Low Effort and Privacy – How Textual Priming Affects Privacy Concerns of Email Service Users

The integration of digital applications and systems into the everyday routines of users is inevitably progressing. Ubiquitous and invisible computing requires the perspective of a new user and the inclusion of insights from related disciplines such as behavioral economics or social psychology. This paper takes up the call for research by Dinev et al. (2015) and examines the influence of textual priming elements on the privacy concerns of users of email accounts. The paper provides an operationalization of a privacy concern as a dependent variable, incorporated in an online experiment with 276 participants. The results show highly significant differences between the groups investigated by the experiment. Specifically, the users of different email providers show interesting results. While users of Gmail show no significant reaction in the experiment, users of other email providers show significant differences in the experimental setting

The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies

While there is a rich body of literature on user acceptance of technologies with positive outcomes, little is known about user behavior toward what we call protective technologies: information technologies that protect data and systems from disturbances such as viruses, unauthorized access, disruptions, spyware, and others. In this paper, we present the results of a study of user behavioral intention toward protective technologies based on the framework of the theory of planned behavior. We find that awareness of the threats posed by negative technologies is a strong predictor of user behavioral intention toward the use of protective technologies. More interestingly, in the presence of awareness, the influence of subjective norm on individual behavioral intention is weaker among basic technology users but stronger among advanced technology users. Furthermore, while our results are consistent with many of the previously established relationships in the context of positive technologies, we find that the determinants ¡°perceived ease of use¡± and ¡°computer self-efficacy¡± are no longer significant in the context of protective technologies. We believe that this result highlights the most significant difference between positive technologies and protective technologies: while the former are used for their designed utilities, for which usefulness and ease of use have a significant impact, the latter are used out of fear of negative consequences, for which awareness becomes a key determinant. We discussed the theoretical and practical implications of these findings. The findings of this study extend the theory of planned behavior to the context of protective technologies and shed insights on designing effective information security policies, practices, and protective technologies for organizations and society

The Centrality of Awareness in the Formation of User Behavioral Intention Toward Preventive Technologies in the Context of Voluntary Use

Little is known about user behavior toward what we call preventive computer technologies that have become increasingly important in the networked economy and society to secure data and systems from viruses, unauthorized access, disruptions, spyware, and similar harmful technologies. We present the results of a study of user behavior toward preventive technologies based on the frameworks of theory of planned behavior in the context of anti-spyware technologies. We find that the user awareness of the issues and threats from harmful technologies is a strong predictor of user behavioral intention toward the use of preventive technologies. In the presence of awareness, the influence of subjective norm on individual behavioral intention is significantly weakened among less technology savvy users but strengthened among more technology savvy users. Also, commonly strong determinants “perceived ease of use” and “computer self-efficacy” in utilitarian technologies are no longer as significant in preventive technologies. Theoretical and practical implications are discussed

“They’re All the Same!” Stereotypical Thinking and Systematic Errors in Users’ Privacy-Related Judgments About Online Services

Given the ever-increasing volume of online services, it has become impractical for Internet users to study every company’s handling of information privacy separately and in detail. This challenges a central assumption held by most information privacy research to date—that users engage in deliberate information processing when forming their privacy-related beliefs about online services. In this research, we complement previous studies that emphasize the role of mental shortcuts when individuals assess how a service will handle their personal information. We investigate how a particular mental shortcut—users’ stereotypical thinking about providers’ handling of user information—can cause systematic judgment errors when individuals form their beliefs about an online service. In addition, we explore the effectiveness of counter-stereotypic privacy statements in preventing such judgment errors. Drawing on data collected at two points in time from a representative sample of smartphone users, we studied systematic errors caused by stereotypical thinking in the context of a mobile news app. We found evidence for stereotype-induced errors in users’ judgments regarding this provider, despite the presence of counter-stereotypic privacy statements. Our results further suggest that the tone of these statements makes a significant difference in mitigating the judgment errors caused by stereotypical thinking. Our findings contribute to emerging knowledge about the role of cognitive biases and systematic errors in the context of information privacy

Why Individuals Commit Computer Offences in Organizations: Investigating the Roles of Rational Choice, Self-Control, and Deterrence

Computer offences and crimes against corporate computer systems have increasingly become a major challenge to information security management in the Internet-enabled global economy and society. In this study, we attempt to develop a theoretical model that integrates three main stream criminology theories, i.e., general deterrence, rational choice, and individual propensity. We submit that, while the main decision process leading to an offensive act may be explained by the rational choice theory, self-control and deterrence factors could significantly alter the risk-benefit calculus assumed in the rational choice model. Using data collected from employees in multiple organizations, we tested our model using structural equation modelling techniques. We found that the perceived benefits of offensive acts dominate the rational calculus in individuals, and that the low self-control significantly impacts the perceived benefits and risks, thus playing a major role in the computer offences perpetrated by individuals in organizational settings. In addition, we found that deterrence only has limited impact on the offensive intentions through increased perceived risks. By integrating multiple theories into one seamless model, we hope to provide better understanding of computer offences and deeper insights for improving information security management practices

Examining the Formation of Individual\u27s Privacy Concerns: Toward an Integrative View

Numerous public opinion polls reveal that individuals are quite concerned about threats to their information privacy. However, the current understanding of privacy that emerges is fragmented and usually discipline-dependent. A systematic understanding of individuals’ privacy concerns is of increasing importance as information technologies increasingly expand the ability for organizations to store, process, and exploit personal data. Drawing on information boundary theory, we developed an integrative model suggesting that privacy concerns form because of an individual’s disposition to privacy or situational cues that enable one person to assess the consequences of information disclosure. Furthermore, a cognitive process, comprising perceived privacy risk, privacy control and privacy intrusion is proposed to shape an individual’s privacy concerns toward a specific Web site’s privacy practices. We empirically tested the research model through a survey (n=823) that was administered to users of four different types of web sites: 1) electronic commerce sites, 2) social networking sites, 3) financial sites, and 4) healthcare sites. The study reported here is novel to the extent that existing empirical research has not examined this complex set of privacy issues. Implications for theory and practice are discussed, and suggestions for future research along the directions of this study are provided