Abstract
The increasing digitization of the workplace poses new threats to the right to privacy for employees. Previous work on this matter was rather quantitative and with a strong focus on monitoring and surveillance. Yet, there is a lack of comprehensive explanations for employees’ privacy perceptions and what drives their risk and trust perceptions.
We conducted an interview study with 22 German employees to qualitatively examine (1) issues and themes related to the expectations of privacy of office workers and (2) their beliefs and understandings of how their data is handled by their employers.
We present the mental model of the believing employee, which is characterized by a high level of trust in the lawful processing of personal data by the employer and little fear of invasions of privacy. The mental model is strongly influenced by the uncertainty regarding the processing of personal data by employers and compensates missing experiences regarding privacy at work with analogies from private online use.
Jan Tolsdorf, Florian Dehling, In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions, Proceedings of AsiaUSEC’20, Financial Cryptography and Data Security 2020 (FC). February 14, 2020
Kota Kinabalu, Sabah, Malaysia Springer, 2020
Supported by the German Federal Ministry of Education and Research (BMBF) under the research project “TrUSD - Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen” (transparent and self-determined design of data use in organizations) (16KIS0899).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015). https://doi.org/10.1126/science.aaa1465
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Privacy Mag. 3(1), 26–33 (2005). https://doi.org/10.1109/MSP.2005.22
Alge, B.J., Ballinger, G.A., Tangirala, S., Oakley, J.L.: Information privacy in organizations: empowering creative and extrarole performance. J. Appl. Psychol. 91(1), 221–232 (2006). https://doi.org/10.1037/0021-9010.91.1.221
Backhaus, N.: Context sensitive technologies and electronic employee monitoring: a meta-analytic review. In: 2019 IEEE/SICE International Symposium on System Integration (SII), pp. 548–553 (2019). https://doi.org/10.1109/SII.2019.8700354
Ball, K., Daniel, E.M., Stride, C.: Dimensions of employee privacy: an empirical study. Inf. Technol. People 25(4), 376–394 (2012). https://doi.org/10.1108/09593841211278785
Buchmann, J., Nebel, M., Roßnagel, A., Shirazi, F., Simo, H., Waidner, M.: Personal information dashboard: putting the individual back in control. In: Hildebrandt, M., O’Hara, K., Waidner, M. (eds.) Digital Enlightenment Yearbook 2013, pp. 139–164. Iso Press, Amsterdam (2013)
Camp, L.J.: Mental models of privacy and security. IEEE Technol. Soc. Mag. 28(3), 37–46 (2009). https://doi.org/10.1109/MTS.2009.934142
Campbell, J.L., Quincy, C., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews: problems of unitization and intercoder reliability and agreement. Sociol. Methods Res. 42(3), 294–320 (2013). https://doi.org/10.1177/0049124113500475
Chen, X., Ma, J., Jin, J., Fosh, P.: Information privacy, gender differences, and intrinsic motivation in the workplace. Int. J. Inf. Manag. 33(6), 917–926 (2013). https://doi.org/10.1016/j.ijinfomgt.2013.08.010
Craik, K.J.W.: The Nature of Explanation. Cambridge University Press, Cambridge (1943)
Dinev, T., Hart, P.: An extended privacy calculus model for E-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006). https://doi.org/10.1287/isre.1060.0080
Domingo-Ferrer, J., et al.: European Union, European Network and Information Security Agency: Privacy and data protection by design - from policy to engineering. ENISA, Heraklion (2014)
Feinstein, A.R., Cicchetti, D.V.: High agreement but low Kappa: I. The problems of two paradoxes. J. Clin. Epidemiol. 43(6), 543–549 (1990). https://doi.org/10.1016/0895-4356(90)90158-L
Fischer-Hübner, S., Pettersson, J.S., Angulo, J.: HCI requirements for transparency and accountability tools for cloud service chains. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 81–113. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17199-9_4
Gerber, N., Zimmermann, V., Volkamer, M.: Why johnny fails to protect his privacy. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroSPW), pp. 109–118 (2019). https://doi.org/10.1109/EuroSPW.2019.00019
Gwet, K.L.: Computing inter-rater reliability and its variance in the presence of high agreement. Br. J. Math. Stat. Psychol. 61(1), 29–48 (2008). https://doi.org/10.1348/000711006X126600
Jackson, C.B., Wang, Y.: Addressing the privacy paradox through personalized privacy notifications. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2(2), 68:1–68:25 (2018). https://doi.org/10.1145/3214271
Jones, N., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16(1) (2011). https://doi.org/10.5751/ES-03802-160146
Krebs, D., Doctor, J.: “Privacy by design”: nice-to-have or a necessary principle of data protection law? JIPITEC - J. Intellect. Prop. Inf. Technol. E-Commerce Law 4(1), 2–20 (2013)
Kumar, P., Naik, S.M., Devkar, U.R., Chetty, M., Clegg, T.L., Vitak, J.: ‘No telling passcodes out because they’re private’: understanding children’s mental models of privacy and security online. Proc. ACM Hum.-Comput. Interact. 1(CSCW), 64:1–64:21 (2017). https://doi.org/10.1145/3134699
Kwasny, M., Caine, K., Rogers, W.A., Fisk, A.D.: Privacy and technology: folk definitions and perspectives. Technical HFA-TR-0804, Atlanta, GA: Georgia Institute of Technology School of Psychology - Human Factors and Aging Laboratory, Florence, Italy (2008)
Mayring, P.: Qualitative content analysis [28 paragraphs]. Forum Qual. Sozialforschung/Forum: Qual. Soc. Res. 1(2), Art. 20 (2000). https://doi.org/10.17169/fqs-1.2.1089
Mettler, T., Wulf, J.: Physiolytics at the workplace: affordances and constraints of wearables use from an employee’s perspective. Inf. Syst. J. 29(1), 245–273 (2019). https://doi.org/10.1111/isj.12205
Morgan, M.G., Fischhoff, B., Bostrom, A., Atman, C.J. (eds.): Risk Communication: A Mental Models Approach. Cambridge University Press, Cambridge (2002)
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017). https://doi.org/10.1109/ACCESS.2017.2765539
Murmann, P., Reinhardt, D., Fischer-Hübner, S.: To be, or not to be notified: eliciting privacy notification preferences for online mHealth services. In: Proceedings of the 34th IFIP International Information Security and Privacy Conference (IFIP SEC), Lisbon, Portugal (2019)
Norman, D.A.: Some observations on mental models. In: Gentner, D., Stevens, A.L. (eds.) Mental Models, pp. 7–14. Lawrence Erlbaum Associates Inc. (1983)
Oates, M., Ahmadullah, Y., Marsh, A., Swoopes, C., Zhang, S., Balebako, R., Cranor, L.F.: Turtles, locks, and bathrooms: understanding mental models of privacy through illustration. Proc. Privacy Enhanc. Technol. 2018(4), 5–32 (2018). https://doi.org/10.1515/popets-2018-0029
Polst, S., Kelbert, P., Feth, D.: Company privacy dashboards: employee needs and requirements. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 429–440. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22351-9_29
Prettyman, S.S., Furman, S., Theofanos, M., Stanton, B.: Privacy and security in the brave new world: the use of multiple mental models. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 260–270. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_24
Schomakers, E.M., Lidynia, C., Ziefle, M.: Hidden within a group of people - mental models of privacy protection. In: Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security, pp. 85–94. SCITEPRESS - Science and Technology Publications, Funchal, Madeira, Portugal (2018). https://doi.org/10.5220/0006678700850094
Shen, Y., Pearson, S.: Privacy enhancing technologies: a review. Technical HPL-2011-113, HP Laboratories, UK (2011)
Smith, S.A., Brunner, S.R.: To reveal or conceal: using communication privacy management theory to understand disclosures in the workplace. Manag. Commun. Q. 31(3), 429–446 (2017). https://doi.org/10.1177/0893318917692896
Stone, E.F., Gueutal, H.G., Gardner, D.G., McClure, S.: A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. J. Appl. Psychol. 68(3), 459–468 (1983). https://doi.org/10.1037/0021-9010.68.3.459
Tolchinsky, P.D., McCuddy, M.K., Adams, J., Ganster, D.C., Woodman, R.W., Fromkin, H.L.: Employee perceptions of invasion of privacy: a field simulation experiment. J. Appl. Psychol. 66(3), 308–313 (1981). https://doi.org/10.1037/0021-9010.66.3.308
Watkins Allen, M., Coopman, S.J., Hart, J.L., Walker, K.L.: Workplace surveillance and managing privacy boundaries. Manag. Commun. Q. 21(2), 172–200 (2007). https://doi.org/10.1177/0893318907306033
Woodman, R.W., Ganster, D.C., Adams, J., McCuddy, M.K., Tolchinsky, P.D., Fromkin, H.: A survey of employee perceptions of information privacy in organizations. Acad. Manag. J. 25(3), 647–663 (1982). https://doi.org/10.5465/256087
Zimmermann, C., Accorsi, R., Müller, G.: Privacy dashboards: reconciling data-driven business models and privacy. In: 2014 Ninth International Conference on Availability, Reliability and Security, pp. 152–157 (2014). https://doi.org/10.1109/ARES.2014.27
Acknowledgments
The authors would like to thank Hartmut Schmitt and Svenja Polst for their support in conducting interviews, the involved organizations for their support in recruiting participants and last but not least all employees for their participation and valuable insights on privacy perceptions in the workplace.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A Participants
See Table 1.
Appendix B Interview Outline (Translated)
-
1.
Welcome and general instructions: At the start of the interview, participants were welcomed and briefed about the study procedure, the study conditions and asked for their consent to elicit data (drawings, hand writings, answers to questionnaire, voice recording).
-
2.
Use of technical tools during everyday work: In the first part of each interview, participants were asked to summarize their job profile and to explain the kind of technical tools (hardware and software) they use for their ordinary working activities. All tools were written down on moderation cards and displayed on the table.
-
Please describe to me with which tasks you mainly deal with in your daily work.
-
Which technical aids or tools do you use in your daily work?
-
-
3.
Data gathering and processing by employers: The next part of the interview consisted of questions related to how employers gather data from their employees, for what purposes employees believe their employers require and process data about them and on employers’ abilities and liberties to take control over data disclosure. We further elaborated on these topics by asking whether third parties are involved in any of these activities and asked them to draw or rather sketch data flows if they answered yes.
-
How does your employer obtain such data from and about you?
-
For what purposes can this data be used?
-
How do you consent to the use of this data?
-
What freedoms do you have when it comes to your company data?
-
Are there any third parties besides your employer who use or collect such data about you within the scope of your activities?
-
-
4.
Privacy expectations: We asked participants about their awareness of data processing and possible data misuse scenarios.
-
Do you think it is possible for your employer to use data about you without your knowledge?
-
Suppose an employer collects or uses data without the consent of its employees: What consequences could data misuse have for employees?
-
-
5.
Debriefing and questionnaire on demographics: At the end of the survey, participants were asked whether they want to add anything to the previous discussion and to fill out a post-questionnaire on demographics.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tolsdorf, J., Dehling, F. (2020). In Our Employer We Trust: Mental Models of Office Workers’ Privacy Perceptions. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)