research-article

Compliance to personal data protection principles

Authors:

Anthony Herbland,

Younghoon ChangAuthors Info & Claims

Telematics and Informatics, Volume 34, Issue 4

Pages 157 - 170

https://doi.org/10.1016/j.tele.2017.01.008

Published: 01 July 2017 Publication History

Abstract

We examined how organizations' privacy policy meet the compliance requirement.We found privately-owned organizations have higher compliance level.Sectors with more personal sensitive data have significantly higher compliance score.Government sectors have the lowest compliance score and highest readability score.Foreign and local sectors demonstrate statistically significant comparable compliance scores. This study examines how organizations in Malaysia frame their privacy policy notice to comply with the Personal Data Protection Act (PDPA, 2010) and if these organizations differ in their level of compliance and the readability of their privacy notices. We collected the online privacy polices of 306 organizations from 12 sectors to assess their readability and compliance with PDPA requirements. The results show that private-owned organizations have higher compliance level compared to public-owned organizations. Sectors that hold more personal sensitive data obtain higher compliance scores. Non-governmental organizations demonstrate higher compliance level compared to government-owned organizations. Despite differences in the compliance scores, most organizations fail to meet the requirements of the PDPA. Our study also reveals that readability has a negative correlation with the compliance score because simple and shorter version of the privacy policies often lack detailed information. Our findings provide valuable insights into organizations privacy policy compliance across different sectors in Malaysia. Specifically, the Malaysian authority should implement more effective mechanisms to enforce the compliance of the PDPA. Organizations should also take corrective actions to improve the compliance scores of their online privacy policies.

References

[1]

J.O. Ayoade, T. Kosuge, Breakthrough in privacy concerns and lawful access conflicts, Telemat. Inf., 19 (2002) 273-289.

Digital Library

[2]

J.B. Barney, M.H. Hansen, Trustworthiness as a source of competitive advantage, Strateg. Manag. J., 15 (1994) 175-190.

[3]

F. Belanger, R.E. Crossler, Privacy in the digital age: a review of information privacy research in information systems, MIS Q., 35 (2011) 1017-1041.

Digital Library

[4]

A. Bergstrm, Online privacy concerns: a broad approach to understanding the concerns of different groups for different uses, Comput. Hum. Behav., 53 (2015) 419-426.

Digital Library

[5]

P. Blume, It is time for tomorrow: EU data protection reform and the Internet, J. Internet Law, 18 (2015) 3-13.

[6]

C. Callanan, B. Jerman-Blai, A.J. Blai, User awareness and tolerance of privacy abuse on mobile Internet: An exploratory study, Telemat Inf., 33 (2016) 109-128.

Digital Library

[7]

H. Cho, M. Rivera-Snchez, S.S. Lim, A multinational study on online privacy: global concerns and local responses, New Media Soc., 11 (2009) 395-416.

[8]

L.F. Cranor, J. Reagle, M.S. Ackerman, Beyond concern: understanding net users attitudes about online privacy, in: The Internet Upheaval: Raising Questions, Seeking Answers in Communications Policy, MIT Press, Cambridge, MA, 2000, pp. 47-70.

[9]

M.J. Culnan, C.C. Williams, How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches, MIS Q., 33 (2009) 673-687.

Digital Library

[10]

T. Dinev, M. Bellotto, P. Hart, V. Russo, I. Serra, C. Colautti, Privacy calculus model in e-commerce: a study of Italy and the United States, Eur. J. Inf. Syst., 15 (2006) 389-402.

[11]

J.B. Earp, A.I. Antn, L. Aiman-Smith, W.H. Stufflebeam, Examining Internet privacy policies within the context of user privacy values, IEEE Trans. Eng. Manag., 52 (2005) 227-237.

[12]

S. Egelman, J. Tsai, L.F. Cranor, R. Acquisti, Timing is everything? The effects of timing and placement of online privacy indicators, in: CHI 09: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, USA, 2009, pp. 319-328.

Digital Library

[13]

FRES, 2016. FleschKincaid readability tests. Wikipedia reference. Last accessed: 15th July 2016. https://en.wikipedia.org/wiki/Flesch%E2%80%93Kincaid_readability_tests.

[14]

K.E. Greenaway, Y.E. Chan, Designing a customer information privacy program aligned with organizational priorities, MIS Q. Executive, 12 (2013).

[15]

C.W. Hsu, Privacy concerns, privacy practices and web site categories: toward a situational paradigm, Online Inf. Rev., 30 (2006) 569-586.

[16]

N.J. King, V.T. Raja, Protecting the privacy and security of sensitive customer data in the cloud, Comput. Law Security Rev., 28 (2012) 308-319.

[17]

S. Kokolakis, Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon, Comput. Secur., 64 (2017) 122-134.

Digital Library

[18]

K.M. Kuo, P.C. Talley, C.C. Ma, A structural model of information privacy concerns toward hospital websites, Program, 49 (2015) 305-324.

[19]

Y. Li, W. Stweart, J. Zhu, A. Ni, Online privacy policy of the thirty Dow Jones corporations: compliance with FTC Fair Information Practice Principles and readability assessment, Commun. IIMA, 12 (2014) 5.

[20]

C. Liu, J.T. Marchewka, J. Lu, C.S. Yu, Beyond concerna privacy-trust-behavioral intention model of electronic commerce, Inf. Manag., 42 (2005) 289-304.

Digital Library

[21]

M. Lwin, J. Wirtz, J.D. Williams, Consumer online privacy concerns and responses: a powerresponsibility equilibrium perspective, J. Acad. Mark. Sci., 35 (2007) 572-585.

[22]

D.B. Meinert, D.K. Peterson, J.R. Criswell, M.D. Crossland, Privacy policy statements and consumer willingness to provide personal information, J. Electron. Commer. Organ., 4 (2006) 1-17.

[23]

G.R. Milne, M.J. Culnan, Strategies for reducing online privacy risks: why consumers read (or dont read) online privacy notices, J. Interact. Mark., 18 (2004) 15-29.

[24]

G.R. Milne, M.J. Culnan, H. Greene, A longitudinal assessment of online privacy notice readability, J. Public Policy Mark., 25 (2006) 238-249.

[25]

L. Mitrou, M. Karyda, Employees' privacy vs. employers' security: Can they be balanced?, Telemat Inf., 23 (2006).

Digital Library

[26]

A.D. Miyazaki, S. Krishnamurthy, Internet seals of approval: effects on online privacy policies and consumer perceptions, J. Consumer. Aff., 36 (2002) 28-49.

[27]

M. Mizutani, J. Dorsey, J.H. Moor, The internet and Japanese conception of privacy, Ethics Inf. Technol., 6 (2004) 121-128.

Digital Library

[28]

D. Moscato, S. Altschuller, International perceptions of online banking security concerns, Commun. IIMA, 12 (2012) 51-64.

[29]

D. Moscato, S. Altschuller, E.D. Moscato, Privacy policies on global banks websites: does culture matter?, Commun. IIMA, 13 (2013) 91.

[30]

C. Nam, C. Song, E. Lee, C.I. Park, Consumers privacy concerns and willingness to provide marketing-related personal information online, Adv. Consumer. Res., 33 (2006) 212.

[31]

D.-K.M. Nofer, O. Hinz, J. Muntermann, H. Rossnagel, The economic impact of privacy vio-lations and security breaches, Bus. Inf. Syst. Eng., 6 (2014) 339-348.

[32]

A.P. Oghuma, C.F. Libaque-Saenz, S.F. Wong, Y. Chang, An expectation-confirmation model of continuance intention to use mobile instant messaging, Telemat Inf., 33 (2016) 34-47.

Digital Library

[33]

M.K. Paasche-Orlow, D.M. Jacob, J.N. Powell, Notices of privacy practices: a survey of the Health Insurance Portability and Accountability Act of 1996 documents presented to patients at US hospitals, Med. Care, 43 (2005) 558-564.

[34]

J. Phelps, G. Nowak, E. Ferrell, Privacy concerns and consumer willingness to provide personal information, J. Public Policy Marketing, 19 (2000) 27-41.

[35]

PDPA, 2010. Laws of Malaysia, Act 709, Personal Data Protection Act 2010.

[36]

PDPA, 2013. Federal Government Gazette. Personal Data Protection (Class of Data Users) Order 2013.

[37]

R.F. Parks, R.T. Wigand, Organizational privacy strategy: Four quadrants of strategic respons-es to information privacy and security threats, J. Inf. Privacy Security, 10 (2014) 203-224.

[38]

A.R. Peslak, Privacy policies of the largest privately held companies: a review and analysis of the forbes private 50, in: Proceedings of the 2005 ACM SIGMIS CPR Conference on Computer Personnel Research, ACM, New York, USA, 2005, pp. 104-111.

Digital Library

[39]

A.R. Peslak, Internet privacy policies of the largest international companies, J. Electron. Commer. Organ., 4 (2006) 46-62.

[40]

L.B. Pincus, C. Trotter, The disparity between public and private sector employee privacy protections: a call for legitimate privacy rights for private sector workers, Am. Bus. Law J., 33 (1995) 51-90.

[41]

N.J. Rifon, R. LaRose, S. Choi, Your privacy is sealed: effects of web privacy seals on trust and personal disclosures, J. Consumer. Aff., 39 (2006) 339-362.

[42]

K.S. Schwaig, G.C. Kane, V.C. Storey, Privacy, fair information practices and the Fortune 500: the virtual reality of compliance, ACM Sigmis Newsl., 36 (2005) 49-63.

Digital Library

[43]

K.S. Schwaig, G.C. Kane, V.C. Storey, Compliance to the fair information practices: How are the Fortune 500 handling online privacy disclosures?, Inf. Manag., 43 (2006) 805-820.

Digital Library

[44]

R.I. Singh, M. Sumeeth, J. Miller, A user-centric evaluation of the readability of privacy policies in popular web sites, Inf. Syst. Front., 13 (2011) 501-514.

Digital Library

[45]

W. Sinnett, Why private companies stay private, Financial Executive, 18 (2002) 51.

[46]

H.J. Smith, T. Dinev, H. Xu, Information privacy research: an interdisciplinary review, MIS Q., 35 (2011) 989-1015.

[47]

N. Steinfeld, I agree to the terms and conditions: (how) do users read privacy policies online? An eye-tracking experiment, Comput. Hum. Behav., 55 (2016) 992-1000.

Digital Library

[48]

J. Strauss, K.S. Rogerson, Policies for online privacy in the United States and the European Union, Telemat. Inf., 19 (2002) 173-192.

Digital Library

[49]

H. Tavani, Privacy and security, in: Internet Ethics, Macmillan, London, 2000, pp. 65-95.

[50]

J.Y. Tsai, S. Egelman, L. Cranor, A. Acquisti, The effect of online privacy information on purchasing behavior: an experimental study, Inf. Syst. Res., 22 (2010) 254-268.

Digital Library

[51]

M.W. Vail, J.B. Earp, A.I. Antn, An empirical study of consumer perceptions and comprehension of web site privacy policies, IEEE Trans. Eng. Manag., 55 (2008) 442-454.

[52]

K.W. Wu, S.Y. Huang, D.C. Yen, I. Popova, The effect of online privacy policy on consumer privacy concern and trust, Comput. Hum. Behav., 28 (2012) 889-897.

Digital Library

[53]

H.L. Yang, H.K. Chiu, Privacy disclosures of web sites in Taiwan, J. Inf. Technol. Theory Appl., 4 (2002) 15-42.

Cited By

Jasimuddin SXia HZhang JXu CLi X(2024)The Influence of Readability of Financial App Privacy Policy on Enterprise PerformanceJournal of Database Management10.4018/JDM.36199935:1(1-16)Online publication date: 7-Jan-2024
https://dl.acm.org/doi/10.4018/JDM.361999
Ali RDominic P(2024)Investigation of information security policy violations among oil and gas employeesJournal of Information Science10.1177/0165551522108768050:1(254-272)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1177/01655515221087680
Javed YSajid A(2024)A Systematic Review of Privacy Policy LiteratureACM Computing Surveys10.1145/369839357:2(1-43)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1145/3698393
Show More Cited By

Compliance to personal data protection principles
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Personal information privacy: implications for MIS managers
Privacy protection of China’s top websites: A Multi-layer privacy measurement via network behaviours and privacy policies
Highlights
- To our best knowledge, our work firstly put the state of Chinese and Western (European/US) privacy policies into perspective. And a multi-layer privacy measurement framework NPM (Network and Policy Privacy Measurement) is proposed. The ...
Graphical abstract

Display Omitted

Abstract
In the booming development of China’s digital economy, the privacy and security issues of personal data in website applications are vital important. Websites need to implement basic personal information protection measures according to China’s ...
Secure semi‐automated GDPR compliance service with restrictive fine‐grained access control
Abstract
Sharing personal data with service providers is a contentious issue that led to the birth of data regulations such as the EU General Data Protection Regulation (GDPR) and similar laws in the US. Complying with these regulations is a must for ...

Comments

Information & Contributors

Information

Published In

cover image Telematics and Informatics

Telematics and Informatics Volume 34, Issue 4

July 2017

320 pages

ISSN:0736-5853

Issue’s Table of Contents

Copyright © Elsevier Ltd.

Publisher

Pergamon Press, Inc.

United States

Publication History

Published: 01 July 2017

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jasimuddin SXia HZhang JXu CLi X(2024)The Influence of Readability of Financial App Privacy Policy on Enterprise PerformanceJournal of Database Management10.4018/JDM.36199935:1(1-16)Online publication date: 7-Jan-2024
https://dl.acm.org/doi/10.4018/JDM.361999
Ali RDominic P(2024)Investigation of information security policy violations among oil and gas employeesJournal of Information Science10.1177/0165551522108768050:1(254-272)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1177/01655515221087680
Javed YSajid A(2024)A Systematic Review of Privacy Policy LiteratureACM Computing Surveys10.1145/369839357:2(1-43)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1145/3698393
Prasetyoningsih NIsmail Nawang NPutri WAmirullah M(2024)Legal Protection for the Personal Data in Indonesia and MalaysiaHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_11(161-169)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-61379-1_11
Vinayaga-Sureshkanth NWijewickrama RMaiti AJadliwala MJadliwala MKim YDmitrienko A(2022)An Investigative Study on the Privacy Implications of Mobile E-scooter Rental AppsProceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3507657.3528551(125-139)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3507657.3528551
Mutimukwe CKolkowska EGrönlund Å(2019)Information privacy practices in e‐government in an African least developing country, RwandaThe Electronic Journal of Information Systems in Developing Countries10.1002/isd2.1207485:2Online publication date: 12-Mar-2019
https://dl.acm.org/doi/10.1002/isd2.12074

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents