The current study is one of the few scientific contributions on the sensitive information disclosure behavior of employees (see Section 3.1). Against this background, the present study provides a theory- and interview-based model that specifically identifies the value of technological and organizational aspects, such as trust and the psychological contract, as influencing factors on PIBV, and in turn the interplay of PIBV and benefit on disclosure and resistance behaviors of REIS users. This also takes account for the importance of interaction among perceived information-based vulnerability, as a privacy concern, and benefits on disclosure and resistance behaviors of employees. However, in the case of sensitive information disclosure research, such
Psychological Contract Breach Trust into Employer PIBV b a c Psychological Contract Violation Trust into Employer PIBV e d f (𝑎×𝑏) (𝑑×𝑒)
a constellation has not been investigated in the employer context (see Section 3.1). In the course of sensitive information disclosure and related privacy research the main focus was on social network systems and e-commerce platforms as a software solution or application (e.g., Dinev and Hart 2006; Malhotra et al. 2004; White 2004). The results of the study provide evidence that a kind of calculus of benefits and concerns for privacy is not only of high relevance for the sensitive information disclosure behavior of employees but can influence their resistance behavior as well. This behavior has an even more serious impact on the success of REIS. For example, employees might tell co-workers to not use the system. In turn this could lead to a social norm to not use or even boycott the enterprise information system. PIBV was shown to prevent or reduce a disclosure and strengthen resistance. Thus, the study results demonstrate that, apart from disclosure intention, knowledge about resistance intentions might also be a useful insight for the success of REIS in particular but probably as well for e-commerce or social network systems.
It has been demanded by researchers that privacy research should be extended beyond consumer settings into organizational contexts and behaviors (Bélanger and Crossler 2011; Smith et al. 2011). The study shows that the perceived information-based vulnerability of employees, as a privacy concern, is a counterweight to benefits of a REIS solution. As Privacy Calculus Theory states that users’ information sharing behavior depend on the benefits as well as the costs (e.g., risk beliefs or privacy concerns) associated with disclosure (Culnan and Bies 2003; Dinev and Hart 2006; Laufer and Wolfe 1977), this research contributes to the Privacy Calculus Research in the organizational context. It can be confirmed that the calculus of perceived benefits and perceived costs of disclosure also holds true for the organizational context, even though the costs are expressed in the perceived vulnerability through information disclosure.
With regard to the organizational context, the study also encompasses organizational factors that influence an employee’s sensitive information disclosure behavior. The employer-employee relationship has an impact on the employee’s fear of opportunism of the employer when deciding to disclose information or not. In particular, the effects of the existence of a psychological contract breach and violation on PIBV through trust in the employer were found to be significant. The study results suggest that employees may perceive vulnerability because of psychological breaches and violations, and a resulting weak trust relationship, which can ultimately be a major influencing factor on the disclosure behavior of employees in REIS.
Within the scope of the data analysis, all research hypotheses except H1-1, H2-1, and H6-2 could be confirmed. H1-1 and H2-1 were the direct positive effects of the psychological contract breach (H1-1) and violation (H2-1) on the perceived information based vulnerability. Nevertheless, the indirect mediating effects through trust was found to be significant. However, the study result is a contradiction to the qualitative research results of Section 4. Employees might have answered socially desirable, or in other words – they replied in a way that did not make them vulnerable because of sensitive information disclosure. Thus, employees might have perceived PIBV when they responded to the survey. Even though there is no proof for that theory, several observations
were found that support this notion. First, employees indicated psychological contract breaches in the previous qualitative research study and pointed out that their employer has broken and even violated the contract by behaving opportunistically (see Section 4). However, the average response behavior of psychological contract breach (average = 2.61) and violation (average = 1.56) was rather low, compared to other independent variables which did not focus on the employer-employee relationship (see Table 32). Hence, employees replied that they did not perceive any breach or violation of the psychological contract in the quantitative study, whereas the qualitative study indicates differently. Third, due to data security guidelines, the questionnaire of this study was done with a tool hosted by the company. It had the corporate design and a logo of the employer in the survey layout (see Figure 13), as well as in the invitation mail (see Figure 14, marked in Red). As the name of the employer and its corporate design, as well as its branding appeared quite often in the study, employees might perceive that the employer has access to the data, even though this was not the case and furthermore pointed out to the employee that data is treated secure and private.
Figure 13: Survey Design and Layout
The last indication is the received e-mails from potential respondents, who pointed out that this survey was perceived as a threat or possible source for vulnerability when disclosing information.
‘[…] now I am looking through the questionnaire and see that the questions are not related to the software tool, but to my relationship with my employer. It really does not deal with the
topic. I do not participate in the survey.’ -Peter
For instance, James even pointed out that there might be a preconceived notion in the results, as people who are generally suspicious might not answer the survey truthfully:
‘The questions in the survey are quite personal in nature. It seems likely that colleagues who are critical of data protection issues in the evaluated tool will be cautious in the survey as well.
Could be that there is a systematic distortion in the results. Personally, I had the impression that it [the survey] might be an investigation into how much data someone is willing to
provide for a survey.’ -James
All these observations and hints for potential perceived vulnerability of employees through information disclosure showed the fear of people to answer truthfully on critical questions about the employer-employee
Questions
LOGO
relationship. Thus, the rejection of hypotheses H1-1 and H2-1 should be rated with these facts in mind. However, this cannot be ascertained with confidence and should, therefore, be checked by further studies.