Self-Regulation Mechanisms in the Practice of Information Privacy

Lin, Hsing-Tzu

21 June 2003

Today, many privacy abuses can be traced to the lack of organization policies governing the conduct of the personnel who are in charge of managing the information systems. IT professionals, who are the most important gatekeepers to the information privacy practices, have the oversight responsibility for information privacy since they have the most extensive knowledge of their organization¡¦s systems and data. In this research, we have studied the impact of managerial policies concerning ethical codes and rewards/penalty perception on IS professionals¡¦ self-regulation capacity against privacy abuses. Specificially, based upon the Moment-of-Truth model and paradigm of self-regulation, we investigated how IS professionals¡¦ ethical judgment, subjective norm, privacy self-efficacy and intention may reciprocally interact with their business environment that was characterized by its use of ethical codes and the rewards/penalty system. We first proposed an ethical dicision model based on the paradigm of self-regulation and validated the appropriateness of this model for studying information privacy. We then demonstrated how the perception of the rewards/penalty may impact the ethical judgment, subjective norm, privacy self-efficay, and ethical intention. We discovered that the rewards/penalty perception had a moderating effect on the relationship between ethical judgment and intention, and that the ethical codes had the moderating effect on the relationship between privacy self-efficacy and intention.

IS Personnel

Self-Regulation Mechanism

Privacy

The Study of Customer Personal Data Protection

Huang, Li-Ying

30 August 2005

The Study of Customer Personal Data Protection In this customer-driven era, corporations and government agencies face the challenges from customers. If government and corporations can utilize the power of computers to manage the huge amount of personal data they have collected by storing and editing, data mining and customer relationship management can be put to use on services, customer cares, and marketing. This will increase the efficiency of government agencies and stimulate the development of economy. The government, corporations and the people all will be benefited from this move. However, while the organizations make large investments in the security of their computer systems to avoid the invasion of virus and hackers, the abuse and breach caused by the employees, contractors, and other legal users can compromise all the preventive measures. This study investigates the performance of customer personal data privacy protection. While discussing the regulations such as computer processing of personal data acts and Telecommunications Acts, the theory on which this study is based is Self-Regulation Mechanism. The Self-Regulation Mechanism can be applied to the self-monitoring, self-esteem, information ethics, and self-efficacy of the users who have access to the customer personal data. It can also be applied to the management of the customer personal data privacy at the organization level. This study gathered 432 valid surveys from the customer personal data users who are the customer service staffs in the telecommunication industry. With path analysis methodology, this study explores the interactions among the management of organization, personal privacy protection self-efficacy, and information ethics. With information ethics and self-efficacy as the intervening variable between the management of organization and protection performance, this study is set to clarify the level of impacts that these three items have over the performance of customer information privacy protection. Through the model validation, the customer personal data protection self-regulation mechanism proposed in this study demonstrates suitability and the management of organization also shows positive, direct and noticeable impacts. However, the effects of information ethics on privacy protection self-efficacy and those of self-efficacy on the performance of privacy protection are not obvious. Therefore, the organization should strengthen the information ethics of its employees and improve self-efficacy. Also, they should bring up feasible and solid suggestions, hoping to improve the customer personal privacy protection performance of the organization and its members. By doing the customers will have confidence in the organization. Winning the trust and satisfaction from the customers will promote the organization image and even bring in more business opportunities, a good thing for running a long term business.

Privacy Self-Efficacy

Data Protection

Self-Regulation Mechanism