Taking Stock of Organisations’ Protection of Privacy: Categorising and Assessing Threats to Personally Identifiable Information in the USA

20 Pages Posted: 24 Aug 2018

See all articles by Clay Posey

Clay Posey

University of Central Florida

Uzma Raja

Comsats University Islamabad

Robert Crossler

Washington State University - Department of Management, Information Systems, and Entrepreneurship (MISE)

A. Burns

University of Texas at Tyler

Date Written: August 2017

Abstract

Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblood of many firms across the globe. As organisations accumulate their constituencies’ PII (e.g. customers’, students’, patients’, and employees’ data), individuals’ privacy will depend on the adequacy of organisations’ information privacy safeguards. Despite existing protections, many breaches still occur. For example, US organisations reported around 4,500 PII-breach events between 2005 and 2015. With such a high number of breaches, determining all threats to PII within organisations proves a burdensome task. In light of this difficulty, we utilise text-mining and cluster analysis techniques to create a taxonomy of various organisational PII breaches, which will help drive targeted research towards organisational PII protection. From an organisational systematics perspective, our classification system provides a foundation to explain the diversity among the myriad of threats. We identify eight major PII-breach types and provide initial literature reviews for each type of breach. We detail how US organisations differ regarding their exposure to these breaches, as well as how the level of severity (i.e. number of records affected) differs among these PII breaches. Finally, we offer several paths for future research.

Keywords: personally identifiable information (PII), breach analysis, taxonomy development, privacy, confidentiality

Suggested Citation

Posey, Clay and Raja, Uzma and Crossler, Robert and Burns, A., Taking Stock of Organisations’ Protection of Privacy: Categorising and Assessing Threats to Personally Identifiable Information in the USA (August 2017). European Journal of Information Systems, Vol. 26, Issue 6, 2017. Available at SSRN: https://ssrn.com/abstract=3237962 or http://dx.doi.org/10.1057/s41303-017-0065-y

Clay Posey (Contact Author)

University of Central Florida ( email )

4000 Central Florida Blvd
Orlando, FL 32816-1400
United States

Uzma Raja

Comsats University Islamabad ( email )

Park Road
Chak Shahzad
Abbotabad, 22010
Pakistan

Robert Crossler

Washington State University - Department of Management, Information Systems, and Entrepreneurship (MISE) ( email )

Todd Hall 442
PO Box 644743
Pullman, WA 99164-4743
United States

A. Burns

University of Texas at Tyler

Tyler, TX
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
1
Abstract Views
60
PlumX Metrics