Kritické faktory implementace a provozu personálních informačních systémů / Critical factors of implementation and operations of personal information systems

Zápotočný, Matej

January 2020

This dissertation thesis identifies critical factors of implementation and operation service of Human Resource Information Systems with all its specifics. In detail, the lifecycle of the system is described, system elements and types of organizations that might use it. The thesis aimes at four hypotheses that try to confirm or reject the importance of usage of Human Resource Information Systems in companies of various sizes on Czech and Slovak market. The thesis also describes detailed feedback of company representatives in areas of benefits and usage of these systems and presents a list of critical factors that were discovered and confirmed during the preparation of the thesis and related research.

Why won't you let (A)I help you? : A quantitative study that explains the effects of AI perceptions on willingness to disclose personal information to AI

Benda, Tim, Lind, Vincent

January 2021

Purpose The purpose of the study is to explain the perceived benefits and perceived privacy concerns of AI’s effects on willingness to disclose personal information to AI while explaining the moderating effect of perceived knowledge of AI.  Design/methodology/approach With the explanatory purpose in mind was firstly a deductive approach of research applied. The researchers further applied a quantitative approach of research in the form of a questionnaire. A total number of 193 responses of the questionnaire was validly collected. Furthermore, 10 hypotheses were conducted in order to investigate the relationships within research. Findings The findings are that perceived knowledge of AI does not have a positive moderating effect on any of the perceived benefits of AI nor perceived concerns of AI effectiveness on willingness to disclose personal information to AI. The findings also show that perceived privacy concerns of AI have a negative effect on willingness to disclose personal information to AI. Perceived personalization benefits, perceived health benefits and perceived financial benefits of AI have a positive effect on willingness to disclose personal information to AI.  Research contributions/limitations The research contributes to current research by highlighting the importance of context in regard to privacy calculus in order to improve on the model’s ability to explain variations. The research is limited by its data being skewed towards younger people and thus the study is representative of a younger Swedish sample.  Practical implications The research shows that it is important for both businesses and policy makers to take into consideration that individuals possess a higher perceived privacy concern of AI in comparison to the benefits when it comes to disclosing personal information to AI. Highlighting the importance of educating individuals in how AI actually function, as it is implied that the benefits are valued but it does not make individuals more willing to disclose personal information to AI.   Originality/value The originality of the study is that it makes use of the context of AI in relation to the privacy calculus, which has not been done before. Additionally, incorporating specific benefits as opposed to explaining the general perception of AI benefits, the study is able to explain more specifically how different benefits of AI affect individual’s willingness to disclose personal information to AI.

Privacy Concerns of AI

Perceived Benefits of AI

Perceived Knowledge of AI

Business Administration

Företagsekonomi

The human in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa

Jansen van Rensburg, Shandre Kim

06 1900

Criminology and Security Science

Criminological theories

Hacking

Information security

Multi inter-transdisciplinary (MIT)

Personal Information

Privacy

Risk

Social engineering

Social networks

Threat

Vulnerability

Impersonation

Factors Related to Users’ Awareness of Information Security on Social Network Service : The Case of WeChat

Shen, Han

January 2018

Recent trends in social network services (SNS) have taken the rates of personal information sharing, storage and processing to an unprecedented level, which yield both benefits and undesirable consequences for their users. SNS is being exploited by criminals to fraudulently obtain information from unsuspecting users. User’s awareness of privacy protection has been far left behind by the increasing and popularizing utilization of social network services (SNS), the privacy security problems will become one of the important factors influencing the healthy development of social network service industry. This study was designed to collect data and produce knowledge about the security awareness of WeChat users (i.e., randomly selected from all over China), their preferences and their experience of using WeChat while facing security issues as well as the perspectives of how people perceive a specific security problems, in order to find out what factors influence user's security awareness. In order to carefully conduct the research process and explain the empirical findings, seven principles of interpretive field research and protection motivation theory is adopted as core theoretical foundation. Participants were asked to provide information about and their personal views of questions from their different experience and value. Eight persons interviewed for our research and their responses confirmed our objectives of the study. As a result, six factors are indentified in related to WeChat user’s security awareness. PMT helps to explain and understand that how six indentified concepts influence behaviour intention and security awareness of user.

Social Networking Services

Cybercriminal

Security Awareness

Protection Motivation Theory

Personal Information

Privacy Protection

WeChat

China

Social Sciences

Samhällsvetenskap

Public Self Service Technology (SST): Designing for Trust : Factors enhancing user’s trust towards a public SST

Dipesh Dugar, Deepika

January 2018

Public Self Service Technology (SST) has become an important part of our daily life. Advancement in technology and reduced hardware costs have motivated service providers to deploy public a SST for various important and complex tasks. Examples of such tasks include editing and printing confidential documents, performing monetary transactions, etc. These tasks requires a user to reveal his/her personal information to a public SST. The major problem while performing these tasks using a public SST is that the user has to deal with many surrounding factors like social density, privacy and security, which might affect his/her trust towards the SST and in turn the user might refrain from using it. This study aims to find different factors that can enhance user’s trust towards a public SST, encourage to use it and complete the task even if it requires user’s personal information.The in-depth interview method was adopted for the study to learn twelve interviewees’ experience with varied public SSTs that specifically handles personal information, in an urge to understand interviewees’ behaviour, underlying motivations and desires to use those public SSTs. Analysing the data collected from interviews, ten trust factors were found that emerge at various stages of interaction with a public SST. They were categorized into pre-interaction, on-interaction and post-interaction factors based on their time of interaction. Beyond the trust factors, three additional important factors have emerged from interview data, which motivates users to adopt public SSTs. They are usefulness, convenience and personality-based trust. The results may be valuable for researchers who are focusing on different aspects of trust and any public artefact as well as for service providers and designers to design a trustworthy public SST. Based on the results, some practical implications for designing public SSTs are also presented. / Offentlig självbetjäningsteknik (eng. Public Self Service Technology) har blivit en viktig del av vårt dagliga liv. Förbättring i teknik och minskade hårdvarukostnader har motiverat tjänsteleverantörer att distribuera offentliga SST för olika viktiga och komplexa uppgifter. Exempel på sådana uppgifter är att redigera och skriva ut konfidentiella dokument, utföra monetära transaktioner etc. Dessa uppgifter kräver att en användare delar med sig av personlig information till en offentlig SST. Det stora problemet med att utföra dessa uppgifter med hjälp av SST är att användaren måste hantera många omgivande faktorer som social täthet, integritet och säkerhet, vilket kan påverka personens förtroende mot SST och i sin tur kananvändaren avstå från att använda den. Följaktligen syftar denna studie till atthitta olika faktorer som kan öka användarnas förtroende mot offentliga SST, uppmuntra att använda dem och slutföra uppgifter även om det kräver användarens personuppgifter.En djupintervjumetod användes i studien för att lära sig om tolv testdeltagares erfarenhet av olika offentliga SST, specifikt de som hanterar privat information, i en strävan att förstå deltagarnas beteende, underliggande motivation och önskemål att använda dessa offentliga SST. Analys av de uppgifter som samlats in från intervjuer, upptäckte tolv förtroendefaktorer som uppstår vid olika stadier av interaktion med en offentlig SST. De var därför uppdelade i pre-interaktion, interaktionsoch post-interaktionsfaktorer. Från intervjuerna har ytterligare tre viktiga faktorer upptäckts som motiverar användarna att använda offentliga SST. De är användbarhet, bekvämlighet och personlighetsbaserat förtroende. Resultaten är värde-fulla för forskare som fokuserar på olika aspekter av förtroende och offentligaartefakter samt för tjänsteleverantörer och designers för att utforma en pålitlig offentlig SST. Baserat på resultaten presenteras också några praktiska konsekvenser för utformningen av offentliga SST.

Public Self Service Technology (SST)

trust

personal information

risk

situational context

Interaction design

Computer and Information Sciences

Data- och informationsvetenskap

Vulnerability in online social network profiles. A Framework for Measuring Consequences of Information Disclosure in Online Social Networks.

Alim, Sophia

January 2011

The increase in online social network (OSN) usage has led to personal details known as attributes being readily displayed in OSN profiles. This can lead to the profile owners being vulnerable to privacy and social engineering attacks which include identity theft, stalking and re identification by linking. Due to a need to address privacy in OSNs, this thesis presents a framework to quantify the vulnerability of a user¿s OSN profile. Vulnerability is defined as the likelihood that the personal details displayed on an OSN profile will spread due to the actions of the profile owner and their friends in regards to information disclosure. The vulnerability measure consists of three components. The individual vulnerability is calculated by allocating weights to profile attribute values disclosed and neighbourhood features which may contribute towards the personal vulnerability of the profile user. The relative vulnerability is the collective vulnerability of the profiles¿ friends. The absolute vulnerability is the overall profile vulnerability which considers the individual and relative vulnerabilities. The first part of the framework details a data retrieval approach to extract MySpace profile data to test the vulnerability algorithm using real cases. The profile structure presented significant extraction problems because of the dynamic nature of the OSN. Issues of the usability of a standard dataset including ethical concerns are discussed. Application of the vulnerability measure on extracted data emphasised how so called ¿private profiles¿ are not immune to vulnerability issues. This is because some profile details can still be displayed on private profiles. The second part of the framework presents the normalisation of the measure, in the context of a formal approach which includes the development of axioms and validation of the measure but with a larger dataset of profiles. The axioms highlight that changes in the presented list of profile attributes, and the attributes¿ weights in making the profile vulnerable, affect the individual vulnerability of a profile. iii Validation of the measure showed that vulnerability involving OSN profiles does occur and this provides a good basis for other researchers to build on the measure further. The novelty of this vulnerability measure is that it takes into account not just the attributes presented on each individual profile but features of the profiles¿ neighbourhood.

Personal information disclosure

Data retrieval

Vulnerability

Measurement

Privacy and OSNs.

Personal details in OSNs.

Online social networks (OSN)

Vulnerability algorithm

Identity theft

Electronic Multi-agency Collaboration. A Model for Sharing Children¿s Personal Information Among Organisations.

Louws, Margie

January 2010

The sharing of personal information among health and social service organisations is a complex issue and problematic process in present-day England. Organisations which provide services to children face enormous challenges on many fronts. Internal ways of working, evolving best practice, data protection applications, government mandates and new government agencies, rapid changes in technology, and increasing costs are but a few of the challenges with which organisations must contend in order to provide services to children while keeping in step with change. This thesis is an exploration into the process of sharing personal information in the context of public sector reforms. Because there is an increasing emphasis of multi-agency collaboration, this thesis examines the information sharing processes both within and among organisations, particularly those providing services to children. From the broad principles which comprise a socio-technical approach of information sharing, distinct critical factors for successful information sharing and best practices are identified. These critical success factors are then used to evaluate the emerging national database, ContactPoint, highlighting particular areas of concern. In addition, data protection and related issues in the information sharing process are addressed. It is argued that one of the main factors which would support effective information sharing is to add a timeline to the life of a dataset containing personal information, after which the shared information would dissolve. Therefore, this thesis introduces Dynamic Multi-Agency Collaboration (DMAC), a theoretical model of effective information sharing using a limited-life dataset. The limited life of the DMAC dataset gives more control to information providers, encouraging effective information sharing within the parameters of the Data Protection Act 1998.

Confidentiality

Information sharing

Multi-agency working

Social services

Vulnerable children

Personal information

Limited-life datasets

Data protection

Studenters integritetsoro kring hantering av personlig information : En kvalitativ studie inom e-bank, e-handel och e-hälsa / Students privacy concern regarding management of personal information : A qualitative study within e-bank, e-commerce and e-health

Nilsson, Philip, Jonson, Joel

January 2022

Insamling av personlig information utförs av företag i kommersiella syften och används till att skapa profiler och beteendemönster. Utnyttjandet av användares personliga information har upprepande gånger lett till konflikter där människors oro över sin personliga integritet har belysts. Detta har resulterat i skapandet av förordningar som GDPR, California Consumer Privacy Act och ett flertal nationella lagar som syftar till att stärka och skydda individers personuppgifter. Tidigare statistiska undersökningar har visat att studenter är en population som upplever oro över personlig datainsamling. Därav kommer urvalet för denna studie fokusera på studenter.  Syftet med studien är att skapa en förståelse över när en student känner oro i att lämna ifrån sig personlig information. Tidigare forskning visar på att frågor inom integritetsoro är djupt förknippad med en kontext och betydelsen av att placera situationen i ett sammanhang. Domänområdena e-bank, e-handel och e-hälsa har därför valts ut att undersökas i denna studie på grund av deras känsliga samband till integritetsoro men även dess påtagliga relevans inom IS-området.  Studiens resultat bekräftar att integritetsoro skiljer sig genom kontexter i viss mån men studien pekar även på tydliga samband. En oro över faktorn obehörig tillgång förekommer bland tre domäner, dock skiljer sig situationen åt i varje domän. Människors medvetenhet har visat sig vara oberoende av domän då studenter förstår att personlig information samlas in, men vet inte vad den används till. / Today’s companies use Personal data collection for commercial purposes and use it to create profiles and analyze behavior patterns. This abuse of users' personal information has repeatedly led to conflicts in which people's concerns about their privacy have been enlightened. This has resulted in the creation of several regulations such as the GDPR, the California Consumer Privacy Act and a number of national laws that strengthen and protect individuals' personal data. Previous statistical surveys have shown that students are a population that is concerned about personal data collection. Hence, the selected group for this study will be students.  The purpose of this study is to create an understanding of when a student is concerned about disclosing personal information. Previous research shows that privacy concerns are deeply associated with placing the situation in a context. The domain areas of ebanking, e-commerce and e-health have therefore been selected to be examined in this study due to their sensitive connection to privacy concerns but also its noticeable relevance within the IS-area.  The result of this study confirms that integrity concerns differ through contexts to some extent, however the result also shows that there are certain similarities. A concern about the factor improper access occurs among three domains, however, the situation differs in each domain. People's awareness has been shown to be independent by domain as students, regardless of the discussed domain, understand that personal information is collected, but do not know what it is used for.

Domains

Context

IPC

Personal information

Privacy Calculus

Domäner

Kontext

IPC

Personlig information

Privacy Calculus

Information Systems

網站隱私權政策分析－以台灣網站為例

李俊磊, Li , Chun-Lei

Unknown Date

個人資料的資料流（Data Flows）在網路上的擴散，造成對個人隱私權的威脅，逐漸已經成為社會大眾所關注的議題。在過去幾年中，網站逐漸被要求制定相關的規範以符合大眾的期待。然而，隨著網際網路環境的快速變遷，網站的規範是否提供適當的個人隱私權保護，將會成為社會大眾持續討論的問題。 部分的網站已經滿足隱私權到某種程度。這些網站開始採用一些普遍性的實作。在某些程度上，這些實作依循由隱私權規範創立者所推動的公平資訊實施原則（Fair Information Practice Principle）（FTC，1998a）。 本研究根據文獻探討提及的公平資訊實施原則：告知（notice）、選擇（choice）、存取（access）、與安全（security），對個人使用者感興趣的台灣地區網站進行網站隱私權政策分析與調查研究，探討其對個人隱私揭露的程度。 研究結果指出，樣本中84.1%的網站收集至少一種形式的個人識別資訊（例如：姓名，e-mail address，郵政地址），72.3%收集至少一種形式的人口統計學資訊（例如：性別，喜好，郵遞區號），71.8%的網站兩者接收集，而15.4%的網站兩者皆不收集。隱私揭露方面，67.7%（390個樣本中的264個）刊載至少一種形式的隱私揭露（一個隱私權政策的告示或是一個資訊實施聲明），50.5%這兩種形式的隱私揭露都刊載，有32.3%個網站這兩種形式的隱私揭露皆不刊載。觀察隱私揭露反映公平資訊實施的程度，在264個有收集個人資訊與刊載隱私揭露的網站中，92.8%包含至少一種關於（告知）的調查項目，70.8%包含至少一種關於（選擇）的調查項目，80.7%包含至少一種關於（存取）的調查項目，43.9%包含至少一種關於（安全）的調查項目，以及26.9%包含關於（聯絡資訊）的調查項目。 在本研究中，看待這些網站樣本所得出的結果，應特別注意那些較不滿足公平資訊實施原則的部分，包括對Cookies使用的告知、告知關於外界第三者的相關資訊、選擇、安全以及聯絡資訊等部份所表現出來的結果，而實際上所有台灣網站所表現出的結果，很可能比本研究所得出的結果來得更為不理想，網站若要更能滿足使用者對隱私權保護的期待，就必須更正視這些部份的隱私揭露保護。 資料的收集與使用對網路環境的發展影響甚鉅，網站營運者在思考如何使資料的利用最大化時，必須兼顧使用者的隱私權。唯有在合理，相互尊重的架構下，才能替彼此創造出長遠的利益。本研究的結果希望能對台灣在檢討、發展、建立符合台灣環境及與世界接軌的網路隱私權保護環境上，作出些許的貢獻。 / The spreading of personal data flows over the Internet has threatened many online individuals’ privacy, which also becomes a noticeable topic among the society. For the past few years, there were norms applied to websites in order to protect online users’ privacy. However, could norms provide proper protections along with the rapid improvement of Internet technology? This topic will remain among society’s discussion. Some websites provide certain amount of protections by using popular practices. On a certain level, these practices follow the Fair Information Practice Principle that was supported by the Privacy Norm Entrepreneurs (FTC, 1998). This research is based on the four main elements of Fair Information Practice Principle: Notice, Choice, Access, and Security. The thesis concentrates on analyzing and researching the privacy policy about privacy disclosure provided by websites that were directed and interested to individual user within Taiwan. Based on the result of this research, 84.1% of the sampled websites collected at least one type of personal identifying information (e.g. name, e-mail address, postal address). 72.3% of the sampled websites collected at least one type of demographic information (e.g. gender, preferences, Zip code). 71.8% of the websites collected both types of personal information, and 15.4% collected neither type of personal information. As for privacy disclosure, 67.7% of the websites (264 out of 390 sampled websites) provided at least one type of privacy disclosures (a privacy policy notice or an information practice statement). 50.5% of the websites provided both types of disclosures; and 32.3% of the websites provided none of the above. By studying the researched websites along with the Fair Information Practice Principle, Of the 264 websites that collected personal information and posted a privacy disclosure, 92.8% included at least one survey item for notice, 70.8% contained at least one survey item for choice, 80.7% contained at least one survey item for access, 43.9% contained at least one survey item for security, and 26.9% contained at least one survey item for contact information. While studying the research result, it is important to concentrate on the websites that did not follow the Fair Information Practice Principle. The result includes websites’ notice of Cookies usage, and providing third party related information, choice, security, and contact information, etc. However, the result in reality could be a lot worse than the research result. In order to fulfill online users’ anticipation, websites should pay more attention on privacy policy of these parts. Colleting and using users’data influence the development of online environment greatly. Web owners should consider their customers’ privacy rights while trying to capitalize customers’ information. The only way to generate long and stable benefit for both provider and user is with respect. Hopefully the result of this research will contribute some amount of consideration and development of privacy protection that works for websites and users in Taiwan.

網站

個人資訊

公平資訊實施

隱私權政策

Website

Personal Information

Fair Information Practice

Privacy Policy

Utilisation de la base de données nationale d'inscription par les firmes de courtage et les régulateurs canadiens : gestion des renseignements personnels

Desjardins, David

08 1900

"Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de Maître en droit (LL.M.)" / Le présent texte a pour sujet la Base de données nationale d'inscription, système d'inscription obligatoire depuis quelques mois pour l'ensemble des firmes de courtage et des représentants en valeurs mobilières au Canada, à l'exception de ceux et celles qui n'exercent leurs activités qu'en territoire québécois. La question de la protection des renseignements personnels compris dans cette base de données y est analysée en portant une attention particulière à la pluralité des régimes de protection qui évolue au Canada. En effet, différentes règles s'appliquent selon que l'on est en présence d'un organisme public ou une entreprise du secteur privé et selon que la « transaction» est intraprovinciale ou extraprovinciale. La Base de données nationale d'inscription remplace dorénavant la procédure d'inscription sur support papier. Les documents issus de ce système informatique possèdent des caractéristiques propres et certaines règles doivent être respectées afin de leurs conférer la même valeur juridique que les documents papier. Finalement, la compilation de l'information dans cette gigantesque base de données serait futile s'il n'était pas possible d'accéder aux renseignements qui y sont contenus. Une fois les différents types d'accès définis, une comparaison sera faite avec certains systèmes d'inscription en ligne américains. La technologie bouleverse nos habitudes dans tous les secteurs de l'économie. Les finances ne sont pas en reste. Avec la Base de données nationale d'inscription, c'est tout le système d'inscription de l'industrie canadienne des valeurs mobilières qui prend un sérieux coup de jeune. Et il était temps ... / The subject of the present text concems the National Registration Database, a recent mandatory registration system designated for all brokerage firms and investment advisors across Canada, with the exception of those who exercise their activities exclusively in Quebec. The matter of protection of personal information included in this database is analyzed with an emphasis on the existence of multiple laws evolving in Canada. In fact, different mIes apply whether you are in the presence of a public body or an enterprise of the private sector and whether the "transaction" is concluded within or out of the province. The National Registration Database replaces the previous paper format registration procedure. The documents produced by this computerized system have their own particularities and certain mIes must be respected in order to maintain a legal value equal to the priOf format. Finally, the compiling of information found in this enormous database would be useless if it was not possible to access its information. Once the different types of access are determined, a comparison will be done with existing American online registration systems. It is obvious that technology has had a tremendous impact on the economy. Of course, the financial industry is affected. With the National Registration Database, the whole Canadian securities registration system has had a total makeover. It was about time...

Accès à l'information

Base de données

Courtage

Conformité

Document

Informatique

Inscription

Renseignements personnels

Valeurs mobilières

Access to documents

Broker

Compliance

Computer

Database

Personal information

Registration

Securities