Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

From Shield to Sword: How Data Privacy Can Undermine Data Security

Published Online:18 Feb 2026https://doi.org/10.1287/isre.2023.0566

References

  • Abbasi A, Dobolyi D, Vance A, Zahedi FM (2021) The phishing funnel model: A design artifact to predict user susceptibility to phishing websites. Inform. Systems Res. 32(2):410–436.LinkGoogle Scholar
  • Acquisti A, Brandimarte L, Loewenstein G (2015) Privacy and human behavior in the age of information. Science 347(6221):509–514.CrossrefGoogle Scholar
  • Acquisti A, Taylor C, Wagman L (2016) The economics of privacy. J. Econom. Literature 54(2):442–492.CrossrefGoogle Scholar
  • Algarni A, Xu Y, Chan T (2017) An empirical study on the susceptibility to social engineering in social networking sites: The case of Facebook. Eur. J. Inform. Systems 26(6, SI):661–687.CrossrefGoogle Scholar
  • Belanger F, Hiller JS, Smith WJ (2002) Trustworthiness in electronic commerce: The role of privacy, security, and site attributes. J. Strategic Inform. Systems 11(3–4):245–270.CrossrefGoogle Scholar
  • Biselli T, Reuter C (2021) On the relationship between IT privacy and security behavior: A survey among German private users. Ahlemann F, Schütte R, Stieglitz S, eds. Innovation Through Information Systems (Springer International Publishing, Cham, Switzerland), 388–404.Google Scholar
  • Bufalieri L, Morgia ML, Mei A, Stefa J (2020) GDPR: When the right to access personal data becomes a threat. Proc. 2020 IEEE Internat. Conf. Web Services (IEEE, Piscataway, NJ), 75–83.Google Scholar
  • Cialdini RB (2009) Influence: The Psychology of Persuasion (HarperCollins, New York).Google Scholar
  • Cichy P, Salge TO, Kohli R (2021) Privacy concerns and data sharing in the internet of things: Mixed methods evidence from connected cars. MIS Quart. 45(4):1863–1892.CrossrefGoogle Scholar
  • Cram WA, D’Arcy J, Proudfoot JG (2019) Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quart. 43(2):525–554.CrossrefGoogle Scholar
  • Culnan MJ, Williams CC (2009) How ethics can enhance organizational privacy: Lessons from the choicepoint and TJX data breaches. MIS Quart. 33(4):673–687.CrossrefGoogle Scholar
  • D’Arcy J, Herath T, Shoss MK (2014) Understanding employee responses to stressful information security requirements: A coping perspective. J. Management Inform. Systems 31(2):285–318.CrossrefGoogle Scholar
  • Dehling T, Sunyaev A (2024) A design theory for transparency of information privacy practices. Inform. Systems Res. 35(3):956–977.LinkGoogle Scholar
  • Demirer M, Hernández DJJ, Li D, Peng S (2024) Data, Privacy Laws and Firm Production: Evidence from the GDPR (National Bureau of Economic Research, Cambridge, MA).Google Scholar
  • Di Martino M, Robyns P, Weyts W, Quax P, Lamotte W, Andries K (2019) Personal information leakage by abusing the GDPR ‘right of access’. Proc. 15th Sympos. Usable Privacy Security (USENIX Association, Santa Clara, CA), 371–385.Google Scholar
  • Durcikova A, Miranda SM, Jensen ML, Wright R (2024) United we stand, divided we fall: An autogenic perspective on empowering cybersecurity in organizations. MIS Quart. 48(4):1503–1536.CrossrefGoogle Scholar
  • Federal Bureau of Investigation (2022) Internet crime report 2022. Accessed September 20, 2023, https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf.Google Scholar
  • Goel S, Williams K, Dincelli E (2017) Got phished? Internet security and human vulnerability. J. Assoc. Inform. Systems 18(1):22–44.Google Scholar
  • Johnson GA (2022) Economic Research on Privacy Regulation: Lessons from the GDPR and Beyond (University of Chicago Press, Chicago).CrossrefGoogle Scholar
  • Johnson GA, Shriver SK, Goldberg SG (2023) Privacy and market concentration: Intended and unintended consequences of the GDPR. Management Sci. 69(10):5695–5721.LinkGoogle Scholar
  • Ke TT, Sudhir K (2023) Privacy rights and data security: GDPR and personal data markets. Management Sci. 69(8):4389–4412.LinkGoogle Scholar
  • Li Z, Lee G, Raghu TS, Shi ZM (2025) Impact of the general data protection regulation on the global mobile app market: Digital trade implications of data protection and privacy regulations. Inform. Systems Res. 36(2):669–689.LinkGoogle Scholar
  • Lowry PB, Dinev T, Willison R (2017) Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. Eur. J. Inform. Systems 26(6):546–563.CrossrefGoogle Scholar
  • Mitnick KD, Simon WL (2003) The Art of Deception: Controlling the Human Element of Security (John Wiley & Sons, Hoboken, NJ).Google Scholar
  • Parks R, Xu H, Chu CH, Lowry PB (2017) Examining the intended and unintended consequences of organisational privacy safeguards. Eur. J. Inform. Systems 26(1):37–65.CrossrefGoogle Scholar
  • Pavlou PA (2011) State of the information privacy literature: Where are we now and where should we go? MIS Quart. 35(4):977.CrossrefGoogle Scholar
  • Pavone V, Esposti SD (2010) Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security. Public Understanding Sci. 21(5):556–572.CrossrefGoogle Scholar
  • Smith HJ, Dinev T, Xu H (2011) Information privacy research: An interdisciplinary review. MIS Quart. 35(4):989.CrossrefGoogle Scholar
  • Smith HJ, Milberg SJ, Burke SJ (1996) Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quart. 20(2):167.CrossrefGoogle Scholar
  • Solove DJ, Hartzog W (2022) Breached!: Why Data Security Law Fails and How to Improve It (Oxford University Press, Cary, NC).Google Scholar
  • U.S. House 109th Congress (2006) National Defense Authorization Act for Fiscal Year 2006, H.R. 1815, https://www.congress.gov/bill/109th-congress/house-bill/1815.Google Scholar
  • von Solms R, van Niekerk J (2013) From information security to cyber security. Comput. Security 38(1):97–102.CrossrefGoogle Scholar
  • Waldman AE (2020a) Data protection by design? A critique of Article 25 of the GDPR. Cornell Internat. Law J. 53(1):147–167.Google Scholar
  • Waldman AE (2020b) Privacy law’s false promise. Washington University Law Rev. 97(3):773–834.Google Scholar
  • Williams EJ, Hinds J, Joinson AN (2018) Exploring susceptibility to phishing in the workplace. Internat. J. Human-Comput. Stud. 120(1):1–13.CrossrefGoogle Scholar
  • Willox NA Jr, Gordon GR, Regan TM, Rebovich DJ, Gordon JB (2004) Identity fraud: A critical national and global threat. J. Econom. Crime Management 2(1):3–48.Google Scholar
  • World Economic Forum (2019) The cybersecurity guide for leaders in today’s digital world. https://www3.weforum.org/docs/WEF_Cybersecurity_Guide_for_Leaders.pdf.Google Scholar
  • Wright RT, Jensen ML, Thatcher JB, Dinger M, Marett K (2014) Influence techniques in phishing attacks: An examination of vulnerability and resistance. Inform. Systems Res. 25(2):385–400.LinkGoogle Scholar
  • Xu F, Wang X, Zhang F (2025) Consumer privacy in online retail supply chains. Management Sci. 71(10):8371–8389.LinkGoogle Scholar
  • Yin RK (2009) Case Study Research: Design and Methods, vol. 5 (SAGE, Thousand Oaks, CA).Google Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree