Toward a taxonomy of corporate data protection malpractices and their causal mechanisms: A regulatory view

Haiping Zhao, Na Jiang, Zhao Cai, Eric T.K. Lim, Chee Wee Tan

Research output: Journal PublicationArticlepeer-review

1 Citation (Scopus)

Abstract

Corporate data protection malpractices are not uncommon, especially in contemporary technological environments. Embracing a regulatory view, this study attempts to advance a taxonomy of prevailing corporate data protection practices and their causal mechanisms by analyzing cases where organizations were fined for violating data protection legislation. Selecting the General Data Protection Regulation (GDPR) enacted by the European Union (EU) as our benchmark, this study employs an iterative taxonomy development technique as guidance and conducts a thematic analysis on 875 cases of GDPR enforcement. In so doing, we derive a conceptual model comprising 6 focal categories and 28 subcategories of prevailing corporate data protection malpractices existing within organizations as well as 4 main categories and 22 subcategories of causal mechanisms underlying these identified malpractices. Empirical findings from this study not only reinforce corporate data protection malpractices established in prior research but also yield novel malpractices that have been neglected in previous work. From a pragmatic standpoint, this study yields invaluable insights into the prevention and resolution of corporate data protection malpractices for practitioners.

Original languageEnglish
Pages (from-to)319-333
Number of pages15
JournalJournal of Information Technology
Volume38
Issue number3
DOIs
Publication statusPublished - Sept 2023

Keywords

  • General Data Protection Regulation
  • causal mechanisms
  • corporate data protection malpractice
  • data protection regulation
  • regulatory view
  • taxonomy development

ASJC Scopus subject areas

  • Information Systems
  • Strategy and Management
  • Library and Information Sciences

Fingerprint

Dive into the research topics of 'Toward a taxonomy of corporate data protection malpractices and their causal mechanisms: A regulatory view'. Together they form a unique fingerprint.

Cite this