Article Preview
TopIntroduction
Businesses and organizations are creating and using data at unprecedented rates. With this boom in data comes challenges and problems in data protection. Customers expect their data to be protected and not used in a manner inconsistent. The protection of their data is paramount to customers, and they evaluate information and communications technology (ICTs) firms in part on how well they handle and protect it from being stolen or used improperly. In many industries customers are specifically mandated to evaluate how ICTs firms protects their data. When customers create an account with ICTs firms, or use their services, they expect that a set of specific rules around how ICTs are used to manage their information (Cruz-Cunha & Portela, 2015). Previously, enterprises emphasized perimeter security over things like endpoint protection and data-centric security. If from one side the ever-expanding security and privacy perimeters make it necessary for companies to find data protection processes that secure data from both internal and external threats, placing the focus on sensitive data as it travels within and outside of enterprise networks. On the other side, the ever-changing landscape of data protection is not resulting in knowledge sharing and thoughts. With the sheer quantity of information and resources on data protection available today, it can be difficult to sort through it to find the most trusted and experienced sources that provide accurate insights and educated perspectives on relevant data protection challenges facing modern enterprises. In particular, the literature is lacking on methodological grounded knowledge about how ICT professionals should follow in order to ensure data protection. This is becoming critical as more and more ICT firms are evolving from a purely focus on software and communications to services providers, customer’s data protection is critical factors in winning customer trust (Bélanger & Crossler, 2011; Pavlou, 2011; Slyke, Shim, Johnson, & Jiang, 2006; Stantcheva & Stantchev, 2014).
Reputable ICTs firms such as Microsoft, SAP, Portugal Telecom, ONI-Communications and Vodafone among others, have built a strong foundation of privacy and security practices (OECD, 2012). The past decade has brought immense changes in technology, requiring ICTs firms to continually evolve and reaffirm their commitment to trustworthy computing regardless if inshore, nearshore or offshore service and support models (Casado-Lumbreras, Colomo-Palacios, Ogwueleka, & Misra, 2014; Colomo-Palacios, Casado-Lumbreras, Soto-Acosta, Misra, & García-Peñalvo, 2012; Leeney, Varajão, Trigo Ribeiro & Colomo-Palacios, 2011). Hence is a must to continue to meet customer’s data protection demands to meet regulations, customer expectations, and consumer perceptions (Hong & Thong, 2013; Pavlou, 2011). Instead of broadly study privacy or security situations handled by professionals this research paper focuses on the data protection field from the outlook of good practice in the management of IT human capital, filling a gap in the literature (Pavlou, 2011). Motivated by these issues, this study seeks to answer to the following research question:
To answer this question we developed and implemented a two phase’s research: we commenced with the traditional questionnaires interview methodology with 17 experts in order to identify the factors, and then the Delphi method with 20 experts in order to obtain the ranking and consensus on the factors. The theoretical background is presented in the next section. Then we introduce the combined methodologies. After we present the results and analysis. Then the paper concludes with the main findings, including implications, limitations and future research opportunities.