Information Privacy Assimilation in IT Organizations

Information privacy concerns have been rising over a few decades. As per the recent General Data Protection Regulation, organizations need to implement the highest-possible privacy settings by design and default. Following the neo-institutional theory, this study develops a model for understanding t...

Full description

Saved in:
Bibliographic Details
Published in:Information systems frontiers 2022-10, Vol.24 (5), p.1497-1513
Main Authors: Attili, V. S. Prakash, Mathew, Saji K., Sugumaran, Vijayan
Format: Article
Language:English
Subjects:
Assimilation
Business and Management
Coercivity
Control
Corporate culture
Data collection
Hypotheses
Information systems
Information technology
IT in Business
Management of Computing and Information Systems
Operations Research/Decision Theory
Organizational aspects
Organizations
Privacy
Systems Theory
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Information privacy concerns have been rising over a few decades. As per the recent General Data Protection Regulation, organizations need to implement the highest-possible privacy settings by design and default. Following the neo-institutional theory, this study develops a model for understanding the mechanism of information privacy assimilation in Information Technology (IT) organizations. This study treats information privacy as a distinct dimension separate from security. After analyzing a sample survey data of 214 respondents from the IT industry, privacy capability and organizational culture emerged as influencing factors with a statistically significant influence on information privacy assimilation. The findings from this study support the mediating role of senior management participation between the external coercive forces and privacy-related business strategy. Business strategy also plays a mediating role between coercive/normative forces and privacy-related activities within an organization. Here the mimetic forces show a direct influence on privacy-related activities. A positive moderating effect of organizational culture on normative forces and privacy-related activities relationship; and a negative moderating effect of privacy capability on mimetic forces and privacy-related activities relationship are observed. These findings could enable senior managers to respond to institutional pressures by focusing on appropriate factors within an organization for developing effective privacy strategies and actions. This work is an extension of the pilot work that was published in Communications of the Association for Information Systems (CAIS), 2018. The prior work focuses on developing the propositions qualitatively. Building on that, we have formally defined the hypotheses, developed the appropriate survey instrument and collected the primary data which is large enough to do adequate analysis. Adopted a quantitative approach using an extensive sample survey of IT organizations, followed a more rigorous process for data collection, analysis, and discussion of the results. In addition, based on the lessons learned from the pilot study, we have updated the research model and hypotheses with a focus on privacy-related business strategy and activities.
ISSN:1387-3326
1572-9419
DOI:10.1007/s10796-021-10158-0