Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA

Biometric system for protecting information and improving service delivery: The case of a developing country's social security and pension organisation

The conception of biometric systems as a means of securing sensitive information and enhancing service delivery remains under-researched. To address this knowledge gap, we explore the case of a public-sector social security and pension organisation in Ghana using a qualitative interpretative study approach and the information security model of confidentiality-integrity-availability as an analytical lens. The study's findings indicate that integrating and using biometric identification and authentication as part of delivering social security and pension services can protect availability, confidentiality, and integrity of information. The findings further show that the use of a biometric system for social security and pension information security can contribute to reducing service turnaround time and vulnerability to fraudulent manipulation of benefits payments. The study provides implications for research, practice, and policy. For research, the paper opens up biometric systems’ study from the perspective of information security and service improvement. For practice and policy, the study demonstrates the importance of aligning biometric systems’ deployment and use with domain application requirements.

Personal data protection in the age of mass surveillance

We present a solution to data ownership in the surveillance age in the form of an ethically sustainable framework for managing personal and person-derived data. This framework is based on the concept of Datenherrschaft – mastery over data that all natural persons should have on data they themselves produce or is derived thereof. We give numerous examples and tie cases to robust ethical analysis, and also discuss technological dimensions.

An Update for Taxonomy Designers

Taxonomies are classification systems that help researchers conceptualize phenomena based on their dimensions and characteristics. To address the problem of ‘ad-hoc’ taxonomy building, Nickerson et al. (2013) proposed a rigorous taxonomy development method for information systems researchers. Eight years on, however, the status quo of taxonomy research shows that the application of this method lacks consistency and transparency and that further guidance on taxonomy evaluation is needed. To fill these gaps, this study (1) advances existing methodological guidance and (2) extends this guidance with regards to taxonomy evaluation. Informed by insights gained from an analysis of 164 taxonomy articles published in information systems outlets, this study presents an extended taxonomy design process together with 26 operational taxonomy design recommendations. Representing an update for taxonomy designers, it contributes to the prescriptive knowledge on taxonomy design and seeks to augment both rigorous taxonomy building and evaluation.

Organizational science and cybersecurity: abundant opportunities for research at the interface

Cybersecurity is an ever-present problem for organizations, but organizational science has barely begun to enter the arena of cybersecurity research. As a result, the "human factor" in cybersecurity research is much less studied than its technological counterpart. The current manuscript serves as an introduction and invitation to cybersecurity research by organizational scientists. We define cybersecurity, provide definitions of key cybersecurity constructs relevant to employee behavior, illuminate the unique opportunities available to organizational scientists in the cybersecurity arena (e.g., publication venues that reach new audiences, novel sources of external funding), and provide overall conceptual frameworks of the antecedents of employees' cybersecurity behavior. In so doing, we emphasize both end-users of cybersecurity in organizations and employees focused specifically on cybersecurity work. We provide an expansive agenda for future organizational science research on cybersecurity-and we describe the benefits such research can provide not only to cybersecurity but also to basic research in organizational science itself. We end by providing a list of potential objections to the proposed research along with our responses to these objections. It is our hope that the current manuscript will catalyze research at the interface of organizational science and cybersecurity.

From fighting COVID-19 pandemic to tackling sustainable development goals: An opportunity for responsible information systems research

The recent outbreak of the COVID-19 pandemic has posed a significant threat to the healthy lives and well-being of billions of people worldwide. As the world begins to open up from lockdowns and enters an unprecedented state of vulnerability, or what many have called "the new normal", it makes sense to reflect on what we have learned, revisit our fundamental assumptions, and start charting the way forward to contribute to building a sustainable world. In this essay, we argue that despite its significant damage to human lives and livelihoods, the coronavirus pandemic presents an excellent opportunity for the human family to act in solidarity and turn this crisis into an impetus to achieve the United Nation's (UN) Sustainable Development Goals (SDG). In this article, we will highlight the six relevant themes that have evolved during the pandemic and the corresponding topics that future researchers could focus on. We conclude by issuing a call for more research attention on tackling SDG through developing the concept and practice of digital sustainability.

Privacy-aware blockchain for personal data sharing and tracking

Secure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.