Examining the intended and unintended consequences of organisational privacy safeguards

Rachida Parks; Heng Xu; Chao Hsien Chu; Paul Benjamin Lowry

doi:10.1057/s41303-016-0001-6

Examining the intended and unintended consequences of organisational privacy safeguards

Rachida Parks, Heng Xu, Chao Hsien Chu, Paul Benjamin Lowry

Research output: Contribution to journal › Article › peer-review

41 Scopus citations

Abstract

Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation's privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.

Original language	English (US)
Pages (from-to)	37-65
Number of pages	29
Journal	European Journal of Information Systems
Volume	26
Issue number	1
DOIs	https://doi.org/10.1057/s41303-016-0001-6
State	Published - Jan 1 2017

All Science Journal Classification (ASJC) codes

Management Information Systems
Information Systems
Information Systems and Management
Library and Information Sciences

Access to Document

10.1057/s41303-016-0001-6

Cite this

@article{453b8d7bff1f40a3803ed883a5fa658d,

title = "Examining the intended and unintended consequences of organisational privacy safeguards",

abstract = "Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation's privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.",

author = "Rachida Parks and Heng Xu and Chu, {Chao Hsien} and Lowry, {Paul Benjamin}",

note = "Publisher Copyright: {\textcopyright} 2016 The OR Society.",

year = "2017",

month = jan,

day = "1",

doi = "10.1057/s41303-016-0001-6",

language = "English (US)",

volume = "26",

pages = "37--65",

journal = "European Journal of Information Systems",

issn = "0960-085X",

publisher = "Palgrave Macmillan Ltd.",

number = "1",

}

TY - JOUR

T1 - Examining the intended and unintended consequences of organisational privacy safeguards

AU - Parks, Rachida

AU - Xu, Heng

AU - Chu, Chao Hsien

AU - Lowry, Paul Benjamin

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation's privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.

AB - Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation's privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.

UR - http://www.scopus.com/inward/record.url?scp=85016276711&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85016276711&partnerID=8YFLogxK

U2 - 10.1057/s41303-016-0001-6

DO - 10.1057/s41303-016-0001-6

M3 - Article

AN - SCOPUS:85016276711

SN - 0960-085X

VL - 26

SP - 37

EP - 65

JO - European Journal of Information Systems

JF - European Journal of Information Systems

IS - 1

ER -

Examining the intended and unintended consequences of organisational privacy safeguards

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this