Taking Stock Of Organisations' Protection Of Privacy: Categorising And Assessing Threats To Personally Identifiable Information In The Usa

Creator

Clay Posey, University of Central Florida
Uzma Raja, Culverhouse College of Business
Robert E. Crossler, Carson College of Business
A. J. Burns, University of Texas at Tyler

Keywords

breach analysis; confidentiality; personally identifiable information (PII); privacy; taxonomy development

Abstract

Many organisations create, store, or purchase information that links individuals' identities to other data. Termed personally identifiable information (PII), this information has become the lifeblood of many firms across the globe. As organisations accumulate their constituencies' PII (e.g. customers', students', patients', and employees' data), individuals' privacy will depend on the adequacy of organisations' information privacy safeguards. Despite existing protections, many breaches still occur. For example, US organisations reported around 4,500 PII-breach events between 2005 and 2015. With such a high number of breaches, determining all threats to PII within organisations proves a burdensome task. In light of this difficulty, we utilise text-mining and cluster analysis techniques to create a taxonomy of various organisational PII breaches, which will help drive targeted research towards organisational PII protection. From an organisational systematics perspective, our classification system provides a foundation to explain the diversity among the myriad of threats. We identify eight major PII-breach types and provide initial literature reviews for each type of breach. We detail how US organisations differ regarding their exposure to these breaches, as well as how the level of severity (i.e. number of records affected) differs among these PII breaches. Finally, we offer several paths for future research.

Publication Date

11-1-2017

Publication Title

European Journal of Information Systems

Volume

26

Issue

6

Number of Pages

585-604

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1057/s41303-017-0065-y

Copyright Status

Unknown

Socpus ID

85027978705 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85027978705

STARS Citation

Posey, Clay; Raja, Uzma; Crossler, Robert E.; and Burns, A. J., "Taking Stock Of Organisations' Protection Of Privacy: Categorising And Assessing Threats To Personally Identifiable Information In The Usa" (2017). Scopus Export 2015-2019. 6030.
https://stars.library.ucf.edu/scopus2015/6030