Tamara Dinev

An Extended Privacy Calculus Model for E-Commerce Transactions

While privacy is a highly cherished value, few would argue with the notion that absolute privacy is unattainable. Individuals make choices in which they surrender a certain degree of privacy in exchange for outcomes that are perceived to be worth the risk of information disclosure. This research attempts to better understand the delicate balance between privacy risk beliefs and confidence and enticement beliefs that influence the intention to provide personal information necessary to conduct transactions on the Internet. A theoretical model that incorporated contrary factors representing elements of a privacy calculus was tested using data gathered from 369 respondents. Structural equations modeling (SEM) using LISREL validated the instrument and the proposed model. The results suggest that although Internet privacy concerns inhibit e-commerce transactions, the cumulative influence of Internet trust and personal Internet interest are important factors that can outweigh privacy risk perceptions in the decision to disclose personal information when an individual uses the Internet. These findings provide empirical support for an extended privacy calculus model.

Information privacy research: an interdisciplinary review

To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual, group, organizational, and societal. Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships. As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive--could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents → Privacy Concerns → Outcomes).

Internet privacy concerns and their antecedents - measurement validity and a regression model

This research focuses on the development and validation of an instrument to measure the privacy concerns of individuals who use the Internet and two antecedents, perceived vulnerability and perceived ability to control information. The results of exploratory factor analysis support the validity of the measures developed. In addition, the regression analysis results of a model including the three constructs provide strong support for the relationship between perceived vulnerability and privacy concerns, but only moderate support for the relationship between perceived ability to control information and privacy concerns. The latter unexpected results suggest that the relationship among the hypothesized antecedents and privacy concerns may be one that is more complex than is captured in the hypothesized model, in light of the strong theoretical justification for the role of information control in the extant literature on information privacy.

Internet Privacy Concerns and Social Awareness as Determinants of Intention to Transact

This study focuses on antecedents to Internet privacy concerns and the behavioral intention to conduct on-line transactions. Perceptions of privacy are socially constructed through communication and transactions with social entities over a networked environment, a process that involves a certain level of technical skill and literacy. The research model specifies that social awareness and Internet literacy are related to both Internet privacy and intention to transact. Survey data collected from 422 respondents were analyzed using structural equation modeling (SEM) with LISREL and provided support for the hypothesized relationships. Social awareness was positively related and Internet literacy was negatively related to Internet privacy concerns. Moreover, Internet privacy concerns were negatively related and Internet literacy positively related to intention to transact on-line. This research explores the two alternative antecedents to Internet privacy concerns and intention to engage in e-commerce activity and contributes to our understanding of Internet privacy and its importance in the global information environment. The construct of social awareness can be broadened to develop a much-needed construct of awareness in MIS research related to the voluntary usage of information technology. A segmentation of Internet users with respect to privacy concerns is also proposed.

Privacy calculus model in e-commerce – a study of Italy and the United States

This study examines cross-cultural differences beliefs related to e-commerce use for Italy and the United States. We argue that for both cultures, the users decision to make an online purchase is simultaneously influenced by a set of contrary factors. These include decision facilitators such as propensity to trust and institutional trust, and decision inhibitors such as perceived risk and privacy concerns. We argue that substantial cultural differences exist that affect the above factors and the relationships among them. We use Hofstedes cultural theory and Fukuyamas theory of trust and social capital, along with emic factors important for the Italian society, to develop the studys propositions. The hypotheses were empirically tested using LISREL structural equation modeling and multigroup analysis. The results revealed that the Italian society exhibited lower propensity to trust, institutional trust, privacy concerns, and higher perceived risk. The relationships between institutional trust and e-commerce use, privacy concerns and e-commerce use, and perceived risk and institutional trust are all weaker for Italy. The relationship between perceived risk and privacy concerns is stronger for Italy. The papers major contribution is in validating an important model of e-commerce use across two cultures and showing the moderating effects of culture.

Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture*

We develop an individual behavioral model that integrates the role of top management and organizational culture into the theory of planned behavior in an attempt to better understand how top management can influence security compliance behavior of employees. Using survey data and structural equation modeling, we test hypotheses on the relationships among top management participation, organizational culture, and key determinants of employee compliance with information security policies. We find that top management participation in information security initiatives has significant direct and indirect influences on employees’ attitudes towards, subjective norm of, and perceived behavioral control over compliance with information security policies. We also find that the top management participation strongly influences organizational culture which in turn impacts employees’ attitudes towards and perceived behavioral control over compliance with information security policies. Furthermore, we find that the effects of top management participation and organizational culture on employee behavioral intentions are fully mediated by employee cognitive beliefs about compliance with information security policies. Our findings extend information security research literature by showing how top management can play a proactive role in shaping employee compliance behavior in addition to the deterrence oriented remedies advocated in the extant literature. Our findings also refine the theories about the role of organizational culture in shaping employee compliance behavior. Significant theoretical and practical implications of these findings are discussed.

Does deterrence work in reducing information security policy abuse by employees

Methods for evaluating and effectively managing the security behavior of employees.

User behaviour towards protective information technologies: the role of national cultural differences

Computer technologies that protect data and systems from viruses, unauthorized access, disruptions, spyware and other threats have become increasingly important in the globally networked economy and society. Yet little is known about user attitudes and behaviour towards this category of information technologies. Comparative studies across different cultures in this context are even rarer. In this study, we examine the cross‐cultural differences between South Korea and the United States in user behaviour towards protective information technologies. We develop a theoretical model of user behaviour based on the framework of the theory of planned behaviour and national cultural dimensions and indices. We posit that cultural factors moderate the strength of the relationships in the behavioural model in the context of protective information technologies. The model was then empirically tested using structural equation modelling techniques in conjunction with multi‐group analysis. Most of the hypothesized moderating effects of national cultural factors were found to be statistically significant. Our findings suggest that cultural factors should be considered in order to design effective information security policies, practices and technologies in global networks where multiple cultures coexist. Theoretical and practical implications of the study are discussed.

Information Privacy and Correlates: An Empirical Attempt to Bridge and Distinguish Privacy-Related Concepts

Privacy is one of the few concepts that has been studied across many disciplines, but is still difficult to grasp. The current understanding of privacy is largely fragmented and discipline-dependent. This study develops and tests a framework of information privacy and its correlates, the latter often being confused with or built into definitions of information privacy per se. Our framework development was based on the privacy theories of Westin and Altman, the economic view of the privacy calculus, and the identity management framework of Zwick and Dholakia. The dependent variable of the model is perceived information privacy. The particularly relevant correlates to information privacy are anonymity, secrecy, confidentiality, and control. We posit that the first three are tactics for information control; perceived information control and perceived risk are salient determinants of perceived information privacy; and perceived risk is a function of perceived benefits of information disclosure, information sensitivity, importance of information transparency, and regulatory expectations. The research model was empirically tested and validated in the Web 2.0 context, using a survey of Web 2.0 users. Our study enhances the theoretical understanding of information privacy and is useful for privacy advocates, and legal, management information systems, marketing, and social science scholars.

Is spyware an Internet nuisance or public menace

Recent media attention to spyware [2, 5, 7, 8] has brought to light the blunt intrusion into individual privacy and the uncertain hidden cost of free access to Internet sites, along with freeware and shareware. Most spyware programs belong to the more benign category of adware that delivers targeted pop-up ads based on a users Web surfing habits. The more malicious type of spyware tracks each keystroke of the user and sends that information to its proprietors. Such information could be used for legitimate data mining purposes or it could be abused by others for identity theft and financial crimes.