References

Anderson, C. L., & Agarwal, R. (2010, September). Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly, 34, 613-643. doi:https://doi.org/10.2307/25750694

Ball, K. S. (2001, December 1). Surveillance Society: Monitoring Everyday Life. Information Technology & People, 14, 406-419. doi: https://doi.org/10.1108/itp.2001.14.4.406.5

Bélanger, F., & Crossler, R. E. (2011, December). Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. 35, 1017-1041. doi:https://doi.org/10.2307/41409971

Benson, V., Saridakis, G., & Tennakoon, H. (2015, August 3). Information disclosure of social media users: Does control over personal information, user awareness and security notices matter? Information Technology & People, 28(3), 426-441. doi:https://doi.org/10.1108/ITP-10-2014-0232

Chen, R.-R., Lin, Y.-H., Chiang, S.-C., & Chang, H.-K. (2010, June 29). Management of personal health information sharing for long term care services. 2010 7th International Conference on Service Systems and Service Management. doi:10.1109/ICSSSM.2010.5530130

Conger, S., Pratt, J. H., & Loch, K. D. (2012, June 01). Personal information privacy and emerging technologies. Information System Journal. doi: https://doi.org/10.1111/j.1365-2575.2012.00402.x

Gressin, S. (2017, Septembre 8). The Equifax Data Breach: What to Do. Attorney, Division of Consumer & Business Education, FTC. Retrieved from https://www.penncommunitybank.com/wp-content/uploads/2019/12/The-Equifax-Data-Breach_-What-to-Do-_-Consumer-Information.pdf

1. (2009, January 15). DATA CLASSIFICATION AND HANDLING PROCEDURES GUIDE. KU Policy Library. Retrieved from https://policy.ku.edu/IT/data-classification-handling-procedures

OAIC. (n.d.). The Privacy Act / Rights and responsibilities. Retrieved from OAIC: https://www.oaic.gov.au/privacy/the-privacy-act/rights-and-responsibilities

Posey, C., Lowry, P., Roberts, T. L., & Ellis , T. S. (2010, March). Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities. European Journal of Information Systems, 181-195. Retrieved from https://link.springer.com/article/10.1057/ejis.2010.15

Rapp, A., Beitelspacher, L. S., Grewal, D., & Hughes , D. E. (2013, January 27). Understanding social media effects across seller, retailer, and consumer interactions. Journal of the Academy of Marketing Science, 41, 1-120. Retrieved from https://link.springer.com/article/10.1007/S11747-013-0326-9

Resources used

Different resources have been used to successfully conduct research including:

• University and online Libraries to get access to books and journal articles include:
  • IEEE Xplore
  • ACM Digital Library
  • ScienceDirect
  • Elsevier
  • Google Scholar
  • SpringerLink
  • OAIC
• Computer and internet to facilitate the research
• Transport such as car was used to travel in order to get views from experts and individuals

• Employee sharing information on how their company handle personal information and process them:

This might not be appropriate for the employee within the organisation to share any information regarding the company process because this process might involve the breach of company policy.

Personal information handling is the most critical task that both organisation and individual has due to the trend of cyber criminality and attack that is emerging today.

Following are key research questions that will be assessed throughout the project as personal information has become the subject to cyber-criminal attacks:

• Investigating how Personal information is being handled by organisations and individuals and find the best way to handle personal data
• What are the privacy concerns and their effect on personal information disclosure and protection?
• What are the responsibilities between individuals, organisations and government in protection of personal information?
• How personal information is being exploited for cyber-crime and mechanism to protect against exploitation
• Investigate how Personal information are being classified and prioritized
• Research on the types of attack can be used over personal information exploitation
• What’s the security measures and mechanisms to be used in personal information handling
• Provide recommendation on security of personal data

• As an outcome from this study, it will give a clear view and understanding of the importance in protection of personal information and the implication of cyber crime to personal information.

• The relationship in responsibilities between organizations and individual will be drawn for better understanding of the limitation to each party

• At the end of the project, a concise protect methods and mechanism along with awareness will be elaborated to allow individual to better protect them online and limit accessibility to their personal information.

• Security risk and concerns in relation to personal information will be listed as well as describe the privacy concerns with its implication over personal data.

• This project will be presented in a form of article and will be published to the blog provided for public access.

The method that is primarily used in this research is a literature review and the conceptual modelling, I collect and analyse data from various sources including interviewing people and discussing the issues with practitioners in industries that collect, store and process personal information such as hospitals and Banks. Reading journal and books related to personal information, getting different views from people, consulting the government website to understand the law and regulation on handling personal information and privacy regulation applied to handling of personal data.

Step to undertake the research

In the first step the study will review the type of personal information and how their classified according to the level of access and security. Based on this analysis, the protection and prevention mechanisms will be developed to ensure the security of information.  In accordance to (KU, 2009) , the minimum level of protection when performing activities need to be outlined based on classification of information handled.

In the following stage of the research, existing literature will be reviewed on how personal information is being handled and security measures which are taken into consideration when sharing information between organisation. This will allow to find gap in existing study and elaborate best methods to put into account upon information sharing.

Then we will analyse the existing studies on how personal information is exploited by cyber criminals through various form of attack and draw the relationship with organisation. This will help determine and demonstrate how the modern technology facilitate the trend of cyber attack trough different platforms such as social media platforms (Benson, Saridakis, & Tennakoon, 2015)

Next the study will review the privacy concerns in regard to personal information, evaluate what entities are covered by the privacy Act, find the risk and provide techniques to securely disclose and share personal information.

Once the privacy of information is understood and all other information are collected and reviewed, responsibilities for handling personal information will be outlined in accordance to the status level of every entity responsible for collecting, storing and processing personal information including individuals. According to (OAIC, n.d.) the privacy act stipulates how individual’s personal information need to be handled by organisation that are covered by the privacy act, it again gives individual great control over the way personal information need to be handled.

Next, we will investigate the existing awareness provided for handling personal information against the modern way with the trend of technology and cyber criminality. This study will try identify the gap and need for people to better manage personal information while in use or when sharing and submitting to online. People will be aware of different attacks and the impact that exposing personal information may have to our lives.

Personal information handling is a major concern that affect individual when it comes to data handling with the usage of technology and platforms such as social media, financial institution or e-commerce sites. Privacy concerns have been identified in previous literatures and studies but this still trending and the primary concern nowadays because of the data exploitation by third party entities and criminal organisation that misuse personal information or individuals that act maliciously for their own benefit. With the explosion of technology today, organisation responsible for handling individual information are struggling to manage that information due to new attack and viruses that are being used today along with the improvement of technology capabilities.

Sharing of personal information among organisation for the purpose of marketing, improving their advertisement and product for the benefit of organisation. This led to employing some tools and techniques to collect as many users’ information as possible to help it happen by using technologies such as cookies to collect user browsing activities, using social media to get user’s interest, using survey methodology, using GPS to track individual location and many related capabilities. Because the user consent is needed to in order to share their information, many organisations ignore the fact of asking the user consent and anonymously collect and share individual personal activities such as Off Facebook feature which by default is enabled without user knowledge then collect and share user activities with other organisation.

This study will contribute in providing the best understanding from how personal information are being managed by organisation, the usage, how are being collect with the attached purpose and when this information is being shared by another organisation. Then the study will propose techniques and mechanism to use for better preserve the privacy of individual information when it being collected, how to securely share sensitive information in order to avoid being misused by malicious entities. Will also provide the classification information for the reader to understand the sensitivity of information and make good choice by knowing what to be exposed to public and what is private and sensitive, this will help reduce individual habit to giving too much information that may expose his/her life to risk of being exploited.

As this research study will discuss and analyse different issues raised from this topic in regard to personal information security along with information privacy perspective with all implication that cyber criminality has over personal information by being exploited by external entities with malicious purposes. It evaluates the current security implementation, find the gap in previous literature and propose the best methodology to handle personal information for the public interest. Therefore, the most relevant studies prior to this literature will be presented.

Since decades the view about transaction of information through web have been traditionally considered that organization, business and consumers as transacting parties. Security and privacy issue in personal information have been explored in terms of marketing and the major component discovered in the studies that build a relationship between individual and organisation is the amount of trust between client and the vendor (Anderson & Agarwal, 2010). Some studies stipulate that the disclosure of personal information may be influenced by organisation that provide services to individual while other research dispute that trust depend with the level of personalisation provided by the organisation. However, this raise a security concern between individual and organization due to amount of information that individual is required to provide to the organisation. The study shows that actors such as retailers, customers and suppliers contribute to the transaction of information using what is considered the major actor for online transaction which is known as computer system for processing all data over the internet  (Rapp, Beitelspacher, Grewal, & Hughes , 2013). According to Australian privacy act 1988 in privacy right section and personal information page (OAIC, n.d.) the law state that any organisation or agency that handle personal information need individual consent to collect and to use or disclose your personal information. With all the transactions on personal information within organisations, information theft and data loss has increase on a global scale and malicious organisation such as hackers and activist emphasise on illegally access and steal data accumulated by venders and provider.

Personal information handling and disclosure are the major area of concerns due to the interconnection between individual and organisation. (Posey, Lowry, Roberts, & Ellis , 2010) argue that the influence from social perspective and online trust has developed a privacy risk when it comes to disclosure of information on the other hand the literature show that it is more important using platforms or organisation that has ability to remain anonymous while serving the purpose as this reduce the privacy concerns.

The dispute in literatures have been around organisation collecting individual’s personal information, store that information and process them in accordance to the usage which could be defined in various way such as for marketing purpose, finance record, health record. In particular some issues raised in using these organisation platforms including data mining, user surveillance, usage of facial recognition for tracking client presence, employing cookies to track individual activities, GPS tracking to track user location. The research show that individual never have intention of disclosing their personal information but are influenced by the power that organisations have over their information.

This study will highlight some important concerns that organisation need to take into account in order to preserve individual personal information and for better managing them.

• For every organisation that process personal information, it is important to classify all individual’s information in accordance to it sensitivity and use them accordingly.
• Due diligence should be considered when organisation want to share personal information with others example Banks sharing with credit score compagnies. This is for preserving customer reputation and preventing cyber crime over individual. (Gressin, 2017) Shows that if you have a credit report you have a probability to be among the 143 million American consumers whose sensitive information have been exposed into the Equifax data breach.
• It is of high importance to get individual consent about disclosing their personal information and when their information needs to be used refer to the Australian Privacy act on responsibilities that each party has over individual data (OAIC, n.d.)
• To keep personal information privacy and secure, it very important for organisation to employ the best technical practices to ensure individual data is highly secured.

The purpose of this research is to cover the difference or gap find in the existing literature by exploring the existing mechanism of handling personal information of individual in organisation. In particular this research paper investigates the link between personal information handling, personal information privacy, information disclosure, organisation vs individual responsibilities, attack over personal information, user awareness and security concerns in personal information management. This relationship will be demonstrating the difference from existing studies in regard to handling information from organisation level to individuals.

The result of this research will be valuable to both organisation and individual directly affected by the management of personal information as well as design best practices to ensure all personal sensitive information is being handled in ethical manner.