The influence of the informal social learning environment on information privacy policy compliance efficacy and intention

Abstract

Throughout the world, sensitive personal information is now protected by regulatory requirements that have translated into significant new compliance oversight responsibilities for IT managers who have a legal mandate to ensure that individual employees are adequately prepared and motivated to observe policies and procedures designed to ensure compliance. This research project investigates the antecedents of information privacy policy compliance efficacy by individuals. Using Health Insurance Portability and Accountability Act compliance within the healthcare industry as a practical proxy for general organizational privacy policy compliance, the results of this survey of 234 healthcare professionals indicate that certain social conditions within the organizational setting (referred to as external cues and comprising situational support, verbal persuasion, and vicarious experience) contribute to an informal learning process. This process is distinct from the formal compliance training procedures and is shown to influence employee perceptions of efficacy to engage in compliance activities, which contributes to behavioural intention to comply with information privacy policies. Implications for managers and researchers are discussed.

Keywords:

• external cues
• privacy
• learning
• situational support
• verbal persuasion
• vicarious experience

Additional information

Notes on contributors

Merrill Warkentin

About the authors

Dr. Merrill Warkentin is a Professor of MIS in the College of Business at Mississippi State University. He has published several books and over 150 research manuscripts, primarily focusing on computer security management, eCommerce, and virtual collaborative teams, in edited books, Proceedings, and in leading academic journals such as MIS Quarterly, European Journal of Information Systems, Decision Sciences, Decision Support Systems, Information Systems Journal, Communications of the ACM, Communications of the AIS, Information Resources Management Journal, Journal of Organizational and End User Computing, Journal of Global Information Management, and the DATA BASE for Advances in Information Systems. He is an Associate Editor for European Journal of Information Systems, the MIS Quarterly Special Issue on Security, Information Resources Management Journal, and the Journal of Information Systems Security. In 2009, he was the Co-Guest Editor of the European Journal of Information Systems Special Issue on Security. He has chaired several global conferences on computer security, including the pre-ICIS Workshop on Information Security and Privacy (WISP) and the IFIP Workshop on Information Security. He is the Vice Chair of IFIP Working Group 8.11/11.13 on Information Systems Security Research. Dr. Warkentin has also served as a consultant to numerous organizations and has served as National Distinguished Lecturer for the Association for Computing Machinery (ACM). His Ph.D. in MIS is from the University of Nebraska-Lincoln.

Allen C Johnston

Dr. Allen C. Johnston is an Assistant Professor in the School of Business at the University of Alabama at Birmingham. He holds a BS from Louisiana State University in Electrical Engineering as well as an MSIS and Ph.D. in Information Systems from Mississippi State University. He has conducted research across several fronts in the area of information systems including e-commerce trust, technology adoption and diffusion, biometric systems, information technology governance, and intelligent agent design. However, the primary focus of his research has been in the area of information assurance and computer security, with a specific concentration on the behavioral aspects of information security and privacy. Johnston has over 30 articles published in journals, scholarly texts, as well as international, national, and regional conference proceedings. His works can be found in such outlets as MIS Quarterly, Communications of the ACM, Journal of Global Information Management, Journal of Organizational and End User Computing, Journal of Information Privacy and Security, and DATA BASE for Advances in Information Systems. He has also served as guest speaker and provided consultation services to numerous entities including Regions Financial Corporation, ISACA, the Birmingham Chapter of the Institute of Management Accountants, and the National Decision Sciences Institute.

Jordan Shropshire

Dr. Jordan Shropshire is an Assistant Professor of IT at Georgia Southern University. His research interests include behavioral and technical aspects of information security, IT disaster recovery, technology diffusion, and measurement issues. His Ph.D. in information security is from Mississippi State University, and his undergraduate degree in business is from the University of Florida. His work has been published in several journals, including Journal of Computer Information Systems, Behavior and Information Technology, Journal of Information Technology Management, Journal of Internet Banking and Commerce, and Information Management & Computer Security.