Examining the intended and unintended consequences of organisational privacy safeguards

Rachida Parks, Heng Xu, Chao Hsien Chu, Paul Benjamin Lowry

Research output: Contribution to journalArticlepeer-review

41 Scopus citations


Research shows that despite organisational efforts to achieve privacy compliance, privacy breaches continue to rise. The extant studies on organisational privacy compliance concentrate on the extent to which privacy threats can be alleviated through a combination of technical and human controls and the positive (and often intended) influences of these controls. This focus inadvertently neglects unintended consequences such as impeded workflow in medical practices. To address this research conflict, this study uses an interpretive grounded theory research approach to investigate the consequences of privacy safeguard enactment in medical practices, including whether it influences their ability to meet privacy requirements and whether workflows are impeded. Our central contribution is a theoretical framework, the unintended consequences of privacy safeguard enactment (UCPSE) framework, which explicates the process by which privacy safeguards are evaluated and subsequently bypassed and the resulting influence on organisational compliance. The UCPSE highlights the importance of the imbalance challenge, which is the result of unintended consequences outweighing the intended consequences of privacy safeguard enactment. Failure to address the imbalance challenge leads to the adoption of workarounds that may ultimately harm the organisation's privacy compliance. Despite several research calls, the consequences and effectiveness of organisational privacy efforts are largely missing from both information systems and health informatics research. This study is one of the first attempts to both systematically identify the impacts of privacy safeguard enactment and to examine its implications for privacy compliance in the healthcare domain. The findings also have practical implications for healthcare executives on the UCPSE and how they could alleviate the imbalance challenge to thwart workarounds and the subsequent negative effects on privacy compliance.

Original languageEnglish (US)
Pages (from-to)37-65
Number of pages29
JournalEuropean Journal of Information Systems
Issue number1
StatePublished - Jan 1 2017

All Science Journal Classification (ASJC) codes

  • Management Information Systems
  • Information Systems
  • Information Systems and Management
  • Library and Information Sciences


Dive into the research topics of 'Examining the intended and unintended consequences of organisational privacy safeguards'. Together they form a unique fingerprint.

Cite this