Proactive Privacy Practices in the Trend of Ubiquitous Services: An Empirical Study

Wang, Shu-Ching

02 July 2011

Privacy is a strategic issue so that much attention has been constantly devoted to information privacy in response to competitive pressure in dynamic marketplace, particularly in the trend of e-business settings. Ubiquitous services (u-services) are recognized as the logical extension of e-/m-services because they can be initiated by e- and further propagated by m-services (Junglas & Watson 2006). In u-services context, customers are always connected seamlessly in context-awareness networks so the higher degree of customized and personalized services can be timely served. Likewise, customers may also well be aware of privacy threats behind that. Consequently, privacy issues are identified as a key hindrance for booming u-services. While a large body of studies focusing on privacy issues have examined relevant factors influence customer decision making such as customer beliefs (i.e. trust and risk), privacy concerns, the representations of privacy statement, and even the privacy calculus, this study aims to explore a theoretical proactive privacy practice model (PPPM) as a guideline for an e-services provider (ESP) initiating its privacy practices to its customers to enhance voluntary information disclosure. Drawing upon integrative social contracts theory, the proposed PPPM embraced technical and non-technical elements such as human, legal, and economic relevant perspectives, that is, e-services providers¡¦ proactive privacy governance, and customer perceived value and competitive strategies for u-services. An empirical survey was conducted in a B2C e-services context to examine the relationships among these constructs. The results indicate that there are significant relationships between those three antecedents and disclosure willingness respectively. Meanwhile, the moderating effect of competitive strategies significantly and positively associates with proactive privacy governance and disclosure willingness. These findings not only broaden current knowledge of the disclosure behavior but also allow ESPs to strategically manage privacy and leverage privacy protection for a competitive advantage and identify the strengths and weaknesses of their current privacy mechanisms, guiding them to develop more proactive and prominent privacy practices for extending their businesses to future u-services or u-businesses.

Proactive privacy practice

Proactive privacy governance

Electronic services

Mobile services

Ubiquitous services

Disclosure willingness

Integrative social contracts theory

Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readiness

Stauber, Sebastian

January 2018

The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.

GDPR

Privacy

Data Protection

Information Security

Privacy Governance

Information Governance

IS Governance

IT Governance

IT Compliance

GDPR Implementation

Privacy Regulation

Economics and Business

Ekonomi och näringsliv