Why and How Do Employees Break and Bend Confidential Information Protection Rules?

type="main"> Organizations cannot function effectively if their employees do not follow organizational rules and policies. In this paper, we explore why and how employees in two high-tech organizations often broke or bent rules designed to protect their employers' confidential information (CI). The CI protection rules sometimes imposed requirements that disrupted employees' work, forcing employees to choose between CI rule compliance and doing their work effectively and efficiently. Employees in these situations often broke the rules or bent them in ways that enabled employees to meet some of the rules' requirements, while also satisfying other expectations that they faced. We discuss implications of our findings for practice and for future organizational scholarship on rule following.

[1]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[2]  M. Leiblein,et al.  How Firms Capture Value From Their Innovations , 2013 .

[3]  Tom R. Tyler,et al.  Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings , 2005 .

[4]  J. Liebeskind,et al.  Knowledge, Strategy, and the Theory of the Firm , 1996 .

[5]  David R. Hannah An Examination of the Factors that Influence Whether Newcomers Protect or Share Secrets of Their Former Employers , 2007 .

[6]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[7]  M. Healy,et al.  The Establishment and Enforcement of Codes , 2002 .

[8]  John E. Prescott,et al.  THE GLOBAL ACQUISITION, LEVERAGE, AND PROTECTION OF TECHNOLOGICAL COMPETENCIES , 2004 .

[9]  A. Cross,et al.  The management and security of trade secrets: an exploratory study , 2009 .

[10]  Chris J. Sablynski,et al.  Qualitative Research in Organizational and Vocational Psychology, 1979–1999 , 1999 .

[11]  J. H. Dyer,et al.  Creating and managing a high‐performance knowledge‐sharing network: the Toyota case , 2000 .

[12]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[13]  Yongsuk Kim Adhoc Inter-organizational Collaboration: Safeguards for Balancing Sharing and Protection of Knowledge , 2008 .

[14]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[15]  K. Kuperan,et al.  A socio‐economic theory of regulatory compliance , 1999 .

[16]  R. Bennett,et al.  A TYPOLOGY OF DEVIANT WORKPLACE BEHAVIORS: A MULTIDIMENSIONAL SCALING STUDY , 1995 .

[17]  David R. Hannah Keeping trade secrets secret , 2006 .

[18]  Neal Schmitt,et al.  Configurations of Organizational Effectiveness and Efficiency , 1993 .

[19]  Pamela Jordan Basics of qualitative research: Grounded theory procedures and techniques , 1994 .

[20]  Alfred Kieser,et al.  The Complexity of Rule Systems, Experience and Organizational Learning , 2003 .

[21]  Kim Loyens Rule bending by morally disengaged detectives: an ethnographic study , 2014 .

[22]  Katharina Burger,et al.  Organizations Rational Natural And Open Systems , 2016 .

[23]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[24]  Jeffrey R Frost,et al.  Armed, and Dangerous (?): Motivating Rule Adherence Among Agents of Social Control. , 2007 .

[25]  Anna De Fina,et al.  The ethnographic interview , 2019, The Routledge Handbook of Linguistic Ethnography.

[26]  Thomas W. Lee,et al.  Using Qualitative Methods in Organizational Research , 1998 .

[27]  P. Hurmelinna-Laukkanen,et al.  Nature and Dynamics of Appropriability: Strategies for Appropriating Returns on Innovation , 2007 .

[28]  S. Jackson,et al.  A meta-analysis and conceptual critique of research on role ambiguity and role conflict in work settings , 1985 .

[29]  Sissela Bok,et al.  Secrets: On the Ethics of Concealment and Revelation , 1982 .

[30]  Ronald L. Dufresne,et al.  On the Virtues of Secrecy in Organizations , 2008 .

[31]  R. Zolin,et al.  Rule-Bending: Can Prudential Judgment Affect Rule Compliance and Values in the Workplace? , 2007 .

[32]  A. Hale,et al.  Working to rule, or working safely? Part 1: A state of the art review , 2013 .

[33]  Mark C. Suchman Managing Legitimacy: Strategic and Institutional Approaches , 1995 .

[34]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[35]  Corrine Glesne,et al.  Becoming Qualitative Researchers: An Introduction , 1991 .

[36]  P. Adler,et al.  Two Types of Bureaucracy: Enabling and Coercive , 1996 .

[37]  A. King Disentangling Interfirm and Intrafirm Causal Ambiguity: A Conceptual Model of Causal Ambiguity and Sustainable Competitive Advantage , 2007 .

[38]  D. Buchanan Case Studies in Organizational Research , 2012 .

[39]  T. MacLean Thick as Thieves: A Social Embeddedness Model of Rule Breaking in Organizations , 2001 .

[40]  Thomas W. Lee,et al.  Qualitative Research in Management: A Decade of Progress , 2011 .

[41]  J. Sutinen,et al.  Measuring and explaining noncompliance in federally managed fisheries , 1990 .

[42]  Hans-Joachim Mosler,et al.  Psychological Factors Determining Individual Compliance with Rules for Common Pool Resource Management: The Case of a Cuban Community Sharing a Solar Energy System , 2007 .

[43]  Robert K. Merton,et al.  Bureaucratic Structure and Personality , 1940 .

[44]  David W. Lehman,et al.  Selectivity in Organizational Rule Violations , 2009 .

[45]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[46]  David R. Hannah,et al.  Counting in Qualitative Research: Why to Conduct it, When to Avoid it, and When to Closet it , 2011 .

[47]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[48]  J. Liebeskind,et al.  Keeping Organizational Secrets: Protective Institutional Mechanisms and their Costs , 1997 .

[49]  David R. Hannah Should I Keep a Secret? The Effects of Trade Secret Protection Procedures on Employees' Obligations to Protect Trade Secrets , 2005, Organ. Sci..

[50]  Yufei Yuan,et al.  The effects of multilevel sanctions on information security violations: A mediating model , 2012, Inf. Manag..

[51]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[52]  Melissa M. Appleyard,et al.  HOW DOES KNOWLEDGE FLOW? INTERFIRM PATTERNS IN THE SEMICONDUCTOR INDUSTRY , 1996 .

[53]  S. Gezelius Food, Money, and Morals: Compliance Among Natural Resource Harvesters , 2004 .

[54]  Peter A. Bamberger,et al.  Work‐home conflict among nurses and engineers: Mediating the impact of role stress on burnout and satisfaction at work , 1991 .

[55]  Pia Hurmelinna-Laukkanen,et al.  The availability, strength and efficiency of appropriability mechanisms - protecting investments in knowledge creation , 2009, Int. J. Technol. Manag..

[56]  R. Brandt Punished by Rewards , 1995 .