Skip to main content

In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Abstract

The increasing digitization of the workplace poses new threats to the right to privacy for employees. Previous work on this matter was rather quantitative and with a strong focus on monitoring and surveillance. Yet, there is a lack of comprehensive explanations for employees’ privacy perceptions and what drives their risk and trust perceptions.

We conducted an interview study with 22 German employees to qualitatively examine (1) issues and themes related to the expectations of privacy of office workers and (2) their beliefs and understandings of how their data is handled by their employers.

We present the mental model of the believing employee, which is characterized by a high level of trust in the lawful processing of personal data by the employer and little fear of invasions of privacy. The mental model is strongly influenced by the uncertainty regarding the processing of personal data by employers and compensates missing experiences regarding privacy at work with analogies from private online use.

Jan Tolsdorf, Florian Dehling, In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions, Proceedings of AsiaUSEC’20, Financial Cryptography and Data Security 2020 (FC). February 14, 2020

Kota Kinabalu, Sabah, Malaysia Springer, 2020

Supported by the German Federal Ministry of Education and Research (BMBF) under the research project “TrUSD - Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen” (transparent and self-determined design of data use in organizations) (16KIS0899).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015). https://doi.org/10.1126/science.aaa1465

    Article  Google Scholar 

  2. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Privacy Mag. 3(1), 26–33 (2005). https://doi.org/10.1109/MSP.2005.22

    Article  Google Scholar 

  3. Alge, B.J., Ballinger, G.A., Tangirala, S., Oakley, J.L.: Information privacy in organizations: empowering creative and extrarole performance. J. Appl. Psychol. 91(1), 221–232 (2006). https://doi.org/10.1037/0021-9010.91.1.221

    Article  Google Scholar 

  4. Backhaus, N.: Context sensitive technologies and electronic employee monitoring: a meta-analytic review. In: 2019 IEEE/SICE International Symposium on System Integration (SII), pp. 548–553 (2019). https://doi.org/10.1109/SII.2019.8700354

  5. Ball, K., Daniel, E.M., Stride, C.: Dimensions of employee privacy: an empirical study. Inf. Technol. People 25(4), 376–394 (2012). https://doi.org/10.1108/09593841211278785

    Article  Google Scholar 

  6. Buchmann, J., Nebel, M., Roßnagel, A., Shirazi, F., Simo, H., Waidner, M.: Personal information dashboard: putting the individual back in control. In: Hildebrandt, M., O’Hara, K., Waidner, M. (eds.) Digital Enlightenment Yearbook 2013, pp. 139–164. Iso Press, Amsterdam (2013)

    Google Scholar 

  7. Camp, L.J.: Mental models of privacy and security. IEEE Technol. Soc. Mag. 28(3), 37–46 (2009). https://doi.org/10.1109/MTS.2009.934142

    Article  Google Scholar 

  8. Campbell, J.L., Quincy, C., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews: problems of unitization and intercoder reliability and agreement. Sociol. Methods Res. 42(3), 294–320 (2013). https://doi.org/10.1177/0049124113500475

  9. Chen, X., Ma, J., Jin, J., Fosh, P.: Information privacy, gender differences, and intrinsic motivation in the workplace. Int. J. Inf. Manag. 33(6), 917–926 (2013). https://doi.org/10.1016/j.ijinfomgt.2013.08.010

    Article  Google Scholar 

  10. Craik, K.J.W.: The Nature of Explanation. Cambridge University Press, Cambridge (1943)

    Google Scholar 

  11. Dinev, T., Hart, P.: An extended privacy calculus model for E-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006). https://doi.org/10.1287/isre.1060.0080

    Article  Google Scholar 

  12. Domingo-Ferrer, J., et al.: European Union, European Network and Information Security Agency: Privacy and data protection by design - from policy to engineering. ENISA, Heraklion (2014)

    Google Scholar 

  13. Feinstein, A.R., Cicchetti, D.V.: High agreement but low Kappa: I. The problems of two paradoxes. J. Clin. Epidemiol. 43(6), 543–549 (1990). https://doi.org/10.1016/0895-4356(90)90158-L

  14. Fischer-Hübner, S., Pettersson, J.S., Angulo, J.: HCI requirements for transparency and accountability tools for cloud service chains. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 81–113. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17199-9_4

    Chapter  Google Scholar 

  15. Gerber, N., Zimmermann, V., Volkamer, M.: Why johnny fails to protect his privacy. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pp. 109–118 (2019). https://doi.org/10.1109/EuroSPW.2019.00019

  16. Gwet, K.L.: Computing inter-rater reliability and its variance in the presence of high agreement. Br. J. Math. Stat. Psychol. 61(1), 29–48 (2008). https://doi.org/10.1348/000711006X126600

    Article  MathSciNet  Google Scholar 

  17. Jackson, C.B., Wang, Y.: Addressing the privacy paradox through personalized privacy notifications. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2(2), 68:1–68:25 (2018). https://doi.org/10.1145/3214271

  18. Jones, N., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16(1) (2011). https://doi.org/10.5751/ES-03802-160146

  19. Krebs, D., Doctor, J.: “Privacy by design”: nice-to-have or a necessary principle of data protection law? JIPITEC - J. Intellect. Prop. Inf. Technol. E-Commerce Law 4(1), 2–20 (2013)

    Google Scholar 

  20. Kumar, P., Naik, S.M., Devkar, U.R., Chetty, M., Clegg, T.L., Vitak, J.: ‘No telling passcodes out because they’re private’: understanding children’s mental models of privacy and security online. Proc. ACM Hum.-Comput. Interact. 1(CSCW), 64:1–64:21 (2017). https://doi.org/10.1145/3134699

  21. Kwasny, M., Caine, K., Rogers, W.A., Fisk, A.D.: Privacy and technology: folk definitions and perspectives. Technical HFA-TR-0804, Atlanta, GA: Georgia Institute of Technology School of Psychology - Human Factors and Aging Laboratory, Florence, Italy (2008)

    Google Scholar 

  22. Mayring, P.: Qualitative content analysis [28 paragraphs]. Forum Qual. Sozialforschung/Forum: Qual. Soc. Res. 1(2), Art. 20 (2000). https://doi.org/10.17169/fqs-1.2.1089

  23. Mettler, T., Wulf, J.: Physiolytics at the workplace: affordances and constraints of wearables use from an employee’s perspective. Inf. Syst. J. 29(1), 245–273 (2019). https://doi.org/10.1111/isj.12205

    Article  Google Scholar 

  24. Morgan, M.G., Fischhoff, B., Bostrom, A., Atman, C.J. (eds.): Risk Communication: A Mental Models Approach. Cambridge University Press, Cambridge (2002)

    Google Scholar 

  25. Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017). https://doi.org/10.1109/ACCESS.2017.2765539

    Article  Google Scholar 

  26. Murmann, P., Reinhardt, D., Fischer-Hübner, S.: To be, or not to be notified: eliciting privacy notification preferences for online mHealth services. In: Proceedings of the 34th IFIP International Information Security and Privacy Conference (IFIP SEC), Lisbon, Portugal (2019)

    Google Scholar 

  27. Norman, D.A.: Some observations on mental models. In: Gentner, D., Stevens, A.L. (eds.) Mental Models, pp. 7–14. Lawrence Erlbaum Associates Inc. (1983)

    Google Scholar 

  28. Oates, M., Ahmadullah, Y., Marsh, A., Swoopes, C., Zhang, S., Balebako, R., Cranor, L.F.: Turtles, locks, and bathrooms: understanding mental models of privacy through illustration. Proc. Privacy Enhanc. Technol. 2018(4), 5–32 (2018). https://doi.org/10.1515/popets-2018-0029

    Article  Google Scholar 

  29. Polst, S., Kelbert, P., Feth, D.: Company privacy dashboards: employee needs and requirements. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 429–440. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22351-9_29

    Chapter  Google Scholar 

  30. Prettyman, S.S., Furman, S., Theofanos, M., Stanton, B.: Privacy and security in the brave new world: the use of multiple mental models. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 260–270. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_24

    Chapter  Google Scholar 

  31. Schomakers, E.M., Lidynia, C., Ziefle, M.: Hidden within a group of people - mental models of privacy protection. In: Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security, pp. 85–94. SCITEPRESS - Science and Technology Publications, Funchal, Madeira, Portugal (2018). https://doi.org/10.5220/0006678700850094

  32. Shen, Y., Pearson, S.: Privacy enhancing technologies: a review. Technical HPL-2011-113, HP Laboratories, UK (2011)

    Google Scholar 

  33. Smith, S.A., Brunner, S.R.: To reveal or conceal: using communication privacy management theory to understand disclosures in the workplace. Manag. Commun. Q. 31(3), 429–446 (2017). https://doi.org/10.1177/0893318917692896

    Article  Google Scholar 

  34. Stone, E.F., Gueutal, H.G., Gardner, D.G., McClure, S.: A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. J. Appl. Psychol. 68(3), 459–468 (1983). https://doi.org/10.1037/0021-9010.68.3.459

    Article  Google Scholar 

  35. Tolchinsky, P.D., McCuddy, M.K., Adams, J., Ganster, D.C., Woodman, R.W., Fromkin, H.L.: Employee perceptions of invasion of privacy: a field simulation experiment. J. Appl. Psychol. 66(3), 308–313 (1981). https://doi.org/10.1037/0021-9010.66.3.308

    Article  Google Scholar 

  36. Watkins Allen, M., Coopman, S.J., Hart, J.L., Walker, K.L.: Workplace surveillance and managing privacy boundaries. Manag. Commun. Q. 21(2), 172–200 (2007). https://doi.org/10.1177/0893318907306033

    Article  Google Scholar 

  37. Woodman, R.W., Ganster, D.C., Adams, J., McCuddy, M.K., Tolchinsky, P.D., Fromkin, H.: A survey of employee perceptions of information privacy in organizations. Acad. Manag. J. 25(3), 647–663 (1982). https://doi.org/10.5465/256087

    Article  Google Scholar 

  38. Zimmermann, C., Accorsi, R., Müller, G.: Privacy dashboards: reconciling data-driven business models and privacy. In: 2014 Ninth International Conference on Availability, Reliability and Security, pp. 152–157 (2014). https://doi.org/10.1109/ARES.2014.27

Download references

Acknowledgments

The authors would like to thank Hartmut Schmitt and Svenja Polst for their support in conducting interviews, the involved organizations for their support in recruiting participants and last but not least all employees for their participation and valuable insights on privacy perceptions in the workplace.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jan Tolsdorf .

Editor information

Editors and Affiliations

Appendices

Appendix A Participants

See Table 1.

Table 1. Participants demographics

Appendix B Interview Outline (Translated)

  1. 1.

    Welcome and general instructions: At the start of the interview, participants were welcomed and briefed about the study procedure, the study conditions and asked for their consent to elicit data (drawings, hand writings, answers to questionnaire, voice recording).

  2. 2.

    Use of technical tools during everyday work: In the first part of each interview, participants were asked to summarize their job profile and to explain the kind of technical tools (hardware and software) they use for their ordinary working activities. All tools were written down on moderation cards and displayed on the table.

    • Please describe to me with which tasks you mainly deal with in your daily work.

    • Which technical aids or tools do you use in your daily work?

  3. 3.

    Data gathering and processing by employers: The next part of the interview consisted of questions related to how employers gather data from their employees, for what purposes employees believe their employers require and process data about them and on employers’ abilities and liberties to take control over data disclosure. We further elaborated on these topics by asking whether third parties are involved in any of these activities and asked them to draw or rather sketch data flows if they answered yes.

    • How does your employer obtain such data from and about you?

    • For what purposes can this data be used?

    • How do you consent to the use of this data?

    • What freedoms do you have when it comes to your company data?

    • Are there any third parties besides your employer who use or collect such data about you within the scope of your activities?

  4. 4.

    Privacy expectations: We asked participants about their awareness of data processing and possible data misuse scenarios.

    • Do you think it is possible for your employer to use data about you without your knowledge?

    • Suppose an employer collects or uses data without the consent of its employees: What consequences could data misuse have for employees?

  5. 5.

    Debriefing and questionnaire on demographics: At the end of the survey, participants were asked whether they want to add anything to the previous discussion and to fill out a post-questionnaire on demographics.

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tolsdorf, J., Dehling, F. (2020). In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-54455-3_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-54454-6

  • Online ISBN: 978-3-030-54455-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics