References
- Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. Proceedings of the 5th ACM Electronic Commerce Conference, 21–29.
- Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security & Privacy, 3(1), 26–33.
- Alderman, E., & Kennedy, C. (1997). The right to privacy. New York, NY: Vintage Books.
- Altman, I. (1975). The environment and social behavior: Privacy personal space, territory, and crowding. Monterey, CA: Brooks/Cole Publishing.
- Anderson, C. L., & Agarwal, R. (2011). The digitization of healthcare: Boundary risks, emotion, and consumer willingness to disclose personal health information. Information Systems Research, 22(3), 469–490.
- Angst, C. M., & Agarwal, R. (2009). Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly, 33(2), 339–370.
- Awad, N. F., & Krishnan, M. S. (2006). The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled for online personalization. MIS Quarterly, 30(1), 13–28.
- Baker, W. H., Hylender, C. D., & Valentine, J. A. (2008). 2008 data breach investigations report. Retrieved from http://verizonbusiness.com/resources/security/databreachreport.pdf; accessed June 30, 2008.
- Bansal, G., Zahedi, F. M., & Gefen, D. (2010). The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems, 49, 138–150.
- Belanger, F., & Crossler, R. E. (2011). Privacy in the digital age: A review of information privacy research in information systems. MIS Quarterly, 35(4), 1017–1041.
- Belanger, F., Hiller, J. S., & Smith, W. J. (2002). Trustworthiness in electronic commerce: The role of privacy, security, and site attributes. Journal of Strategic Information Systems, 11, 245–270.
- Brotby, K. (2009). Information security governance a development and implementation approach. Hoboken, New Jersey: John Wiley & Sons Inc.
- Brown, R. (2012). Hacking of tax records puts states on guard. Available at: <http://www.governing.com/news/state/Hacking-of-South-Carolinaa-Tax-Records-Has-Put-States-on-Guard.html> [Accessed 20 October 2015].
- Caudill, E. M., & Murphy, P. E. (2000). Consumer online privacy: Legal and ethical issues. Journal of Public Policy & Marketing, 19(1), 7–19.
- Cohn, M. (2012). S.C. Governor urges encryption of taxpayer information after data breach. Available at: <http://www.accountingtoday.com/news/SC-Governor-Urges-Encryption-Taxpayer-Information-Data-Breach-64758-1.html> [Accessed 20 October 2015].
- Colquitt, J. A., Scott, B. A., & LePine, J. A. (2007). Trust, trustworthiness, and trust propensity: A meta-analytical test of their unique relationships with risk taking and job performance. Journal of Applied Psychology, 92, 909–929.
- Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104–115.
- Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: Lessons from the ChoicePoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.
- DeGeorge, R. T. (2006). The ethics of information technology and business. Oxford, UK: Blackwell Publishing Ltd.
- Dinev, T., Bellotto, M.,Hart, P.,Russo, V.,Serra, I., &Colautti, C. (2006). Privacy calculus model in ecommerce – a study of Italy and the United States. European Journal of Information Systems, 15, 389–402.
- Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.
- Dugan, K. (2017). Equifax CEO: Execs failed to act on Homeland Security warning. Available at: <https://nypost.com/2017/10/02/equifax-ceo-execs-failed-to-act-on-homeland-security-warning/> [Accessed 1 December 2017].
- Federal Trade Commission. (2006). ChoicePoint settles data security breach charges; to pay $10 million in civil penalties, $5 million for consumer redress. Retrieved from https://www.ftc.gov/news-events/press-releases/2006/01/choicepoint-settles-data-security-breach-charges-pay-10-million.
- Gray, J. M., & Tejay, G. (2014). Development of virtue ethics based security constructs for information systems trusted workers. In: Proceedings of the 9th International Conference on Cyber Warfare and Security (ICCWS-2014), West Lafayette, IN, USA.
- Greenaway, K. E., & Chan, Y. E. (2005). Theoretical explanations of firms’ information privacy behaviors. Journal of the Association for Information Systems, (6)(6), 171–198.
- Hsu, C. W. (2006). Privacy concerns, privacy practices and web site categories. Online Information Review, 30(5), 569–585.
- Johnson, C. (2017). Equifax data breach: Credit agency loses $7.2 million contract with IRS. Available at http://clark.com/personal-finance-credit/equifax-data-breach-credit-agency-loses-7-2-million-contract-with-irs/> [Accessed on 1 December 2017].
- Korsgaard, C. (1985). Kant’s formula of universal law. Pacific Philosophical Quarterly, 66, 24–47.
- Largen, S. 2012. S.C. Department of Revenue didn’t use state cyber security system. Available at: <http://postandcourier.com/apps/pbcs.dll/article?AID=/20121102/PC16/121109832/1165/sc-department-of-revenue-didn-t-use-state-cyber-security-system&template=printart> [Accessed 20 October 2015].
- Litan, A. (2006). Case study: ChoicePoint incident leads to improved security, others must follow. Stamford, CT: Gartner Research. Retrieved from https://www.gartner.com/doc/496516/case-study-choicepoint-incident-leads.
- Liu, C., & Arnett, K. P. (2002). Raising a red flag on global WWW privacy policies. The Journal of Computer Information Systems, 43(1), 117–127.
- Loy, S. L., Brown, S., & Tabibzadeh, K. (2014). South Carolina Department of Revenue: Mother of government dysfunction. Journal of the International Academy for Case Studies, 20(1), 83–93.
- Madden, M., Fox, S., Smith, A., & Vitak, J. (2007). Digital footprints:Online identity management and search in the age of transparency. PEW research center. Retrieved from http://www.pewinternet.org/files/old-media/Files/Reports/2007/PIP_Digital_Footprints.pdf.pdf
- Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.
- Mandiant 2012. South Carolina department of revenue public incident response report. Available at: http://governor.sc.gov/Documents/MANDIANT%20Public%20IR%20Report%20-%20Department%20of%20Revenue%20-%2011%2020%202012.pdf [Accessed 20 October 2015].
- Mason, R. O. (1986). Four ethical issues in the information age. MIS Quarterly, 10, 5–12.
- McWilliams, A., & Siegal, D. (2001). Corporate social responsibility: A theory of firm perspective. The Academy of Management Review, 26(1), 117–127.
- Pavlou, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective. MIS Quarterly, 31(1), 105–136.
- Peslak, A. R. (2006). Internet privacy policies of the largest international companies. Journal of Electronic Commerce in Organizations, 4(3), 46–62.
- Privacy Rights Clearinghouse (2017). Chronology of data breaches. Available at: https://www.privacyrights.org/data-breach/new?title=&page=2 [Accessed 1 December 2017].
- Ragan, S. (2017). Equifax says website vulnerability exposed 143 million US consumers. Available at: https://www.csoonline.com/article/3223229/security/equifax-says-website-vulnerability-exposed-143-million-us-consumers.html [Accessed 1 December 2017].
- Rose, E. A. (2006). An examination of the concern for information privacy in the New Zealand regulatory context. Information & Management, 43(3), 322–335.
- Schwaig, K. S., Kane, G. C., & Storey, V. C. (2006). Compliance to the fair information practices: How are the fortune 500 handling online privacy disclosures? Information & Management, 43, 805–820.
- Scipiono, J. (2017). Equifax hack: A timeline of events. Available at: < http://www.foxbusiness.com/features/2017/09/14/equifax-hack-timeline-events.html> [Accessed 1 December 2017].
- Shain, A. (2013). Acting head: Computer security ‘non-negotiable’ at hacked agency. Available at: http://www.thestate.com/2013/01/23/2601585/acting-head-security-non-negotiable.html#.URah9aVX0rU [Accessed 20 October 2015].
- Siponen, M., & Iivari, J. (2006). Six design theories for IS security policies and guidelines. Journal of the Association for Information Systems, 7(7), 445–472.
- Smith, H. J. (1993). Privacy policies and practices: Inside the organizational maze. Communications of the ACM, 36(12), 105–122.
- Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review. MIS Quarterly, 35(4), 989–1015.
- Solove, D. J. (2006). A taxonomy of privacy. University of Pennyslvania Law Review, 15(3), 477–564.
- Solove, D. J. (2007). ‘I’ve got nothing to hide’ and other misunderstandings of privacy. San Diego Law Review, 44, 745–772.
- South Carolina Department of Revenue 2015. History. Available at: https://dor.sc.gov/about/history [Accessed 20 October 2015].
- Tejay, G. P. (2008). Shaping strategic information systems security initiatives in organizations. Ph.D. Virginia Commonwealth University.
- Van Slyke, C., Shim, J. T., Johnson, R., & Jiang, J. (2006). Concern for information privacy and online consumer purchasing. Journal of the Association for Information Systems, 7(6), 415–444.
- Warren, S. D., & Brandeis, D. L. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.
- Westin, A. F. (1967). Privacy and freedom. New York, NY: Atheneum Publishers.
- Xu, H., Teo, H. H., Tan, B. C. Y., & Agarwal, R. (2010). The role of push-pull technology in privacy calculus: The case of location-based services. Journal of Management Information Systems, 26(3), 135–173.