Privacy Enhancing Technologies implementation: An investigation of its impact on work processes and employee perception

Abstract With increasing consumer awareness towards information privacy and government-enforced regulations on data protection, organizations are implementing Privacy Enhancing Technologies (PETs) to provide systematic protection on consumers’ personal data. Current PETs literature focused mostly on the design and implementation of the technology without touching on its impact. Implementation literature has also examined the effects of various technologies on changes in work processes and employee perception but has yet to explore that of PETs. Therefore, the objective of this study is to understand the effects of PETs implementation on employees’ work processes as well as their perception towards the implementation. In-depth interview data was collected from three groups of affected employees belonging to one large mobile telecommunications company. Results show that PETs affected workload, communication level and data access, which led to different levels of changes depending on the nature of the work. The employees perceived PETs as useful. However, they perceived the company as not being properly prepared for the implementation, and also raised concerns on vendor accountability and the sustainability of the PETs. Our findings have implications for organizations planning to implement PETs.

[1]  David Kotz,et al.  Privacy in mobile technology for personal healthcare , 2012, CSUR.

[2]  Benjamin C. M. Fung,et al.  Privacy-preserving trajectory stream publishing , 2014, Data Knowl. Eng..

[3]  Merrill Warkentin,et al.  An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric , 2015, MIS Q..

[4]  Andrew R.J. Dainty,et al.  The effects of new technology adoption on employee skills in the prosthetics profession , 2008 .

[5]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[6]  Rey LeClerc,et al.  Customer Information: Protecting the Organization’s Most Critical Asset from Misappropriation and Identity Theft , 2006 .

[7]  J. Nel,et al.  Exploring the impact of information and communication technology on employees’ work and personal lives , 2016 .

[8]  Xian Wang,et al.  An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks , 2015, Inf. Sci..

[9]  Siew Fan Wong,et al.  Impact of employees' demographic characteristics on the awareness and compliance of information security policy in organizations , 2018, Telematics Informatics.

[10]  Siew Fan Wong,et al.  Confirming the effect of Demographic characteristics on Information Privacy Concerns , 2016, PACIS.

[11]  Lars Edgren,et al.  PACS influence the radiographer's work , 2009 .

[12]  Inga M. Zadvinskis,et al.  Nurses’ Experience With Health Information Technology: Longitudinal Qualitative Study , 2018, JMIR medical informatics.

[13]  Tiago Oliveira,et al.  Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors , 2014, Inf. Manag..

[14]  Bahareh Akhbari,et al.  Untraceable RFID authentication protocols for EPC compliant tags , 2015, 2015 23rd Iranian Conference on Electrical Engineering.

[15]  Kenneth S. Rogerson,et al.  Policies for online privacy in the United States and the European Union , 2002, Telematics Informatics.

[16]  Yi-Shun Wang,et al.  Factors affecting hotels' adoption of mobile reservation systems: A technology-organization-environment framework , 2016 .

[17]  Jeff K. Stratman,et al.  The impact of enterprise systems on corporate performance: A study of ERP, SCM, and CRM system implementations , 2007 .

[18]  Lian Li,et al.  Composite sensor model and security agent to improve privacy of ubiquitous computing , 2008, 2008 First IEEE International Conference on Ubi-Media Computing.

[19]  G. Pisano,et al.  Disrupted Routines: Team Learning and New Technology Implementation in Hospitals , 2001 .

[20]  S. Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[21]  Catuscia Palamidessi,et al.  A Predictive Differentially-Private Mechanism for Mobility Traces , 2013, Privacy Enhancing Technologies.

[22]  Guo Chao Alex Peng,et al.  Cloud Erp: A New Dilemma to Modern Organisations? , 2014, J. Comput. Inf. Syst..

[23]  B MilesMatthew,et al.  Qualitative Data Analysis , 2018, Approaches and Processes of Social Science Research.

[24]  Ian Goldberg,et al.  Making a Nymbler Nymble Using VERBS , 2010, Privacy Enhancing Technologies.

[25]  Donald R. Jones,et al.  Contained nomadic information environments: Technology, organization, and environment influences on adoption of hospital RFID patient tracking , 2014, Inf. Manag..

[26]  Bofeng Zhang,et al.  Comparison of Several Cloud Computing Platforms , 2009, 2009 Second International Symposium on Information Science and Engineering.

[27]  Jinshu Su,et al.  A privacy preserving authentication scheme with flexible identity revocation in people-centric sensing , 2013, Math. Comput. Model..

[28]  George Danezis,et al.  DP5: A Private Presence Service , 2015, Proc. Priv. Enhancing Technol..

[29]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[30]  Nahid Shahmehri,et al.  Privacy, Security and Trust in Cloud Computing: The Perspective of the Telecommunication Industry , 2012, 2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing.

[31]  Nasriah Zakaria,et al.  Understanding Technology and People Issues in Hospital Information System (HIS) Adoption: Case study of a tertiary hospital in Malaysia. , 2016, Journal of infection and public health.

[32]  Emiliano De Cristofaro,et al.  Do I know you?: efficient and privacy-preserving common friend-finder protocols and applications , 2013, ACSAC.

[33]  Derek E. Bambauer Privacy Versus Security , 2013 .

[34]  Christian Fernando Libaque Saenz,et al.  The role of privacy policy on consumers' perceived privacy , 2018, Gov. Inf. Q..

[35]  Siew Fan Wong,et al.  Compliance to personal data protection principles: A study of how organizations frame privacy policy notices , 2017, Telematics Informatics.

[36]  A. Cavoukian,et al.  Privacy by Design: essential for organizational accountability and strong business practices , 2010 .

[37]  Ravi Seethamraju,et al.  Adoption of Software as a Service (SaaS) Enterprise Resource Planning (ERP) Systems in Small and Medium Sized Enterprises (SMEs) , 2014, Information Systems Frontiers.

[38]  Jiří Jaromír Klemeš,et al.  Sustainable enterprise resource planning: imperatives and research directions , 2014 .

[39]  B. Balamurugan,et al.  Enhanced Attribute Based Encryption for Cloud Computing , 2015 .

[40]  Rolf H. Weber,et al.  The digital future - A challenge for privacy? , 2015, Comput. Law Secur. Rev..

[41]  Jean-Paul Van Belle,et al.  Management Issues with Cloud Computing , 2013, ICCC.

[42]  Rolf H. Weber,et al.  Internet of things: Privacy issues revisited , 2015, Comput. Law Secur. Rev..

[43]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[45]  Jiri Hosek,et al.  On perspective of security and privacy-preserving solutions in the internet of things , 2016, Comput. Networks.

[46]  Prabhat Kumar,et al.  Source Location Privacy Using Fake Source and Phantom Routing (FSAPR) Technique in Wireless Sensor Networks , 2015 .

[47]  Costas Lambrinoudakis,et al.  Technical guidelines for enhancing privacy and data protection in modern electronic medical environments , 2005, IEEE Transactions on Information Technology in Biomedicine.

[48]  P. Hustinx Privacy by design: delivering the promises , 2010 .

[49]  Robert K. Yin,et al.  Case Study Research and Applications: Design and Methods , 2017 .

[50]  Paal E. Engelstad,et al.  An Internal/Insider Threat Score for Data Loss Prevention and Detection , 2017, IWSPA@CODASPY.

[51]  Hao Chen,et al.  AnDarwin: Scalable Detection of Semantically Similar Android Applications , 2013, ESORICS.

[52]  Zhen Ling,et al.  Privacy Enhancing Keyboard: Design, Implementation, and Usability Testing , 2017, Wirel. Commun. Mob. Comput..

[53]  S. Elaluf-Calderwood,et al.  Innovation and adoption of mobile technology in public organizations: the IBGE case , 2011 .

[54]  Ian Goldberg,et al.  The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency , 2014, Privacy Enhancing Technologies.

[55]  Naihua Duan,et al.  Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method Implementation Research , 2015, Administration and Policy in Mental Health and Mental Health Services Research.

[56]  Johan A. Pouwelse,et al.  The fifteen year struggle of decentralizing privacy-enhancing technology , 2014, ArXiv.

[57]  Hwangnam Kim,et al.  Preserving privacy and efficiency in data communication and aggregation for AMI network , 2016, J. Netw. Comput. Appl..

[58]  Bernhard Plattner,et al.  Operating room coordination with the eWhiteboard: the fine line between successful and challenged technology adoption , 2011 .

[59]  Peter Schaar,et al.  Privacy by Design , 2010 .

[60]  Jamalul-lail Ab Manan,et al.  Privacy-Enhanced Trusted Location Based Services (PE-TLBS) framework based on Direct Anonymous Attestation (DAA) protocol , 2010, 2010 International Conference on Computer Applications and Industrial Electronics.

[61]  Deborah E. White,et al.  Thematic Analysis , 2017 .

[62]  J. Efrim Boritz,et al.  E-Commerce and Privacy: Exploring What We Know and Opportunities for Future Discovery , 2011, J. Inf. Syst..

[63]  K. Lancaster Confidentiality, anonymity and power relations in elite interviewing: conducting qualitative policy research in a politicised domain , 2017 .

[64]  Gerhard Steinke,et al.  Data privacy approaches from US and EU perspectives , 2002, Telematics Informatics.

[65]  Vaidy S. Sunderam,et al.  Predict: Privacy and Security Enhancing Dynamic Information Collection and Monitoring , 2013, ICCS.

[66]  Ali Tarhini,et al.  Antecedents of ERP systems implementation success: a study on Jordanian healthcare sector , 2016, J. Enterp. Inf. Manag..

[67]  Anna Romanou,et al.  The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise , 2017, Comput. Law Secur. Rev..

[68]  Christian Fernando Libaque Saenz,et al.  Unveiling the coverage patterns of newspapers on the personal data protection act , 2017, Gov. Inf. Q..

[69]  I. Rubinstein Regulating Privacy by Design , 2011 .