Privacy concerns in personal cloud computing and the effect of company reputation

(1)

Master Business Administration

Privacy concerns in personal cloud computing and the effect of company reputation

| Falco Vriesekoop | 11145730 | Master Business Administration Digital Business |

(2)

1

Statement of Originality

This document is written by Falco Vriesekoop who declares to take full responsibility for the contents of this document.

I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it. The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.

(3)

2

Acknowledgements

The process of writing this thesis has been stressful but overall proved to be a great way in which I got the opportunity to come to appreciate and use the competencies acquired during my time at the University of Amsterdam. I would like to thank my supervisor prof. Peter van Baalen for his support and guidance during this process. His input made writing this thesis both intellectual challenging and enjoyable. In addition I would like to thank all the people around me who provided me with emotional support.

(4)

3

Abstract

The rise of the internet and developments in technology has resulted in the rise of cloud computing services. Both organizations and consumers are making use of this new technology to store data. This technology brings clear benefits for consumers of the service. However the market for such services also faces challenges. One of the most important challenge in the industry are privacy concerns among users. These concerns seem legit after witnessing multiple privacy issues and breaches of well-known cloud service providers like iCloud and Dropbox. Whereas most existing literature focusses on organizations as users of cloud computing services this research focusses on individual consumers. Now there are providers of personal cloud services in the market that solely focus on privacy as a strategy, whereas others focus on costs or convenience of the service. This research discusses the privacy concerns literature and adjusts its models to provide a fit in the context of cloud computing. By combining literature from the fields of privacy, behavioral intention and company reputation this research tries to answer the following research question.

How do privacy concerns effect the intention to use personal cloud services and how does company reputation play a role in this?

To answer this question a combination of quasi-experimental, survey and two x two factorial between-subjects designs was used. In the end two hundred sixteen (n=216) respondents filled out the survey of which one hundred fifty five (N=155) were eventually used for analysis. The results showed that company reputation was the single most important factor influencing the intention to use cloud services. In addition company reputation was found to have an indirect effect through both privacy concerns and trust. In this indirect effect company reputation had a negative effect on privacy concerns and privacy concerns effected trust negatively. Also an indirect effect of company reputation solely through trust was found in which company reputation effected trust positively. However, in contradiction to existing

(5)

4

literature, the positive effect of trust on intention to use cloud services was not found. From these results we can conclude that it is beneficial for companies to focus on company reputation in the context of cloud computing as it both increases intention to use and trust. In addition a higher company reputation was found to cease privacy concerns.

(6)

5

1. Introduction

With the rise of the internet a lot has changed in the way we live and work. The internet made it possible to connect the whole world together and provide consumers with access to information at any place, any time. Next to the rise of the internet other technological developments made it possible to make huge improvements in storage and battery capabilities. Gorden Moore, co-founder of Intel, predicted in 1965 that every two years the number of transistors on a dense integrated circuit will double. This resulted in more, faster and cheaper computers. These two phenomena go hand in hand as the rise of the internet increased the amount of data and therefore more and stronger computers were needed to handle that amount of data.

A combination of these two phenomena is clearly seen in cloud computing (CC). CC refers to the on-demand network that provides access to a shared pool of scalable and managed IT resources on a pay-per-use basis (Mell & Grance, 2011). Although maybe not a relative new way of accessing IT resources, e-mail services are being used for a long time now. Innovations in both the soft- and hardware industry as well as in business and technology have resulted in consumer software that goes well beyond the capabilities of traditional e-mail services (Gashami et al., 2014). Several innovations like Service Oriented Architecture (SOA) and on-demand capability have allowed software providers to bring products to the market as a service by using the internet. The result of this change is that consumers are more and more relying on software provided as a service and cloud data storage to store and process information (Gartner, 2012).

The statistics show no sign of a slowing growth for cloud computing (CC). Garnter (2016) predicts that in 2020 a total amount of 1 Trillion USD will be spend on CC, making it one of the most disruptive technologies in IT. The specific form of CC that consumers use in the form of for example Dropbox is SaaS (Software as a Service) and the growth of SaaS also

(8)

7

does not show any sign of slowing down. SaaS total market share in 2014 was estimated at 12.1 billion USD, whereas this has risen to 144 billion USD in 2016 (Gartner, 2016). When we look at personal cloud storage in particular it is estimated that in the next 3 years the global number of consumers using online storage services will almost double to a staggering amount of 2309 million people in 2020 (Statista, 2015). Within the EU one in five people reported having used the internet to store information in 2014 (Eurostat, 2014). Looking at the Netherlands in particular, 34% of the people reported to have used these kinds of services, coming fifth behind Denmark, the UK, Luxembourg and Sweden.

The combination of greater computational power, data storage and access to software over the internet holds tremendous benefits for consumers. Where at first consumers had to buy a computer or external hard drive with a certain amount of storage, now computation happens at the server-side. This means consumers don’t need to buy high-performance and large storage devices. According to Ion et al. (2011) the drivers behind the shift towards personal cloud computing are the efficiency and availability of information anytime and anywhere. Several big, well-known companies are in the market of personal cloud computing. Whereas Google has Google Drive, Microsoft has OneDrive and Amazon has AmazonDrive.

However, in addition to the clear benefits that cloud computing holds there are also challenges to it. These challenges might have a negative impact on the predicted growth in this particular market. Two of the most mentioned challenges in this respect are privacy and security issues (Blue & Tirotta, 2011; Hussein & Khalid, 2015; Pearson, 2010; Sadiku, Musa & Momoh, 2014). Examples of concerns among users are perceived control (Ion et al., 2011) and unauthorized access (Paquette et al., 2010) which could prevent users to use personal cloud services. These concerns seem legit after witnessing multiple breaches of well-known cloud service providers. For example Apple’s iCloud was breached in 2014 when over 500 pictures of celebrities were obtained from its server. Also Dropbox announced a big password reset in

(9)

8

2017 as result of a massive breach. This breach took place in 2012 when details of over 68 million accounts were obtained. Because of these challenges to personal cloud services companies have emerged with their main focus and unique selling point being privacy. An example of such a company is Sync. Where AmazonDrive’s main focus on their website is the convenience of using cloud storage, Sync mainly focusses on the privacy issue for consumers. Sync describes itself as: ‘a fully encrypted, zero-knowledge cloud service.’

However, the research that is conducted in the field of cloud computing and the challenges it holds has mainly focused on organizations (Gashami, Chang & Rho, 2014). Few studies have put the consumer at the centre and used consumer privacy and intentional behaviour literature to examine if the theories in this field hold in the context of personal cloud computing. Privacy concerns refer to subjective views when it comes to the fairness within the context of one’s information privacy (Cambell, 1997; Malhotra et al., 2004). These concerns will vary depending on factors like industry, culture or product type (Dai, Forsythe & Kwon 2014; Donaldson & Dunfee, 1994). Because these concerns are contextual, it is necessary to conduct research on theories in a new context like personal cloud services. As a widely used strategy to cease privacy concerns companies tend to focus on privacy policies and security protocols. However, most researchers have found a weak or even insignificant effect of such policies on privacy concerns (Becker et al., 2014; Belanger et al., 2002; Mcdonald et al., 2009). Some studies have even found that privacy policies increase the concerns of consumers (Rao et al. 2016). Reasons for the lack of effectiveness that have been suggested are the amount and complexity of information in these policies. Therefore it can be suggested that companies should focus on different strategies in order to overcome the main challenges for the future of personal cloud computing. Because of these reasons company reputation has been suggested to play a role in influencing privacy concerns as well as in trust. Company reputation has been described as “A relatively stable, issue specific aggregate perceptual representation of a

(10)

9 company’s past actions and future prospects compared against some standard.” (Fombrun,

1996). This definition suggests that it takes time to build a reputation and a company can have multiple reputations on different issues. As described above some well-known companies as well as newer companies are in the market of personal cloud computing services. It would be interesting to see if focussing on company reputation can be an effective way to overcome the challenges in the market.

As to my knowledge, no research has looked in to the effect of company reputation on privacy concerns and behavioural intention in the context of personal cloud computing services. Company reputation has been linked to privacy concerns and perceived security (Featherman, Miyazaki & Sprott 2010; Li, 2014; Ray et al., 2011) and it would be interesting to see if this also impacts privacy concerns in the context of personal cloud services.

The aim of this study will therefore be to see if theory and models that are used in privacy literature hold and can be used in the context of personal cloud services and in addition to see what the effect is of company reputation on these concerns and the intention to use personal cloud services. The research question therefore is:

How do privacy concerns effect the intention to use personal cloud services and how does company reputation play a role in this?

The main contribution of this research will be twofold. First it will enrichen the literature by testing and applying theories of privacy and company reputation in the context of personal cloud computing. The fact that in in this context it is the consumer itself who provides personal information willingly and in huge amounts makes it very different from other privacy oriented marketing literature like mobile advertising. Therefore it is important to know if the theories hold and thus if we can apply the same logic in this context. Secondly this research will contribute to managers of cloud service providers because it sheds light on the effect of

(11)

10

company reputation. As discussed above, privacy strategies such as privacy policies and security protocols showed mixed results. Although company reputation is hard to change overnight and needs time to build, this research could make it clear if building a good reputation with respect to privacy will help in decreasing concerns and increasing intention to use such services.

The remaining of this research is built up by first providing a detailed review of the existing literature on cloud computing, privacy and literature that discusses both. Next in chapter 3 a theoretical framework is provided that leads to the conceptual model that will be tested. In chapter 4 the methodology of the research is described. In chapter 5 data analysis and the main results will be described. Then chapter 6 will discuss the results, limitations of the research and directions for future research. Lastly chapter 7 will provide an overall conclusion.

(12)

11

2. Literature Review

2.1 Cloud computing

There is no clear definition of cloud computing (Pearson, 2010), however a widely used definition comes from the United States National Institute of Standards and Technologies (NIST):

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., network servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

The resources that are referred to in the definition can be hardware or system software on remote date centres (Pearson, 2010). In addition, it is possible that the resources are services that are based on these hardware or system software that is accessed through the internet. So cloud computing refers to the underlying infrastructure through which customers are provided with services. Next to this, several different forms of cloud computing service can be identified. First there is Infrastructure as a Service (IaaS). IaaS refers to the delivery of computing resources. The customer rents, rather than buys, the resource which can be managed via Application Programming Interface (API). Examples of such a service are Amazon EC2 and S3 (Pearson, 2010). Second there is Platform as a Service (PaaS). In this service, solution stack for software development are delivered by the provider. This service allows the customer to develop new applications. Examples of such a service are Google App Engine or Microsoft Azure. Lastly there is Software as a Service (SaaS). In this service the application is the service which is available on demand and paid for on per-use basis. Each customer has its own resources that are separated from other customers. An example of such a service is Dropbox.

(13)

12 2.1.1 Adoption of cloud computing

Most research on the adoption of cloud computing has been done in the context of organizations. From this research different factors and drivers have been found to influence the adoption of cloud computing by organizations. The first driver behind the adoption is cost advantage. For example Benlian and Hess (2011) did research among IT executives and found cost advantage to be the single most important motivation to adopt and use SaaS. They also found that among their respondents security issues were the single most important challenge to the adoption of such services. However, research also shows that the drivers behind adoption of cloud computing can be very contextual. For example Gupta, Seetharaman & Raj (2013) show that for medium- and small enterprises (SME) cost savings or cost reduction are not the single most important factor to adopt cloud computing. For SMEs ease of use and convenience were found to be most important and security and privacy issues came in as second most important factors. Also research showed there is a difference between the private and the public sector. Shin (2013) compared the drivers in both sectors. The results of the research showed similar factors affecting the intention to use cloud services, however the role the factors play and the intensity were different. In the public sector security and usefulness were found to be of great importance whereas in the private sector access, availability and reliability were the most dominant factors. Also Borgman et al. (2013) found that technology and organizational contexts like technology complexity and top management support were factors that affect whether or not organizations adopt cloud computing.

Limited research has focused on consumers adoption to cloud computing services and SaaS in particular. Perceived benefits that were found to influence the adoption of cloud service are the low priced services, ease of us and simplicity of the services (Behrend et al., 2011). In addition the Technology Acceptance Model (TAM) has been used to explain the adoption of personal cloud computing services indicating ease of use and usefulness of the services as

(14)

13

drivers behind adoption by consumers (Eltayeb & Dawson, 2016). Also Wang (2016) found that network externalities and personal innovativeness also play a role in the intention to adopt to personal cloud services. The challenges for the adoption of personal cloud computing services are widely agreed on. According to multiple researchers security and privacy risks are deterring users form adopting cloud computing services (Eltay & Dawson, 2016; Gashami et al., 2015; Zhou et al., 2010).

2.2 Privacy

Information privacy refers to “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others” (Westin 1967, p7.) Although this may sound as a straight forward construct, the practical boundaries of the concept varies with multiple factors like industry, cultures and regulatory laws (Andrews 2002; Culnan & Bies, 2003; Milberg, et al., 1995). For example the EU has privacy protections laws and The Data Protection Directive represents this protection and holds companies accountable for consumer privacy related behaviour to a single authority. In contrast the US don’t have a Constitutional right to privacy and federal regulators have been hesitant to enforce privacy protections for consumers in the US (Solove, 2011).

Privacy has been used to analyse different outcomes in the last couple of years (Martin & Murphy, 2014). Privacy concerns have been used both as predictive and outcome variable. As an outcome measure researchers found that privacy concerns are affected by factors such as age, company reputation and amount of regulatory controls (Goldfarb & Tucker, 1997; Martin, 2015). As predictive variable privacy concerns are often linked to willingness to disclose information (e.g. Wu, Huang Yen & Popova 2012), purchase intention (Bart et al., 2005) but also technology acceptance (Featherman, Miyazaki & Sprott 2010).

(15)

14

Scholars have made different attempts to capture the influence of privacy concerns among consumers (Martin & Murphy, 2014). One of the models that is used is the privacy calculus model. This model posits that consumers disclose their personal information on the relative valuation and utility of privacy and personalization (Zhu et al., 2016). That is to say consumers tend to make a calculation on privacy benefit, the degree to which a consumer believes that the outcomes associated with the disclosure of his/her personal information will be favourable, and privacy risk, which refers to the believes of an individual that there is a high potential for loss associated with the disclosure of personal data. In this regard Dinev & Hart (2006) found that privacy concerns inhibit e-commerce transactions but that this negative influence of privacy concerns was mediated by Internet trust and Internet interest. Zhu et al. (2016) looked further in to the privacy calculus model by searching for differences among consumers. They were able to identify three different segments based on differences in perceptions of privacy costs and benefits. These differences should, according to the authors, lead to different strategies per segment like differences in website design or product pages.

Another conceptual model that has been used is the privacy – trust – intention model. This model explains how privacy influences trust which influences behavioural intention (Liu, Marchewka, Lu & Yu, 2004). Based on this model Wu, Huang Yen and Popova (2012) found that the content of privacy policies has a significant effect on trust and privacy concerns. They also found evidence for the relationship between privacy and trust and trust and the willingness to disclose personal information. Aloysius, Hoehle, Goodarzi and Venkatesh (2016) implemented the technology acceptance model in to the privacy concern-behavioural intention model by conducting research on new retail services. They found that privacy concerns are negatively affecting technological acceptance but usefulness of the service has a positive influence on acceptance of new retail services.

(16)

15

In addition to these conceptual models which explain consumer behaviour, other research has focused on privacy as a strategy (Martin & Murphy, 2014). That is to say that privacy related practices by firms are used to create a competitive advantage. For example Casadesus-Massanell and Drane (2015) conducted research on the possibility to compete with privacy in both a firms’ primary market as well as in its secondary market. The competing in the primary market holds using privacy related practices in targeting and marketing to consumers whereas in the secondary market consumer information is sold to third-parties. They show that strategies focusing on both markets is of high risk and therefore marketers should focus on one or the other. Other research focused more on managerial work like Goldfarb and Tucker (2013). They argue that strong consumer privacy protection should be seen as an opportunity rather than a cost because strong privacy management provides positive brand experience which in turn will lead to competitive advantage. Also some big well known firms are using privacy as a strategy related practices. For example WhatsApp has been blocked multiple times in Brazil for not providing information on chatting history of alleged drug traffickers and Apple has refused to grant U.S. law enforcement access to the iPhone of a known terrorist. In the latter case Apple released a statement stating:

“We built strong security into the iPhone because people carry so much personal

information on our phones today, and there are new data breaches every week affecting individuals, companies and governments. The passcode lock and requirement for manual entry of the passcode are at the heart of the safeguards we have built into iOS. It would be wrong to intentionally weaken our products with a government-ordered backdoor. If we lose control of our data, we put both our privacy and our safety at risk”

(17)

16

Martin and Murphy (2017) provide a list of best practices for privacy as a strategy based on their review on academic research and marketing practice. According to these authors these best practices are:

• Prioritizing data privacy in an authentic way;

• Involvement of customers in the information privacy dialogue; • Align data privacy practices across all aspects of the firm;

• Focus on what the firm is doing right with respect to data privacy; • Commit to data privacy practices over the long-term;

• Trust serves as a key mechanism to positive performance in data privacy practices.

2.2.1 Personal cloud computing and privacy

Security and privacy issues have been noted as two of the main challenges for cloud computing (Gashami, Chang & Rho, 2014; Pearson, 2010). The main reasons for these factors to be a challenge in cloud computing, and especially SaaS, are the threat of unauthorised access (Paquette et al., 2010) and losing control over data (Ion et al., 2010). Research in this field has largely focused on organizations (Gashami, Chang & Rho, 2014). However few studies have been focusing on the consumer and the challenge of privacy concerns. Gashami, Chang and Rho (2014) conducted a research focusing on privacy concerns and the perceived benefits of SaaS. They found that whereas perceived benefits had a direct effect on the intention to use a certain SaaS application, privacy concerns did not. However the effect of privacy concerns was indirect and mediated by trust. Additionally Moqbel and Bartelt (2015) did a replication research where they tested a conceptual model, which integrates Theory of Reasoned Action (TRA) and the Technology Acceptance Model (TAM), in the context of personal cloud computing. They found that the model still holds in the context of cloud computing. That is to

(18)

17

say trust remains the single most important factor in the acceptance of new cloud computing technology. Also perceived risk played a significant role. The only difference that was found with previous research was that perceived ease of use did not affect the intention to use cloud computing. This could indicate that in this day and age consumers are more focused on the purpose of a service than on navigation through the service (Moqbel & Bartelt, 2015).

(19)

18

3. Theoretical framework and hypotheses

3.1 Trust

The concept of trust is considered one of the most highly challenging terms mainly because different researchers from different disciplines regard the concept from different viewpoints (Hong & Cho, 2011). In general terms trust is defined as the willingness of a party to be vulnerable to the actions of another party based on expectations that the other party will perform a particular action important to the trustor, irrespective of the ability to control or monitor that other party (Hong & Cho, 2011). This implies that the trustor, by accepting trust, is taking a degree of risk. This general definition is viewed slightly different in different disciplines. For example in politics trust entails a situation where one party does not betray the other party in the search for interests. On the other hand in marketing trust is viewed as being the consumer’s perceived reliability on the product, service or brand of a merchant (Flavian, Guinaliu & Gurrea, 2006). Gashami et al. (2015) defined trust in the context of SaaS providers as “the users optimism about the behaviour and goodwill of SaaS providers” (p. 840).

Trust is a concept that has been widely used as one of the most important factors influencing human behaviour and consumer behaviour in particular (Bélanger & Carter, 2008; Gashami et al., 2015; Malhotra et al, 2004; Moqbel & Bartelt, 2015). For example Hong and Cha (2013) find that trust in an online merchant mediates the effect of perceived risk on purchase intentions. According to the researchers this implies that reducing perceived risk in consumers will firstly lead to improved trust, which in turn will lead to an increase of the intention to purchase. Especially in the context of e-commerce, like SaaS, trust is extremely important because consumers are challenged by purchasing products or services from a company they often cannot physically visit and where they cannot see or touch employees.

(20)

19

In the research of information systems trust has also widely been used to explain adoption behaviour in IT (Bélanger & Carter, 2008; Carter & Weerakkody, 2008; Lee, Lee & Kim, 2015; Srivastava, Cahndra & Theng, 2010). For example Nor and Pearson (2015) found that in accepting and adopting new technologies in internet banking trust plays a significant role as next to relative advantage and triability.

When looking more specific at the privacy literature findings also show an important role for trust in the intention to use or adopt new technologies (Gashami et al., 2014; Eastin et al., 2015; Malhotra et al., 2004; Miltgen et al., 2015). All these studies have found a significant positive relationship between trust and behavioural intention. Therefore in this study the first hypotheses is:

H1: Trust has a positive effect on the intention to use personal cloud services

3.2 Cloud Computing Privacy Concerns (CCPC)

A framework that was developed to understand and capture individual privacy concerns is the Concerns For Information Privacy (CFIP). This model, developed by Smith et al. (1996), was designed to capture individuals concerns about organizational information privacy practices. The four dimensions used in this model are collection, improper access, unauthorized secondary use and errors. This framework has been used to research privacy concerns in both off- and online contexts (van Slyke et al., 2006; Smith et al., 1996) and found to be a reliable measure of privacy concerns. Another model that is widely used is the Internet Users Information Privacy Concerns (IUIPC). The creation of the IUIPC model was an addition to the CFIP scale. This model was especially designed to be used in online settings. Malhotra, Kim and Agarwal (2004) use the theoretical framework of social contract theory to come up with the conceptual framework of IUIPC. One of the main points of social contract theory is that “an equitable exchange involving a long-term relationship should be accompanied by

(21)

20

shared understanding about contractual terms and self-control over the course of the relationship” (Malhotra et al., p338). Applying this to information privacy suggests that collection of personal information by firms is only fair when customers are granted control and that consumers are informed about the firm’s intended use of the information. The conceptualization of IUIPC is therefore “the degree to which an internet user is concerned about online marketers’ collection of personal information, the user’s control over the collected information, and the user’s awareness of how the collected information is used” (Malhotra et al., p338). So the factors that are the basis of the IUIPC model are collection, control and awareness. A combination of both the IUIPC and CFIP scales has been used in the context of personal cloud computing (Gashami et al., 2014). However not all factors from both models seem relevant in this context.

First collection holds the starting point of all information privacy concerns. In the IUIPC model this construct refers to the degree an individual is concerned about the amount of information that is collected relative to the value of the benefits received in return. Here you can see a link with the privacy calculus model which suggests privacy decisions are based on perceived benefits and risk of sharing personal information. The dimension of collection is not only grounded on the privacy-calculus model, but also on the principle of distribute justice which can be explained as the perceived fairness of outcomes that come from the exchange (Malhotra et al., 2004). However, in the context of cloud computing the very act of collection is done by the consumer and the consumer decides how much he/she will disclose. Therefore this research recognizes that collection of information in the context of personal cloud computing does not play a relevant role in privacy concerns and will not be considered in the conceptual model. Also errors do not seem to play a role in the context of cloud computing as this refers to errors made during data entry by the provider. Because in the context of cloud computing users enter their own data this does not seem to be relevant.

(22)

21

Unauthorized secondary use refers to the fear of individuals that the information provided might serve for different purposes other than the primary goal. Important hereby is that this secondary use is not authorized by the owner of the information (Smith et al., 1996). In the context of cloud computing information privacy laws were found to be not fully sufficient in protecting consumers from unauthorized secondary use. Svantesson and Clark (2010) found that trans-border data laws are only able to protect users when the data is transferred from the SaaS provider to a third party. However when the data is transferred within the same organization such laws don’t provide protection. This leaves room for such providers to use the data without the consent of the user. Therefore unauthorized secondary use is a key dimension of privacy concerns in the context of personal cloud computing.

Improper access refers to the concern of individuals that the personal data that is provided is available to people who are not properly authorized to view or work with this data (Smith et al., 1996). The dimension of improper access in the context of cloud computing is highly relevant because of the fact that providers mostly use multi-locations to store the data and usually have sub-contracts with other vendors (Gashami et al., 2014). This may lead to exposure of users’ data to others who do not have a proper clearance to view or work with it (Zhou et al., 2010). Next to this because cloud computing is based on the fact that the computation happens at the providers side it is possible that employees may have access to the information the users stored on its servers. Because of these reasons improper access is a key dimension in privacy concerns in the context of cloud computing.

Lastly the IUIPC framework added control as a dimension of privacy concerns. Control is grounded in the principle of procedural justice. This refers to the view that a procedure is fair when people are given control over the procedures (Gilliland, 1993). The construct of control is especially important when it comes to information privacy. This is because consumers are taking high risks by disclosing their personal information (Malhotra, 2004). Control is seen as

(23)

22

the existence of voice (like approval and modification) or exit of the social contract. Lack of such a control will give rise to privacy concerns of consumers. In the context of cloud computing this could be the fear of losing to right the delete information from the providers server. Control has been found the be an important factor influencing privacy concerns in e-commerce (Hong et al., 2013) as well as in personal cloud computing (Gashami et al., 2014). Therefore control will play a role in the construct of privacy concerns in the context of personal cloud services.

So to sum: In the context of cloud computing not all dimensions of the CFIP and IUIPC models are relevant. Collection and errors do not seem to be relevant because it is the user itself who is entering the data and no collection occurs from the providers side and also no errors can occur from the providers side. The dimensions in Cloud Computing Privacy Concerns (CCPC) model are therefore: unauthorized secondary use, improper access and control.

3.3 Privacy – trust – intention model

As discussed above one of the conceptual models used in the privacy literature is the privacy – trust – intention model. The model is based on the Theory of Reasoned Action (TRA) which says that an individual’s perceptions and attitudes will influence its behaviour when that individual believes the actions will lead to a certain outcome (Liu et al., 2005). Based on this logic, Liu et al. (2005) reasoned that consumers perceptions of privacy and risk should lead to behavioural intentions in an online business activity. In their study Liu et al. (2005) state that privacy concerns are one of the major antecedents of trust and they find that it significantly influences trust which in turn will result in behavioural intentions such as purchases or positive word of mouth. As mentioned before this reasoning has been widely used in the privacy literature and multiple authors have found that privacy concerns significantly influences trust

(24)

23

(Eastin et al., 2015; Gashami et al., 2014; Malhotra et al., 2004; Miltgen et al., 2015). However in the same studies no significant direct effect was found for privacy concerns on behavioural intention. This indicates that the effect of privacy concerns if fully mediated by trust. Therefore the second hypotheses is:

H2: Privacy concerns have a negative effect on trust

3.5 Company reputation

The terms of organizational identity, image and reputation have often been used interchangeably (Barnett et al., 2006). However these three terms do refer to different aspects. For example whereas organizational image is based on the desired perceptions of stakeholders about an organization, reputation is about what is actually known by stakeholders (Walker 2010). A difference between organizational identity and reputation is that whereas identity is about internal stakeholders, reputation is about perceptions of both internal as external perceptions (Walker, 2010).

A widely used definition of reputation is:

“A relatively stable, issue specific aggregate perceptual representation of a company’s past actions and future prospects compared against some standard.” (Fombrun, 1996).

This definition holds several assumptions. First it implies that it takes time to build company reputation. Secondly because it is issue specific a company can have multiple reputations. For example AirFrance-KLM has a good reputation for service but a bad reputation for profitability. Next because it is comparable to some standard a reputation can be better or worse compared to that standard. This implicates that there is a positive or negative dimension in one’s reputation. Lastly because it is defined as relatively stable a specific reputation can be appointed to a company at a specific point in time.

(25)

24

Company reputation has been recognized as source of sustained competitive advantage (Walker, 2010). More specific researchers have found links between reputation and strategic benefits such as lowering costs (Deephouse, 2000; Pfister et al., 2016), attracting stakeholders (Fomrun, 1996; Keh & Xie, 2009; Srivastava et al., 1997) and increasing profitability (Roberts & Dowling, 2002; Saeidi et al., 2015).

Research has also focused on reputation and its effect on trust. For example Casalo, Flavian and Guinaliu (2007) conducted research among Spanish respondents on the development of online banking products and found that reputation had a positive significant effect on consumers trust in banking. In addition Ali et al. (2015) did a meta-analytic review on the antecedents and consequences of reputation and showed that trust is one of the consequences of reputation and that the influence of reputation on trust is not dependent of the country where research is conducted.

Next to these studies some research has focused on the relationship between reputation and privacy and security. For example Ponte et al. (2015) conducted research on the effect of trust and perceived value on the intention to purchase from an online travel agency. They found that the main predictors of perceived trust where perceived security and information quality. They also found that vendor reputation was the strongest predictor of perceived security and also played a significant role in perceived privacy. Next to this they found a direct effect of vendor reputation on trust in the online travel agency. In addition, also Eastlick, Lotz and Warrington (2006) found that a strong reputation was the strongest predictor of trust and eased concerns about sharing personal information. Xie, Teo and Wan (2006) found that the more risk/personal information was at stake, the more important reputation becomes in easing concerns. Because consumers store very personal information on cloud services, reputation is likely to play a role in this context. Ray et al. (2011) conducted research focusing on security in the context of online service providers and how firms can influence these security concerns.

(26)

25

They found that company reputation had a significant effect both on trust and security. Another organizational factor such as familiarity with the company was not found to have a significant effect. Based on these findings the hypotheses that will be tested in this researches with regard to company reputation are:

H3: Company reputation has a positive effect on trust

(27)

26

3.6 Conceptual model

In figure 1 the composition of the concepts as discussed in the previous section is visualized. As discussed, trust will be the only factor that directly influences the intention to use personal cloud services. CCPC will have an indirect effect via trust. The effect of company reputation is mediated in serial through both CCPC and trust. As discussed above control, unauthorized secondary use and improper access will together make up the privacy concerns in the context of cloud computing services.

(28)

27

4. Methodology

4.1 Research Design and justification

A quantitative research approach was used for the current research as the aim of the study is to test a conceptual model and examine the relationships between the different variables in this model. This is done by collecting statistical data. Quantitative research allows for collection of data and analysis by making use of statistical techniques (Creswell, 2013). Different categories of quantitative research are observational methods, surveys and experimental design (Nachmias & Nachmias 1996). This research makes use of a quasi-experimental design. This type of experiment design allows the researcher some control over the experiment however it may not always be possible to control for the timing of the experiment (Churchill & Iacobucci, 2009). In addition to the quasi-experimental design also a vignette design was used. This allows the researcher to manipulate the independent variables. In this way it is an effective way to understand the effect of the different manipulations on the dependent variable (Jasso, 2006). The research makes use of a 2 (high reputation/low reputation) x 2 (high trust/low trust) between-subjects factorial design. This holds that each respondent is randomly assigned to one of four possible scenarios (see table 1). This lowers the chance that respondents suffer boredom or are becoming more accomplished which would result in skewed results (Shuttleworth, 2009).

Table 1: Summary of four manipulated scenarios

1. High Company Reputation x High Trust 2. High Company Reputation x Low Trust 3. Low Company Reputation x High Trust 4. Low Company Reputation x Low Trust

(29)

28

For this research a questionnaire was used. The use of questionnaires is cost-effective while at the same time allowing respondents to take their time answering questions. In this way a more accurate response is achieved (McMurray, Pace & Scott, 2004). Also most research that has been done in the privacy and behavioral intention literature has made use of this type of research (Featherman, Miyazaki & Sprott, 2010; Gashami, et al., 2016; Li, 2014; Malhotra, et al., 2004; Miltgen, et al., 2016; 2006; Smith, et al, 1996). The design of a questionnaire requires much care. Therefore pre-tests were conducted which will be discussed in section4.2.

The questionnaire was spread out and administered to participants online. In this respect social media was mainly used to gather participants. Two sampling methods were used. First a convenience sample was used. This method is widely used for several of reasons but also holds some disadvantages. The main benefit is that this research is bounded by time and a convenience sample is a time effective sampling technique. Secondly a snowballing method was used to contact as much possible participants as possible (Maas & Hox, 2005). The online questionnaire was setup by making use of Qualtrics, which is an online survey creation tool. Via this tool the survey can be designed, adjusted and distributed. Also the collected data can be downloaded from this tool in SPSS files. Making use of internet and the online environment holds several benefits like flexibility, speed, ease of data entry and analysis, controlled sampling and low administration costs (Evans & Mathur, 2005). Also it eliminates the need for manual data entry and therefore reduces possible administrative errors.

As a result of both convenience sampling as well as the snowballing technique in this research the majority of the respondents were going to be Dutch. Due to the fact that cloud computing topics would possibly be difficult to understand in English the questionnaire was conducted in Dutch. However, the scales and statements that were adapted from earlier research (see scale development) were originally in English. The researcher of this study is a native Dutch speaker but also holds an Education First (EF) Certificate of Advanced English. In

(30)

29

addition a native Dutch speaker who was born and raised bilingual in a British family in the Netherlands was asked to help and translate.

4.2 Pre-test

Before the final version of the survey was spread out, two pre-tests were executed. The use of a pre-test is central to planning and implementing a reliable questionnaire (Hair, Babin & Anderson, 2010). Pre-testing can provide warnings regarding misinterpretation, confusion or other areas the questionnaire could fail to measure what it is supposed to measure. In this way the reliability of the survey is improved (Neuman & Robson, 2012). The pre-tests were administrated online to convenience samples.

After the pre-test (n=16) a couple of conclusions and adjustments could be made. First the gathered data was used to see if the scale item of the dependent variable (intention to use) had a good level of internal consistency. A Cronbach’s Alpha of 0.916 was found which can be considered an excellent level of internal consistency (George & Mallery, 2003). The only scale that reported a questionable Cronbach’s Alpha (0.602) was the scenario credibility scale. This could be due to the fact that this scale consists of six items. All other scales showed result of at least a Cronbach’s Alpha of 0.8 or higher.

At the end of the first survey respondents were asked questions about the length of the survey, if they understood the questions and scenarios and to provide additional feedback if they had any. This showed that only 2 respondents thought the survey was too long and none of them thought the questions were unclear. However, the additional feedback showed some possible improvements. As a result of this feedback some adjustments were made such as shortening and reformulating some statements and one of the scenario’s, replacing some questions and adding reverse scaled items.

(31)

30

After these adjustments the adapted survey was showed to five respondents that were also used in the first pre-test. Overall the respondents thought the survey had improved. The adjustments were discussed with them and some small formulation and grammatical changes were made. After this the official survey was spread out.

4.3 Questionnaire layout

The questionnaire started with a general welcoming message. This message shortly introduced the fact that it was part of a master thesis and outlined the main parts of the survey. Also there was a notion of informed consent included and participants where ensured that information gathered in the questionnaire would be anonymous and would be used solely for this research and remain confidential. This should lead to smaller social desirable answers from the participants (Saunders & Lewis, 2011). Next the survey showed a short description/definition of personal cloud computing. Afterwards the participants were shown one of the four possible scenarios. This was done randomly by the survey tool Qualtrics. This holds that they either saw a description of a cloud computing service provider with a high/low reputation and in addition this service provider was (un)trustworthy. The high reputation scenario describes a publicly listed company that existed for a long time, with a lot of employees and customers. The low reputation scenario describes a company that has been around just for a year, is formal located on the Cayman Islands and does not show a privacy policy. After each scenario participants were told that they were doing some additional research before deciding to make use of the service of the personal cloud computing provider. In the high trust situation they hypothetically found some positive comments showing the company provided customers with good quality services. In the low trust situation the participants hypothetically found comments showing that the provider was not so trust worthy, for example because of errors in accessing data stored on the service. After participants read the scenario they were asked to

(32)

31

answer a manipulation check question. Here participants had to answer a multiple choice question about the name of the company (BudgetCloud.com vs. StorageCloud.com) in the scenario they just read. This manipulation was used to check whether respondents read the scenario’s in a correct matter. By doing this, one can conclude that participants had the right kind of response in mind which in turn increases validity of the research. Next participants were asked questions measuring the variables of this research. Each of the questions began with the sentence; Thinking back about the situation answer the following questions. For ease of readability and to ensure the participant did not feel that the survey was taking too much time, questions were divided across pages, grouped on screen in batches of 6-8, to encourage survey pacing (Malhotra, 2008). The scale development is discussed in more detail in the next section. The survey ended with questions regarding the control variables age, education level and use of cloud computing.

4.3 Scale development

In order to test the conceptual model various widely tested and used scales were adapted and translated into Dutch for the questionnaire survey items. First of all Cloud Computing Privacy Concerns (CCPC) consists of three different dimensions. From Malhotra et al.’s (2004) IUIPC model the dimension of control was used. (i.e., Consumer control of personal

information lies at the hard of consumer privacy). The other two dimensions (Improper Access

and Unauthorized Secondary Use) of CCPC were adapted from Smith et al.’s (1996) GIPC model (i.e., When I provide my personal information to a cloud service provider I am concerned

other people than me are able to access that information). Each of these dimensions consists

of three items. The total scale consisting of nine items was measured on a seven-point Liker scale from absolutely disagree (1) to absolutely agree (7). The CCPC scale has a good

(33)

32

reliability, with Cronbach’s Alpha = .823. None of the items would substantially affect reliability if they were excluded.

Another important construct in the conceptual model is trust as it is hypothesis that the effect of both company reputation as well as CCPC is mediated by trust. This scale was adapted from Gashami et al. (2016) as this research already adapted the construct of trust to the personal cloud computing context (i.e., The cloud service provider would tell the truth and fulfil promises

related to the information stored by me). The scale consists of four items. The total scale of

four items was measured on a seven-point Liker scale from absolutely disagree (1) to absolutely agree (7). The trust scale has an acceptable reliability, with Cronbach’s Alpha =.729. However removing one of the items resulted in a higher and better Cronbach’s Alpha of .849. Therefore this trust item was deleted and the trust scale only consists of three items. The corrected item-total correlations indicate that all items have a good correlation with the item-total score (all above .30).

One of the main contributions of this research is studying the effect of company reputation on intentions to use in the context of personal cloud computing. The scale for company reputation is adapted from Li (2014) (i.e., This company has a good reputation). The scale consists of four items. The total scale of four items was measured on a seven-point Liker scale from absolutely disagree (1) to absolutely agree (7). The company reputation scale has an excellent reliability, with Cronbach’s Alpha = .921. The corrected item-total correlations indicate that all items have a good correlation with the total score (all above .30). Also none of the items would substantially affect reliability if they were excluded.

The dependent variable in this research is intention to use cloud computing services. The scale for the construct of intention to use is adapted from Malhotra et al. (2014). The scale consists of three items. The total scale of three items was measured on a seven-point Liker scale. However in contrast to the other scales participants were given three different answer

(34)

33

options (i.e., willing – unwilling) to the following question: Thinking back to the scenario, to

what extend are you intending to make use of the cloud service providers services?. The

intention to use scale has a good reliability, with Cronbach’s Alpha =.834. The corrected item-total correlations indicate that all items have a good correlation with the item-total score (all above .30). Also none of the items would substantially affect reliability if they were excluded.

Lastly a scenario credibility check was used to check if participants thought the given scenarios were realistic. This scale was adapted from Sparks & McCool-Kennedy, (2001) (i.e.,

I think there are situations like this in the real world). The scenario credibility check scale has

an acceptable reliability, with Cronbach’s Alpha = .772. The corrected item-total correlations indicate that all items have a good correlation with the total score (all above .30). Also none of the items would substantially affect reliability if they were excluded.

All Cronbach’s Alpha statistics of the different constructs are summarized in table 3. in the next chapter were we will discuss the results of analysis.

4.5 Sample

A total of one hundred and sixty seven participants (n=167) completed the survey. Participants that started the survey but didn’t finish at once were given a week to finalize the survey. In total there were forty nine (n=49) participants that in the end did not finalize the survey and were therefore removed from further analysis. In addition to these respondents also respondents that did not meet the manipulation check criterion were excluded from analysis. As discussed in section 4.3 this should lead to an increase of research validity. All participants that answered the manipulation check question with BudgetCloud.com but were in a scenario which described StorageCloud.com were excluded from further analysis. The same holds the other way around, the participants that answered StorageCloud.com but were in a scenario that described BudgetCloud.com were also excluded. This manipulation check resulted in excluding

(35)

34

a total of ten participants which did not answer the question correctly (n=10). In addition the total time spent on the survey was checked and all participants who had a total time spent under 5 minutes were excluded as well. This resulted in two additional exclusions (n=2). This means a total of one hundred and fifty five (N=155) participants were included in the actual analysis. This largely exceeds the minimum of 100 participants as suggested by Hair et al. (1998).

From the total sample (N=155), the average age was 25 years. The youngest respondent was 18 years old whereas the oldest respondent was 58 years old. In this sample 47% of the respondents was male (n=74) and 53% was female (n=81). The largest part of the sample (62%) had an academic university degree (n=97). The rest of the group stated to have a degree of an university of applied science (28%), community college (Dutch: MBO) (4%), high school (5%) or a different education level (1%). Most of the participants who participated in the research stated to make use of personal cloud computing services (80%, n=126).

(36)

35

5. Data analysis

5.1 Scenario Credibility Check

The realism and credibility of the given scenarios in the questionnaire were examined by the means of a manipulation check adapted from Sparks and McColl-Kennedy (2001). All participants were asked to indicate to which extend they agreed with six statements regarding the realism or credibility of the scenario at hand. The scale development of this scenario credibility check is described in the method section of this research. Table 2 shows the mean scores of all six scale items. The mean of all items was 5.26. This indicates that participants thought the scenarios that were used in this questionnaire are credible and realistic for the purpose of this research (Sparks & McColl-Kennedy 2001). However, when comparing the different groups of high and low reputation/trust scenarios significant differences were found. An one-way ANOVA was run to investigate this difference. There was a significant difference between means of the different scenario groups, F(3, 153)=10.160, p<0.05. This indicates that the credibility of the scenarios depended on the given scenario. Turkey post-hoc tests revealed that the perceived credibility of the scenario was significantly higher for the high reputation/high trust scenario (p=.0.00) compared to the other scenarios. However the other groups did not significantly differ from each other and were also perceived as being credible (mean score>5.00) by the participants although less credible than the high/high scenario. Therefore we may conclude that overall the respondents thought the scenarios to be credible and realistic.

(37)

36

Table 2: Mean scores for the Scenario Credibility Check

Label N Mean Std. Deviation SCC1 157 5,71 0,935 SCC2 157 4,44 1,574 SCC3 157 5,79 0,934 SCC4 157 5,04 1,283 SCC5 157 5,38 1,095 SCC6 157 5,17 0,995 SCC (Total) 157 5,26 0,792

5.2 Experimental Design Manipulation Checks

As described in the method section of this research a between-subjects experimental design was used to test the conceptual model. This design was chosen because the method provides more persuasive support for causality in comparison to more traditional descriptive or exploratory designs. This is due to the manipulation of the supposed independent variables. In this research the data was collected from a 2 (high/low reputation) x 2 (high/low trust) factorial design. In order to check whether the manipulations really took place manipulation checks were undertaken. These checks are used to see if the treatment/scenario had an effect on the underlying construct it was supposed to effect. In this way one can confirm that the independent variable indeed has been manipulated.

For this study the manipulation checks were conducted to confirm that the ‘high’ reputation group mean value for the reputation questions was significantly higher than the ‘low’ group mean value. In addition, checks were conducted to confirm that the ‘high’ trust group mean value for trust questions was significantly higher than the ‘low’ group mean value. The mean scores were compared using one-way ANOVA.

First the reputation manipulation was checked. Investigation of the mean scores revealed a mean score for the ‘high’ group of 4.54 and a mean score for the ‘low’ group of

(38)

37

2.85. This difference was found to be significant F(1, 156)= 62.256, p=0.000. This confirms that the manipulation of reputation was successful.

Next the trust manipulation was checked. Investigation of the mean scores revealed a mean score for the ‘high’ group of 4.04 and a mean score for the ‘low’ group of 3.53. This difference was found to be significant F(1, 156)= 8.758, p=0.004. This confirms that the manipulation of trust was successful.

5.3 Correlation Matrix

In order to conduct a correlation analysis but also for further analysis all scale means were computed via SPSS. After that all combinations of variables were checked for correlation. The correlation matrix is shown in table 3.

It can be concluded that a total of six significant correlations were found. First it is interesting to see that the three control variables (gender, educations and cloud computing use) did not significant correlate with either one of the variables. However the variables that are part of the conceptual model did correlate significant to each other. First CCPC was found to correlate negatively with trust (r=.-416, p=0.00). This means that the higher people’s privacy concerns the lower the trust is. In addition to this finding CCPC also significantly correlated with reputation (r=-.248, p=0.002), which means that the higher the privacy concerns the lower the general reputation score will be. Lastly CCPC also was found to significantly correlate with intention to use (r=-.292, p=0.00). This negative correlation holds that the higher the privacy concerns, the lower the general score on intention to use cloud computing services will be. In addition to these correlations of CCPC the other variables of the conceptual model also correlated to each other. First trust correlated significantly with company reputation (r=.394, p=0.00), which implies that the higher the trust score, to higher will the general score of

(39)

38

reputation be. Next trust also positively correlated to intention to use cloud computing services (r=.299, p=0.00). So in general the higher people say they have trust the higher they tend to score on intention to use. Lastly a positive and significant correlation was found between intention to use and reputation (r=.518, p=0.00). This correlation implies that the higher the overall score on intention to use, the higher the score on reputation.

Table 3: Means, Standard Deviations, Correlations, Cornbachs Alpha

Means, Standard Deviations, Correlations, Cornbachs Alpha

Variables M SD 1 2 3 4 5 6 7

1. Gender (1=Male) 0.52 0.125 -

2. Education 7.29 1.566 -0.071 -

3. Cloud Computing use (1=no) 0.2 0.1 0.064 -0.021 -

4. CCPC 4.9237 0.92126 0.04 -0.088 0.048 (0,826)

5. Trust 3.7962 1.10427 -0.058 -0.12 -0.144 -0,416** (0,744)

6. Reputation 3.6576 1.57537 0.006 0.035 -0.113 -0,248** 0,394** (0,921)

7. Intention to use 3.5861 1.54302 -0.156 0.076 -0.081 -0,292** 0,299** 0,518** (0,834)

**. Correlation is significant at the 0.01 level (2-tailed).

5.4 ANOVA Interactions

5.4.1 Two-way ANOVA interactions

In order to examine the effect of brand reputation and trust on intention to use cloud computing services a two-way ANOVA was conducted. This analysis revealed that there was no significant two-way interaction between company reputation and trust on the intention to use cloud computing services F(1, 157)=0.233, p=0.63. However there was a main effect for company reputation on intention to use F(1, 157)=36.375, p=0.00. In addition also a main effect for trust on intention to use was found F(1, 157)=21.329, p=0.00.

(40)

39

5.4.2 One-way ANOVA

In addition to the two-way ANOVA analysis multiple one-way ANOVAs were undertaking to investigate whether there were significant differences between the high and low company reputation groups plus the high and low trust groups. Also one-way ANOVA was undertaken to see if the four different scenario groups differed from each other with respect to the respondents level of CCPC, trust, company reputation and intention to use cloud services. 5.4.2.1 Company reputation

After the analysis significant differences were found between those respondents who were served the high or low company reputation scenario. First a significant difference was found with respect to their levels of CCPC F(1, 156)=8.605, p=0.004. Secondly a significant difference was found with respect to their levels of intention to use F(1, 156)=47.426, p=0.00. Also a significant difference was found for their levels of trust F(1, 156)=8,368, p=0.004. Finally a significant difference was found for their levels of company reputation as stated in the manipulation check section.

5.4.2.2 Trust

Also between those respondents who were served the high or low trust scenario significant differences were found. However with respect to their levels of CCPC no significant difference was found F(1, 156)=1.288, p=0.258. A significant difference was found with respect to their levels of intention to use F(1, 156)=30.558, p=0.00. Also a significant difference was found for their levels of company reputation F(1, 156)=180.453, p=0.00. Finally a significant difference was found for their levels of trust as stated in the manipulation check section. 5.4.2.3 Reputation x Trust

In addition to looking at the difference between the reputation and trust groups also

(41)

40

statistically significant difference of scenario group on CCPC F(3, 156)=2.966, p=0.034. Turkey post-hoc tests revealed that the CCPC score was significantly higher for the high reputation/high trust group compared to the low reputation/low trust group (p=0.049). This was the only significant difference between the groups that was found for CCPC. Next the effect of scenario group on reputation was analysed. This analysis revealed there was a statistically significant difference of scenario group on reputation F(3, 156)=109,643, p=0.00. Turkey post-hoc tests revealed that the reputation score was significantly higher for the high reputation/high trust group compared to the low reputation/high reputation group (p=0.00), the high reputation/low trust group(p=0.00) and the low reputation/low reputation group (p=0.00). Additionally, the high reputation/low trust group scored significantly higher compared to the low reputation/low reputation group (p=0.00). Lastly the low reputation/high trust group scored significantly higher compared to the low reputation/low trust group (p=0.00) and the high reputation/low trust group.

Third the effect of scenario group on trust was analysed. This analysis revealed there was a statistically significant difference of scenario group on trust F(3, 156)=5,244, p=0.002. Turkey post-hoc tests revealed that the trust score was significantly higher for the high reputation/high trust group compared to the low reputation/low trust group (p=0.001). This was the only significant difference between the groups that was found for trust.

Lastly analysis revealed there was a statistically significant difference of scenario group on intention to use F(3, 156)=24.900, p=0.00. Turkey post-hoc tests revealed that the intention to use score was significantly higher for the high reputation/high trust group compared to the low reputation/high reputation group (p=0.00), the high reputation/low trust group (p=0.00) and the low reputation/low reputation group (p=0.00). Additionally the high reputation/low trust group scored significantly higher compared to the low reputation/high reputation group