Toward a taxonomy of corporate data protection malpractices and their causal mechanisms: A regulatory view

Corporate data protection malpractices are not uncommon, especially in contemporary technological environments. Embracing a regulatory view, this study attempts to advance a taxonomy of prevailing corporate data protection practices and their causal mechanisms by analyzing cases where organizations...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information technology 2023-09, Vol.38 (3), p.319-333
Main Authors: Zhao, Haiping, Jiang, Na, Cai, Zhao, Lim, Eric T. K., Tan, Chee-Wee
Format: Article
Language:English
Subjects:
Empirical analysis
General Data Protection Regulation
Iterative methods
Legislation
Organizations
Taxonomy
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Corporate data protection malpractices are not uncommon, especially in contemporary technological environments. Embracing a regulatory view, this study attempts to advance a taxonomy of prevailing corporate data protection practices and their causal mechanisms by analyzing cases where organizations were fined for violating data protection legislation. Selecting the General Data Protection Regulation (GDPR) enacted by the European Union (EU) as our benchmark, this study employs an iterative taxonomy development technique as guidance and conducts a thematic analysis on 875 cases of GDPR enforcement. In so doing, we derive a conceptual model comprising 6 focal categories and 28 subcategories of prevailing corporate data protection malpractices existing within organizations as well as 4 main categories and 22 subcategories of causal mechanisms underlying these identified malpractices. Empirical findings from this study not only reinforce corporate data protection malpractices established in prior research but also yield novel malpractices that have been neglected in previous work. From a pragmatic standpoint, this study yields invaluable insights into the prevention and resolution of corporate data protection malpractices for practitioners.
ISSN:0268-3962
1466-4437
DOI:10.1177/02683962231155937