the users decision to make an online purchase is simultaneously influenced by a set of contrary factors. These include decision facilitators such as propensity to trust and institutional trust, and decision inhibitors such as perceived risk and privacy concerns. We argue that substantial cultural differences exist that affect the above factors and the relationships among them. We use Hofstedes cultural theory and Fukuyamas theory of trust and social capital, along with emic factors important for the Italian society, to develop the studys propositions. The hypotheses were empirically tested using LISREL structural equation modeling and multigroup analysis. The results revealed that the Italian society exhibited lower propensity to trust, institutional trust, privacy concerns, and higher perceived risk. The relationships between institutional trust and e-commerce use, privacy concerns and e-commerce use, and perceived risk and institutional trust are all weaker for Italy. The relationship between perceived risk and privacy concerns is stronger for Italy. The papers major contribution is in validating an important model of e-commerce use across two cultures and showing the moderating effects of culture.

Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture*

We develop an individual behavioral model that integrates the role of top management and organizational culture into the theory of planned behavior in an attempt to better understand how top management can influence security compliance behavior of employees. Using survey data and structural equation modeling, we test hypotheses on the relationships among top management participation, organizational culture, and key determinants of employee compliance with information security policies. We find that top management participation in information security initiatives has significant direct and indirect influences on employees’ attitudes towards, subjective norm of, and perceived behavioral control over compliance with information security policies. We also find that the top management participation strongly influences organizational culture which in turn impacts employees’ attitudes towards and perceived behavioral control over compliance with information security policies. Furthermore, we find that the effects of top management participation and organizational culture on employee behavioral intentions are fully mediated by employee cognitive beliefs about compliance with information security policies. Our findings extend information security research literature by showing how top management can play a proactive role in shaping employee compliance behavior in addition to the deterrence oriented remedies advocated in the extant literature. Our findings also refine the theories about the role of organizational culture in shaping employee compliance behavior. Significant theoretical and practical implications of these findings are discussed.

The role of external and internal influences on information systems security - a neo-institutional perspective

This research is an attempt to better understand how external and internal organizational influences shape organizational actions for improving information systems security. A case study of a multi-national company is presented and then analyzed from the perspective of neo-institutional theory. The analysis indicates that coercive, normative, and mimetic isomorphic processes were evident, although it was difficult to distinguish normative from mimetic influences. Two internal forces related to work practices were identified representing resistance to initiatives to improve security: the institutionalization of work mobility and the institutionalization of efficiency outcomes expected with the adoption of company initiatives, especially those involving information technology. The interweaving of top-down and bottom-up influences resulted in an effort to reinforce, and perhaps reinstitutionalize the systems component of information security. The success of this effort appeared to hinge on top management championing information system security initiatives and propagating an awareness of the importance of information security among employees at all levels of the company. The case shows that while regulatory forces, such as the Sarbanes-Oxley Act, are powerful drivers for change, other institutional influences play significant roles in shaping the synthesis of organizational change.

Information Privacy and Correlates: An Empirical Attempt to Bridge and Distinguish Privacy-Related Concepts

Privacy is one of the few concepts that has been studied across many disciplines, but is still difficult to grasp. The current understanding of privacy is largely fragmented and discipline-dependent. This study develops and tests a framework of information privacy and its correlates, the latter often being confused with or built into definitions of information privacy per se. Our framework development was based on the privacy theories of Westin and Altman, the economic view of the privacy calculus, and the identity management framework of Zwick and Dholakia. The dependent variable of the model is perceived information privacy. The particularly relevant correlates to information privacy are anonymity, secrecy, confidentiality, and control. We posit that the first three are tactics for information control; perceived information control and perceived risk are salient determinants of perceived information privacy; and perceived risk is a function of perceived benefits of information disclosure, information sensitivity, importance of information transparency, and regulatory expectations. The research model was empirically tested and validated in the Web 2.0 context, using a survey of Web 2.0 users. Our study enhances the theoretical understanding of information privacy and is useful for privacy advocates, and legal, management information systems, marketing, and social science scholars.

National Culture and Information Technology Product Adoption

Abstract National culture is likely to play a role in Information Technology (IT) adoption. Data from a large scale study of national culture are used to predict the adoption of six information technologies -- PC, Telephone, Cell Phone, Fax, the Internet, and Pager — over a ten year period in thirty one nations. The results show that even after controlling for national economic and social differences, national cultural dimensions significantly predict most IT product adoptions.

Inter-organization networks, computer integration, and shifts in interdependence: the case of the semiconductor industry

Inter-orgamzation computer networks (IONS) provide significant opportunities for Improving coordination between firms engaged in mutually dependent activities. A field study of the use and impact of IONS in the semiconductor industry 1s presented m this paper Eighty-two interviews were conducted m twelve firms (seven semiconductor producers and five merchant mask shops) providing data on current as well as anticipated ION use. We found that greater efficiencies are possible when IONS are used as substitutes for conventional media. But more effective ION use is achievable when internal computer integration within participating firms is implemented. The implication of this otherwise straightforward observation is that firms using computer networks only as a substitute for conventional methods of exchange will not achieve the degree of inter-organization coordination IONS can support However, while IONS improve coordination and reduce some production and transaction costs, they simultaneously increase certain costs associated with estabhshing and maintaining contracts with customers. These costs are new dependencies. Dependencies emerge from using IONS to access computer resources, and information generated by those resources, located in other firms. In this way IONS increase interorganization coordination and vulnerabiht y simultaneously, The long term lrnphcatlon of ION adoption is that their use shifts the nature of interdependence between participating firms

A Path to Successful IT Outsourcing: Interaction Between Service‐Level Agreements and Commitment

Although service-level agreements (SLAs) are important for IT outsourcing management, appropriate mechanisms for constructing effective SLAs are still poorly understood, leading to inadequate or overcomplicated contracts that are ineffective. This study examines the associations among three distinct sets of SLA characteristics and outsourcing success, as well as the role of commitment in these relationships. Analyzing survey data based on a model theorizing the alignment of SLA characteristics with intended outsourcing objectives, we find that different types of benefits attained through IT outsourcing arrangements are associated with the use of specific contractual dimensions. We also find that commitment, in general, moderates the impact of SLAs on outsourcing success, although the nature of the moderation varies with the different benefits IT outsourcing engagement is intended to achieve. Interestingly, in certain cases—change characteristics for achieving technology benefits, in particular—commitment can be a barrier to the effective use of SLAs in achieving intended outsourcing benefits. As such, our study extends the literature on IT outsourcing, contracting and commitment, as well as provides a general guideline for practitioners to structure effective SLAs and to properly use commitment for managing IT outsourcing engagements to successfully achieve intended benefits.