A conceptual framework for consumer IS compliance awareness: South African government context

Abstract

The requirement for consumers to divulge personal data to obtain basic products/services from organizations, is becoming the norm. It has, to a large extent, benefitted consumers as it enabled organizations to profile their customers to provide them with relevant products/services and an improved shopping experience. Nevertheless, although profiling driven by big data, offers endless lists of opportunities/value through improved customer experience, it is also accompanied by many risks of which consumers are not always aware. In South Africa (SA), being a developing country, it became clear that there is a divide between the level of trust consumers extend towards organizations they transact/share personal data with and the extent to which that trust is warranted by organizational Information Security (IS) compliance efforts. Human factors significantly influence IS behaviour. Trust is a crucial human factor as it influences IS behaviour. Awareness is a powerful element that can in turn influence trust and IS behaviour. There is currently a definite lack of IS compliance awareness amongst consumers and a disregard of the cost/value benefit of IS compliance from an organizational perspective. The failure of realizing/addressing these issues in previous data protection frameworks emerged as key lessons. There is currently no government-led/sponsored IS compliance awareness and training initiatives in SA. The primary research objective of this paper is to propose a Consumer Data Protection Framework to assist the South African Government with creating IS compliance awareness amongst consumers. This Framework will be developed based on key building blocks derived from literature. Informatics and Cybernetics in Intelligent Systems.