The influence of the informal social learning environment on information privacy policy compliance efficacy and intention

European Journal of Information Systems

Volumn 20, Issue 3, 2011, Pages 267-284

  Warkentin, Merrill ^a   Johnston, Allen C ^b   Shropshire, Jordan ^c  

^a MISSISSIPPI STATE UNIVERSITY   (United States)

^b UNIVERSITY OF ALABAMA AT BIRMINGHAM   (United States)

^c GEORGIA SOUTHERN UNIVERSITY   (United States)

Author keywords

external cues; learning; privacy; situational support; verbal persuasion; vicarious experience

Indexed keywords

COMPUTER AIDED INSTRUCTION; DATA PRIVACY; HEALTH CARE; HEALTH INSURANCE; HUMAN RESOURCE MANAGEMENT; INFORMATION DISSEMINATION; MANAGERS; REGULATORY COMPLIANCE;

BEHAVIOURAL INTENTIONS; EXTERNAL CUES; HEALTH CARE PROFESSIONALS; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACTS; LEARNING; REGULATORY REQUIREMENTS; VERBAL PERSUASION; VICARIOUS EXPERIENCE;

PERSONNEL TRAINING;

EID: 79955622246     PISSN: 0960085X     EISSN: 14769344     Source Type: Journal    
DOI: 10.1057/ejis.2010.72     Document Type: Article

References (92)

1. ANDRICH D (1978) A rating formulation for ordered response categories. Pyschometirka 43(4), 561-573.
2. ANDERSON C and AGARWAL R (2010) Practicing safe computing: A multimethod empirical examination of home computer user security behavioural intentions. MIS Quarterly 34(3), 613-643.
3. ANDERSON RB (1995) Cognitive appraisal of performance capability in the prevention of drunken driving: A test of self-efficacy theory. Journal of Public Relations Research 7(3), 205-229.
4. BARON R and KENNY D (1986) The moderator-mediator variable distinction in social psychological research: Conceptual, strategic and statistical considerations. Journal of Personality and Social Psychology 51(1), 1173-1182.
5. BARCLAY L (1982) Social learning theory: A framework for discrimination research. Academy of Management Review 7(4), 587-594.
6. BANDURA A (1968) A social learning interpretation of psychological dysfunctions. In Foundations of Abnormal Psychology (LONGON D and ROSENHAM D, Eds), pp 293-344, Holt, Rinehart & Winston, New York, NY.
7. BANDURA A (1977) Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review 84(2), 191-215.
8. BANDURA A (1986) Social Foundations of Thought and Action. Prentice-Hall, Englewood Cliffs, NJ.
9. BANDURA A (1988) Organizational applications of social cognitive theory. Australian Journal of Management 13(2), 275.
10. BANDURA A and CERVONE D (1986) Differential engagement of selfreactive influences in cognitive motivation. Organizational Behavior & Human Decision Processes 38(1), 92-114.
11. BLOOM PN, MILNE GR and ADLER R (1994) Avoiding misuse of information technologies: Legal and societal considerations. Journal of Marketing 58(1), 98-110.
12. BOLLEN K (1989) Structural Equations with Latent Variables. Wiley, New York, NY.
13. BOSS SR, KIRSCH LJ, ANGERMEIER I, SHINGLER RA and BOSS RW (2009) If someone is watching, I'll do what I'm asked: Mandatoriness, control, and information security. European Journal of Information Systems 18(2), 151-164.
14. BULGURCU B, CAVUSOGLU H and BENBASAT I (2010) Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34(3), 523-548.
15. CARR J and SEQUEIRA J (2007) Prior family business exposure as intergenerational influence and entrepreneurial intent: A theory of planned behavior approach. Journal of Business Research 60(10), 1090-1098.
16. CENFETELLI R and BASSELIER G (2009) Interpretation of formative measurement in IS research. MIS Quarterly 33(4), 689-707.
17. CHIN W (1995) Partial least squares is to Lisrel as principal components analysis is to common factor analysis. Technology Studies 2, 315-319.
18. CHIN W (1998) The partial least squares approach to structural equation modelling. In Modern Methods for Business Research (MARCOULIDES G, Ed.), pp 295-336, Lawrence Erlbaum Associates, Mahwah, NJ.
19. COMPEAU D and HIGGINS CA. (1995) Computer self-efficacy: Development of a measure and initial test. MIS Quarterly 19(2), 189-211.
20. CRITTENDEN WF (2005) A social learning theory of cross-functional case education. Journal of Business Research 58(7), 960-966. (Pubitemid 40105905)
21. D'ARCY J, HOVAV A and GALETTA D (2009) User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20(1), 79-98.
22. DHILLON G (2001) Violation of safeguards by trusted personnel and understanding related information security concerns. Computers & Security 20(2), 165-173.
23. DIAMANTOPOULOS A and WINKLHOFER H (2001) Index construction with formative indicators: An alternative to scale development. Journal of Marketing Research 38(2), 269-277.
24. DINEV T, BELLOTTO M, HART P, RUSSO V, SERRA I and COLAUTTI C (2006) Privacy calculus model in e-commerce - a study of Italy and the Unites States. European Journal of Information Systems 15(4), 389-402. (Pubitemid 44494838)
25. FEDOROWICZ J and RAY A (2004) Impact of HIPAA on the integrity of healthcare information. International Journal of Healthcare Technology & Management 6(2), 142-157. (Pubitemid 39172502)
26. FISHBEIN M and AJZEN I (1975) Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Addison-Wesley, Reading, MA.
27. FISHBEIN M and CAPPELLA JN (2006) The role of theory in developing effective health communications. Journal of Communication 56(s1), s1-s17. (Pubitemid 44165213)
28. FORNELL C and BOOKSTEIN F (1982) Two structural equation models: LISREL and PLS applied to consumer exit-voice theory. Journal of Marketing Research 19, 440-452.
29. FURNELL S, GENNATOU M and DOWLAND P (2002) A prototype tool for information security awareness and training. Logistics Information Management 15(5/6), 352-357.
30. GEFEN D, STRAUB D and BOUDREAU M (2000) Structural equation modelling techniques and regression: Guidelines for research practice. Communications of AIS 7(7), 1-78.
31. GIST M and MITCHELL T (1992) Self-efficacy: A theoretical analysis of its determinants and malleability. Academy of Management Review 17(2), 183-211.
32. GOODHUE DL and STRAUB DW (1989) Security concerns of system users: A proposed study of user perceptions of the adequacy of security measures. In Proceedings of the 21st Hawaii International Conference on System Science (HICSS), Kona, HA, January.
33. GUPTA A (2008) Prescription for change. Wall Street Journal, 20 October.
34. HERATH T and RAO HR (2009) Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems 18(2), 106-125.
35. HILL T, SMITH N and MANN M (1986) Communicating innovations: Convincing computer phobics to adopt innovative technologies. In Advances in Consumer Research (LUTZ RJ, Ed.), pp 419-422, Association for Consumer Research, Provo, UT.
36. HILL T, SMITH N and MANN M (1987) Role of efficacy expectations in predicting the decision to use advanced technologies: The case of computers. Journal of Applied Psychology 72(2), 307-313.
37. HOFFER JA and STRAUB DW (1989) The 9 to 5 underground: Are you policing computer crimes? Sloan Management Review 30(4), 35-43.
38. HOROWITZ BT (2010) Data breaches cost health care industry $6 billion annually. eWeek Magazine, 10 November.
39. JARVIS C, MACKENZIE S, PODSAKOFF P and MICK D (2003) A critical review of construct indicators and measurement model misspecification in marketing and consumer research. Journal of Consumer Research 30(2), 199-218. (Pubitemid 37374305)
40. JOHNSTON AC and WARKENTIN M (2010) Fear appeals and information security behaviours: An empirical study. MIS Quarterly 34(3), 549-566.
41. KANFER R and ACKERMAN PL (1989) Motivation and cognitive abilities: An integrative/aptitude-treatment interaction approach to skill acquisition. Journal of Applied Psychology 74(4), 657-690.
42. KERLINGER F (1973) Foundations of Behavioral Research 2nd edn, Holt Reinhart & Winston, London, UK.
43. LANGENDERFER J and COOK DL (2004) Oh, what a tangled web we weave: The state of privacy protection in the information economy and recommendations for governance. Journal of Business Research 57(4), 734-747. (Pubitemid 38491772)
44. LEACH J (2003) Improving user security behaviour. Computers & Security 22(8), 685-692.
45. LACEY D (2009) Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers. John Wiley and Sons, New York.
46. LEE Y and LARSEN KR (2009) Threat or coping appraisal: Determinants of SMB executives' decision to adopt anti-malware software. European Journal of Information Systems 18(2), 177-187.
47. LOCH K, STRAUB D and KAMEL S (2003) Diffusing the internet in the Arab world: The role of social norms and technological culturation. IEEE Transactions on Engineering Management 50(1), 45-64.
48. MACKENZIE S, PODSAKOFF P and JARVIS C (2005) The problem of measurement model misspecification in behavioral and organizational research and some recommended solutions. Journal of Applied Psychology 90(4), 710-730. (Pubitemid 41304795)
49. MANZ CC and SIMS Jr. HP (1981) Vicarious learning: The influence of modeling on organizational behavior. Academy of Management Review 6(1), 105-113.
50. MARAKAS G, YI M and JOHNSON R (1998) The multilevel and multifaceted character of computer self-efficacy: Toward clarification of the construct and an integrative framework for research. Information Systems Research 9(2), 126-163.
51. MATHIEU JE, MARTINEAU JW and TANNENBAUM SI (1993) Individual and situational influences on the development of self-efficacy: Implications for training effectiveness. Personnel Psychology 46(1), 125-147.
52. MATHIEU JE, TANNENBAUM SI and SALAS E (1992) Influences of individual and situational characteristics on measures of training effectiveness. Academy of Management Journal 35(4), 828-847.
53. MERCURI RT (2004) The HIPAA-potamus in health care data security. Communications of the ACM 47(7), 25-28.
54. MYYRY L, SIPONEN M, PAHNILA S, VARTIAINEN T and VANCE A (2009) What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems 18(2), 126-139.
55. NUNNALLY JC and BERNSTEIN IH (1994) Psychometric Theory. McGraw-Hill, New York, NY.
56. PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees' behavior towards IS security policy compliance. In Proceedings of the 40th Hawaii International Conference on System Sciences.
57. PETERS LH and O'CONNOR EJ (1980) Situational constraints and work outcomes: The influences of a frequently overlooked construct. Academy of Management Review 5(3), 391-397.
58. PETERS LH, O'CONNOR EJ, EULBERG JR and WATSON TW (1988) An examination of situational constraints in air force work settings. Human Performance 1(2), 133-144.
59. PETTER S, STRAUB DW and RAI A (2007) Specifying formative constructs in is research. MIS Quarterly 31(4), 623-656.
60. PHILLIPS JS and FREEDMAN SM (1984) Situational performance constraints and task characteristics: Their relationship to motivation and satisfaction. Journal of Management 10(3), 321-331.
61. PODSAKOFF PM and ORGAN D (1986) Self-reports in organizational research: Problems and prospects. Journal of Management 12(4), 531-544.
62. PODSAKOFF PM, MACKENZIE SB, LEE JY and PODSAKOFF NP (2003) Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology 88(5), 879-903. (Pubitemid 37239703)
63. RADCLIFF S (2007) Commentary: Legal effect of revealing private information in the US and abroad. Information Systems Management 24(4), 343-344.
64. RALLS RS and KLEIN KJ (1991) Trainee cognitive ability and motivation: Effects on computer training performance. In Proceedings of the 6th Annual Conference of Industrial and Organizational Psychology.
65. RENNIE L (1982) Research note: Detecting a response set to likert-style attitude items with the rating model. Education Research and Perspectives 9(1), 114-118.
66. RHEE HS, KIM C and RYU YU (2009) Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security 28(6), 816-826.
67. RINGLE C, WENDE S and WILL A (2005) SmartPLS 2.0 (beta). [WWW document] www.smartpls.de.
68. ROBINSON T (2005) Data security in the age of compliance. Networker 9(3), 24-30.
69. ROTTER JB (1960) Some implications of a social learning theory for the prediction of goal directed behavior from testing procedures. Psychological Review 67, 301-316.
70. SALGANIK MJ and HECKATHORD DD (2004) Sampling and estimation in hidden populations using respondent-driven sampling. Sociological Methodology 34(1), 193-239. (Pubitemid 40465521)
71. SASSE MA, BROSTOFF S and WEIRICH D (2001) Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journal 19(3), 122-131. (Pubitemid 32903117)
72. SCHUNK DH (1983) Ability versus effort attributional feedback: Differential effects on self-efficacy and achievement. Journal of Educational Psychology 75(6), 848-856.
73. SCHUNK DH (1984) Sequential attributional feedback and children's achievement behavior. Journal of Educational Psychology 76(5), 1159-1169.
74. SHEPPARD B, HARTWICK J and WARSHAW P (1988) The theory of reasoned action: A meta-analysis of past research with recommendations for modifications and future research. Journal of Consumer Research 15(3), 325-343.
75. SHEN JJ, SAMSON LF, WASHINGTON EL, JOHNSON P, EDWARDS C and MALONE A (2006) Barriers of HIPAA regulation to implementation of health services research. Journal of Medical Systems 30(1), 65-69. (Pubitemid 44124367)
76. SIPONEN MT (2000) A conceptual foundation for organizational information assurance awareness. Information Management and Computer Security 8(1), 31-41.
77. SIPONEN MT (2001) An analysis of the recent IS security development approaches: Descriptive and prescriptive implications. In Information Security Management - Global Challenges in the Next Millennium (DHILLON G, Ed.), Idea Group, Hershey, PA.
78. SIPONEN M and VANCE A (2010) Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly 34(3), 487-502.
79. STANTON JM, STAM KR, MASTRANGELO PM and JOLTON JA (2005) Analysis of end user security behaviors. Computers & Security 24(2), 124-133. (Pubitemid 40583824)
80. STRAUB D (1990) Effective IS security: An empirical study. Information Systems Research 1(3), 255-276.
81. STRAUB DW, BOUDREAU MC and GEFEN D (2004) Validation guidelines for IS positivist research. Communications of AIS 13(63), 380-427.
82. STRAUB DW and WELKE RJ (1998) Coping with system risk: Security planning models for management decision making. MIS Quarterly 22(4), 441-464. (Pubitemid 128684563)
83. SULSKY LM and KLINE TJ (2007) Understanding frame-of-reference training success: A social learning theory perspective. International Journal of Training and Development 11(2), 121-131.
84. TORKZADEH G and VAN DYKE TP (2002) Effects of training on internet selfefficacy and computer user attitudes. Computers in Human Behavior 18(5), 479-494. (Pubitemid 34771850)
85. VAN VIANEN AE (1999) Managerial self-efficacy, outcome expectancies, and work-role salience as determinants of ambition for a managerial position. Journal of Applied Social Psychology 29(3), 639-665.
86. VOGT N (2005) Can privacy compliance be monitored? Journal of Health Care Compliance 7(4), 56-58.
87. VROOM C and VON SOLMS R (2004) Towards information security behavioural compliance. Computers & Security 23(3), 191-198.
88. WARKENTIN M and WILLISON R (2009) Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems 18(2), 101-105.
89. WEXLEY KN and LATHAM GP (1991) Developing and Training Human Resources in Organizations. HarperCollins, New York City.
90. WHITMAN EM and MATTORD HJ (2004) Making users mindful of IT security; awareness training is vital to keeping the idea of IT security uppermost in employees' minds. Security Management 48(11), 32-34.
91. WILLISON R and BACKHOUSE J (2006) Opportunities for computer crime: Considering systems risk from a criminological perspective. European Journal of Information Systems 15(4), 403-414. (Pubitemid 44494839)
92. WORKMAN M, BOMMER WH and STRAUB D (2008) Security lapses and the omission of information security measures: A threat control model and empirical test. Computer in Human Behavior 24(6), 2799-2816.