Exploring the impact of data breaches and system malfunctions on users’ safety and privacy perceptions in the context of autonomous vehicles

Technological advancements allow for increasingly automated driving systems as well as the large-scale availability of fully autonomous vehicles (AVs) in the future. In this research-in-progress paper, we propose a research concept to further investigate the interplay of users’ perceived privacy risks and trust in AV safety associated with data breaches and system failures. Specifically, we aim to analyze whether system malfunctions impact privacy risk perceptions and whether data breaches impact users’ trust in AV safety by considering the trust in the AV manufacturer. Additionally, we offer first insights into preliminary data and explain our future research intentions. A more detailed understanding of the relationship between privacy and safety trust in the context of AVs could help manufacturers to better direct efforts to compensate for or prevent data breaches and system malfunctions potentially leading to increased user acceptance and technology adoption

Modeling and Validating Structural Relationship among Customer Data Privacy in E Commerce and Data Breaches.

This abstract provides an overview of a comprehensive study aimed at modeling and validating the structural relationships between customer data privacy practices in e-commerce platforms and the occurrence of data breaches. This research bridges the gap in understanding how the level of investment and adherence to data privacy measures in e-commerce businesses influences the likelihood and severity of data breaches.The study employs a mixed-methods approach, combining quantitative analysis of large-scale data sets related to e-commerce platforms and data breach incidents with qualitative analysis of privacy policies, regulatory frameworks, and industry best practices

Personal Information Breach as a Service Failure: Examining Relationships among Recovery Efforts, Justice, and Customer Responses

Information service users are required to provide personal information to service providers. Accordingly, Personal Information Breach (PIB) and side-effects have recently emerged. This study will seek answers to the following research questions: (1) In a PIB context, which types of PI are regarded as sensitive, and which recovery efforts are important?, (2) What effects do the company’s recovery efforts have on perceived justice, and how do these relationships vary according to the type of PIB?, and (3) What are the relationships between justice and customers’ responses? This study is significant since it views PIB as a type of service failure, and suggests a research model based on service failure/recovery processes and justice theory, and will empirically be tested. This study aims at strengthening its validity by employing a multi-method approach combining a survey and an experiment. Thus, the research findings will provide theoretical and practical contributions to information privacy areas

Data Breach Consequences and Responses: A Multi-Method Investigation of Stakeholders

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the objective of this dissertation is to better understand the effect of data breaches on the stakeholders of the breached organization and the factors that can inhibit the negative behaviors. This dissertation uses a multi-method investigation to examine two external stakeholders, customers and shareholders, in a data breach aftermath. Essay 1 identifies data breach event and announcement characteristics and examines the impact of these characteristics on the customers’ and shareholders’ behaviors. Essay 2 investigates the effective strategy that the breached organizations can adopt after a data breach incident by examining the impact of various data breach response strategies. It also investigates the effect of response times with respect to data breach notification laws on the stakeholders. Each essay constitutes two studies with appropriate research methods for the two stakeholders under investigation. The dissertation is expected to provide several implications for research and practice

Scary Stories: Fear Appeals, Hopelessness and the Role of Response Efficacy in Protective Online Behavior

The issue of online threats is a topic of widespread notoriety and the target of voluminous research. In spite of this, recommended treatments do not seem to have been completely effective, as indicated by the prominence of identity theft among complaints to government agencies such as the Federal Trade Commission. The goal of this research is to produce a more complete and nuanced understanding of this problem and thus provide better guidance toward preventing identity theft. This work offers a 2 x 2 experiment that manipulates both Threat conditions and Response Efficacy in concert, testing for an interaction effect of Threat and Response Efficacy on Behavioral Intention, Fear, and Hopelessness. Our results indicate that a high Threat condition increases users’ intentions to take action against an online threat, as expected. However, we also find that Response Efficacy plays a critical role in how individuals react to online threats. Response Efficacy is found to relate negatively to Hopelessness. In addition, Fear is measured and discussed

Social media revenge: A typology of online consumer revenge

The main purpose of this study is to present a detailed typology of online revenge behaviors that identifies the differential factors affecting this behavior in terms of triggers, channels, and emotional outcomes across two countries: Jordan and Britain. Based on a qualitative approach from a sample of Jordanian and British customers who had previously committed acts of online revenge (N = 73), this study identified four main types of online avengers: materialistic, ego-defending, aggressive, and rebellious. The findings show that British consumers were motivated by core service malfunction failures and employee failures. In contrast, Jordanian consumers’ acts of revenge were triggered by wasta service failures and contract breach failures. Moreover, Jordanian consumers tended to employ more aggressive and sometimes illegal ways to get revenge, whereas British consumers often used social media platforms and review websites. The findings have implications for the prevalence of online consumer revenge acts and for extending theoretical understanding of why and how consumers employ the Internet for revenge after a service failure in addition to how to respond to each avenger

Post Data Breach Use of Protective Technologies: An Examination of Users’ Dilemma

This preliminary research addresses the technology use uncertainties that arise when users are presented with protective technologies following a data breach or privacy violation announcement. Prior studies have provided understanding of determinants of technology use through several perspectives. The study complements prior research by arguing that, beyond individual dispositions or technology features, data breach announcements bring users’ focus on the actions of the breaching organization. Fair process and information practices provide avenue for organizations to alleviate users’ concerns and increase service usage. We draw on organizational justice theory to develop a model that explicates the effect of organizational fairness process and use of technologies. We test this model using data from 200 Facebook users recruited from Amazon MTurk. We found that procedural and informational justice have differential effect on users’ desire to use protective technologies. Our findings have both theoretical and practical implications

Consumers' cognitive, affective, and behavioral responses toward a firm's recovery strategies when committing a transgression

The customer-retailer relationship symbolizes the attachment and connection that consumers’ share with retailers. When consumers’ create these relationships they expect for the retailer to maintain the relationship without a breach, such as a transgression. Transgressions occur when retailer violates the relationship that it has with its customers. When transgressions occur in the customer-retailer relationship they can have several negative consequences for the retailer, such as financial loss and the retailer losing customers. Due to the negative consequences of transgressions, previous researchers have examined the impact of recovery options offered after transgressions occur. However, few studies have examined the recovery option and degree of transgression in relation to consumers’ responses measured in terms of customer trust, customer forgiveness, and retailer equity (retailer image, retailer loyalty, and retailer credibility). Considering the benefits to be gained from this research, the overall purpose of this study is to examine the impact of the customer-retailer relationship and how it is impacted when firms engage in transgressions. Specifically, the current study also looks to examine how the degree of consumers’ attachment toward the firm influences his or her ability to forgive a firm’s transgression (low vs. high) whether a recovery option is offered or not. The study also examines the interconnectedness of trust, forgiveness, and retailer equity (image, loyalty, and credibility). Data were collected from a convenience sample of undergraduate and graduate students, with majority of participant ages ranging from18-23. The final sample consisted of 204 participants. Majority of the participants were female 87.8%, and approximately 55.6% were Caucasian. Several statistical techniques were used to examine the hypotheses (e.g., one-way analysis of variance, multivariate analysis of variance, univariate analysis, and simple linear regression). Results revealed that consumers’ are more likely to have high levels of trust, to forgive the retailer, and to have high levels of retailer credibility when recovery options are offered after transgressions as compared to no recovery. Results further show that consumers’ degree of attachment is likely to moderate the relationship between firm recovery and trust. Further, it was found that there is a relationship between trust, customer forgiveness, and retailer equity (image, loyalty, and forgiveness). This study’s findings add to the literature of customer-retailer relationships (measured in terms of trust, customer forgiveness, and retailer equity: image, loyalty, and credibility) and how they are impacted when transgressions occur. The study also advances the literature by exploring consumers’ attachment and the relationship between trust, customer forgiveness, and retailer equity. Implications are provided. Limitations and future directions are discussed as well

Playing the legal card: using ideation cards to raise data protection issues within the design process

The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal concern for technologies. This paper seeks to understand how to make emerging European data protection regulation more accessible to our community. Our approach develops and tests a series of data protection ideation cards with teams of designers. We find that, whilst wishing to protect users, regulation is viewed as a compliance issue. Subsequently we argue for the use of instruments, such as our cards, as a means to engage designers in leading a human-centered approach to regulation

Three Essays on Information Security Risk Management

Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks