Understanding developers’ privacy and security mindsets via climate theory

Arizon-Peretz, Renana; Hadar, Irit; Luria, Gil; Sherman, Sofia

doi:10.1007/s10664-021-09995-z

Cited by 14 publications

(35 citation statements)

References 76 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most research is concentrated in computer science and information systems venues, with a significant decrease in other areas, such as management and organisational sciences. [72], [73], [74], [67], [68], [40], [75], [66], [11], [61], [58], [43], [13], [76], [70], [57], [77], [12], [65], [64], [78], [63], [10], [69], [79], […”

Section: ) Authors Countries and Affiliationsmentioning

confidence: 99%

“…al. (2021) [12] proposes using organisational climate theory for attaining a better understanding of developers' privacy perceptions and behaviours and the underlying forces. Another research aim is to discover the constructs that compose organisational privacy and security climates.…”

Section: ) Core Researchmentioning

confidence: 99%

“…• The ten Australian national privacy principles mentioned in [83], i.e., data collection, use and disclosure, data quality, data security, openness, access and correction, identifiers, anonymity, trans-border data flows, sensitive information; • The Organisation for Economic Co-operation and Development (OECD) guidelines mentioned in [10], i.e., collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, accountability; and, • The Fair Information Practice Principles (FIPPs) mentioned in [11], [12], i.e., notice, consent, data minimisation, purpose specification, confidentiality, data security, access, rectification.…”

Section: ) Core Researchmentioning

confidence: 99%

“…For instance, writing privacy policies, appointing data protection officers, performing privacy impact assessments, or adopting privacy-by-design methodologies. However, recent research proposes that the adoption of such privacy practices is strongly influenced by an organisation's culture and climate and how employees perceive and address privacy concerns in working systems [10]- [12]. These studies also stress the role of leaders and senior management in setting a culture of privacy in organisations [11]- [13].…”

Section: Introductionmentioning

confidence: 99%

“…Given that, researchers are starting to use terms such as information protection culture [10], organisational privacy climate [11], [12], and organisational privacy culture [13] to refer to this hybrid emerging topic between areas of (a) Organisational Culture and Climate and (b) Information Privacy. However, the theory behind Organisational Privacy Culture and Climate (OPCC) remains poorly demarcated, pointing to a significant research gap for both scholars and practitioners.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Organisational Privacy Culture and Climate: A Scoping Review

Iwaya

Fischer‐Hübner

et al. 2022

IEEE Access

View full text Add to dashboard Cite

New regulations worldwide are increasingly pressing organisations to review how they collect and process personal data to ensure the protection of individual privacy rights. This organisational transformation involves implementing several privacy practices (e.g., privacy policies, governance frameworks, and privacy-by-design methods) across multiple departments. The literature points to a strong influence of the organisations' culture and climate in implementing such privacy practices, depending on how leaders and employees perceive and address privacy concerns. However, this new hybrid topic referred to as Organisational Privacy Culture and Climate (OPCC), remains poorly demarcated and weakly defined. In this paper, we report a Scoping Review (ScR) on the topic of OPCC to systematically identify and map studies, contributing with a synthesis of the existing work, distinguishing core and adjacent publications, research gaps, and pathways of future research. This ScR includes 36 studies categorised according to their demographics, research types, contribution types, research designs, proposed definitions, and conceptualisations. Also, 18 studies categorised as primary research were critically appraised, assessing the studies' methodological quality and credibility of the evidence. Although published research has significantly advanced the topic of OPCC, more research is still needed. Our findings show that the topic is still in its embryonic stage. The theory behind OPCC has not yet been fully articulated, even though some definitions have been independently proposed. Only one measuring instrument for privacy culture was identified, but it needs to be further developed in terms of identifying and analysing its factors, and evaluating its validity and reliability. Initiatives of future research in OPCC will require interdisciplinary research efforts and close cooperation with industry to further propose and rigorously evaluate instruments. Only then OPCC would be considered an evidence-based research topic that can be reliably used to evaluate, measure, and embed privacy in organisations.

show abstract