The perceived safety of the world wide web
A research about internet security and whether it is perceived to be needed
Project: Master Thesis Corporate Communication
Date: June 30th, 2017
Name: Laura Mangnus
Student number: 10217193 Thesis advisor: Piet Verhoeven
2 Preface
The last few months have been a concatenation of both self-discovery and personal growth within the academic field of Corporate Communication. The independent execution of a scientific research project for a master thesis was an intensive process, but a great experience at that. Still, I feel that I would have had a more difficult time if it had not been for the unconditional support of those around me. And, as I found these last months, that goes a lot further than just family and friends. I would like to take the opportunity to express my gratitude towards those people for they have made my research experience a more pleasant one.
This naturally starts with my family and friends who were there for the ups and the downs of this entire process. I would also like to thank my thesis advisor, Piet Verhoeven, for supporting my ideas from the start and always giving me the idea of doing something
important and topical. And lastly I would like to thank the participants of my study and all those who have shared my questionnaire on Facebook, Whatsapp groups and within your families. I know some of you have gone above and beyond in getting me enough respondents. This experience was a true enrichment of my academic career and a perfect way to actually put in to practice all those theories that I have been reading about for years. All of this has come together for me in this study and therefore I can proudly present to you my Master Thesis.
3 Abstract
This study examined individual online awareness, online security and whether people consciously change their behavior as a consequence of those two concepts. To answer the hypotheses seven concepts were constructed, being: interest in social issues, knowledge of the internet, constant access, website integrity, corporate reputation, online security awareness and perception of safety. The purpose of this study was to find which concepts influenced other concepts in such a way that behavioral changes would occur. The results showed that more general knowledge of the internet led to a higher security awareness. The same goes for website integrity and corporate reputation. So concluding, online awareness can be influenced and this can affect the behavior.
4 Introduction
‘Our website uses cookies to make your browsing experience better. By using our site you agree to our use of cookies’ (Cookie Consent, 2017). It is becoming a more and more familiar phrase when opening a website. Cookies were developed to save settings for specific websites varying from logins to setting preferences. Now they are mostly used to invade users privacy by tracking online activity or even selling the activity to third parties (Millet et al., 2001). This way corporations can easily track your movements online and for example target their
advertisements better (Smit et al., 2014). What might be more concerning is the fact that health insurance companies or banks could also use these cookies or buy your data and they would know practically everything. To make sure this does not happen too much the Dutch government installed an ‘opt-in’ informed consent, where most countries have an ‘opt-out’ consent. So in Holland you always have to agree with the cookies first, before they can track your online activities, in other parts of the EU it is the other way around (Smit et al., 2014) But it is not solely cookies that make it easier for corporations to get more
information. A lot of our daily activities are stored in databases somewhere and may be not open to the public, but might be open for business to target, track or learn more about their potential clients (Cutillo et al., 2009). These databases include ones that track not only our internet web search history, but also for example all social media posts (Cutillo et al., 2009). Over time, more people start to realize this and questions have been raised about whether this is an invasion of privacy (Millet et al., 2001).
Online privacy and internet safety have been researched before on sociological and corporate levels, but the individual level of the experience of internet security awareness had yet to be investigated (Siponen, 2001). This research looks at online privacy through a corporate, individual viewpoint, filling the literature gap in that branch. For that reason this paper focused on the individual perception of online safety, awareness, and their behavioral consequences, using the research question: To what extend are people aware of exposure of their online data towards corporations and how do they behave towards this? This will be tested through an online spread questionnaire, and five hypotheses that combine seven concepts.
5 Theoretical framework
The main concept of this research was privacy and how well it is protected, but also how much data participants of this research are intentionally or unintentionally giving up. To use the term ‘privacy’ properly and consistently, it first has to be defined. There are some definitions of privacy, describing privacy as a claim or right of an individual to determine what information is communicated to others (Schoeman, 1984), but privacy can also be defined as the degree of control an individual has on information about himself, his identity and who has access to those two concerns(Schoeman, 1984). Bhasin (2006) uses the
definition the Federal Trade Commission (FTC) established, which rests on five core principles and is accepted worldwide. The five core principles are notice, choice, access, integrity and security and lastly enforcement. These principles have also defined privacy in this research.
Notice
The first principle is notice, this concept focusses on whether users of the internet are aware of the fact that their personal information could be gathered (Bhasin, 2006). Accepting cookies while not having read the terms and conditions could lead to acknowledging
something you only get notified once on (Millet et al., 2001). Another way personal data gets online is when people post it themselves: user-generated content (Leung, 2009), like
Facebook, Twitter or YouTube. When a profile is not shielded, this information is for anyone to see or extract personal data (Cutillo et al., 2009). A lot of people fail to notice how
information technology is already embedded in our everyday lives, and are therefore giving misusers of this technology easier access to their data by not paying enough attention to how secure their online accounts are (Siponen, 2001). Previous research has shown that the most socially aware people, people that are actively or passively involved or interested in social issues, have most privacy concerns (Dinev & Hart, 2005). Examples are people that are politically active or people that work in e-commerce. IT and computer professionals should have the established knowledge related to internet security within their skillset (Siponen, 2001). Siponen (2001), who states that internet security issues should be part of general knowledge these days, divides the general public into two groups when it comes to internet privacy: the earlier mentioned IT and computer professionals and other end users. Because this research looks at the public in general, it is interesting to see whether interests and work related expertise is actually linked with awareness about internet security and the privacy concerns that go with that.
6
The amount of awareness people experience is thus expected to line up with certain individual characteristics. Previous research states that having some specific personality traits does influence the ability to learn faster in a hypermedia environment (Dillon & Gabbard, 1998). It is also found that when it comes to solving problems or learning new skills there are some personality traits that make that easier to do (Hartley & Bendixen, 2001). With that information, it is known that specific abilities do affect learning and knowledge collecting and therefore the following hypothesis is formulated:
H1: People with interests in politics and news score higher on online awareness than people that are not interested in current events.
Choice
The second pillar that Bhasin (2006) mentions is choice. Internet users should be given the opportunity to knowingly consent to or deny use of the information they are sharing. This could be concerning an advertisement that has been clicked and now keeps reappearing, but also the earlier mentioned selling data to third parties should have been a well thought through choice (Bhasin, 2006). The options to choose certain privacy settings are often obscurely hidden and therefore a lot of knowledge about the internet is needed to actually be able to make certain privacy choices (Millet et al., 2001). Since a lot of internet users lack this knowledge, they may not have been able to choose the privacy settings that match their beliefs, norms or values (Schwartz, 1999).
When the choice to give up privacy in return for the use of a website or access to more information is actively displayed, there is still the option to decline sharing your data (Millet et al., 2001). A theory used to explain the balancing of these costs and benefits is the Rational Choice Theory (Bulgurcu, 2010). This theory states that an individual would first explore alternative courses of action and excogitate their most likely outcomes before making a definite decision about how to act. Therefore, when an individual is not completely informed and is or is not aware of that fact, the final choice whether to give up certain security details may be influenced. (Bulgurcu, 2010).
Removing all of the seemingly easy to track threats would then seem like an option for individuals that do not want to invest time in reading about awareness and educating
themselves about online risks. Siponen (2001) states that the software that includes bots and agents to filter some websites of functions inaccessible, is not the answer for this since it would leave people in a more naïve state in which these people would not look critical at
7
possible threats that might pass this software. Security threats would even have higher chances of succeeding that way (Siponen, 2001). Thus, to investigate an effect between awareness and the amount of knowledge and therefore control of online actions, the following hypothesis was formulated:
H2: When knowledge about the internet is perceived high, the perception of online awareness is higher than when knowledge of internet is perceived low.
Access
Then Bhasin (2006) called on access as one of the five pillars of privacy. This access refers to the fact that users of the internet should always and without delay have access to their
personal data. This form of privacy also covers the ability for internet users to rectify
incorrect data on a short term (Bhasin, 2006). These forms of access are needed in the interest of accurate online data. Especially corporations, like banks, certain branches of the
government or healthcare organizations, benefit from this data being updated as soon as changes take place (Giles, 2005).
Anno 2017 almost every website is accessible 24 hours a day, especially
user-generated content like social media can be accessed at all times (Leung, 2009). And not only the perception of safety is expected to increase, people act upon their wants and needs and browsing on social media fulfills some of those needs, since both teens and adults are using the internet on a daily basis (Lenhart et al., 2010). Following the Uses and Gratifications theory, communication is purposeful and directed at specific goals with psychological of social factors as a guide (Chen, 2010). The use of social media fulfills some of people’s psychological needs in the way that one can always communicate with others by liking, reacting or retweeting online. And when communication resembles the traditional sender-receiver model more, it is more satisfying and therefore fulfills needs and wants for a little longer (Chen, 2010). The interactional dimension of communication gives people more of a sense of psychological empowerment and control, examples of this would be forms of direct chatting or videocalls (Leung, 2009).
Leung (2009) divided the social media use gratification into four categories of which the first is social and affection needs. This contains reasons to use social media to for example thank others and show them encouragement, but also to understand yourself more and share your personal views. The second category is venting negative feelings, which mainly contains getting anger off ones chest or voicing out discontent. Then there is the need for recognition,
8
that focusses on establishing your personal identity and publicizing your own expertise. Entertainment is also filed under recognition. The last category for social media use for gratification Leung (2009) mentions is cognitive needs, which solely focusses on refining ones thinking and broadening your knowledge base. These four categories together provide gratification. This gratification should be higher when constant access is provided (Chen, 2010), but to investigate whether that also increases the perceived safety the following hypothesis was drafted:
H3: When constant access to online personal information is guaranteed, the perception of internet safety is higher than when constant access to online personal information is not guaranteed.
Integrity and Security
The second to last privacy pillar Bhasin (2006) refers to is the pillar of Integrity and Security. This pillar represents the fact that all personal data should be accurate and kept confidential once it gets processed and stored by the receiver of the information (Bhasin, 2006). The number of information security related incidents online is increasing and as a consequence of that companies start to invest more resources into defending themselves to it (Bulgurcu et al., 2010). This issue has two viewpoints, since the way internet users save things online is part of how well-protected their data is, but also how the website in question handles their security (Miyazaki & Fernandez, 2000). The research of Miyazaki & Fernandez (2000) emphasizes the concealed nature of cookies and the disingenuous way of getting the users of the website to agree with letting third parties view their personal info. Therefore this pillar is strongly connected to the second pillar ‘choice’. Miyazaki & Fernandez (2000) also outline three of the biggest privacy issues, the first one being online customer identification, which today is still an accurate topic since Facebook now has given the opportunity to log in to websites using your Facebook profile (Wang et al., 2012). This way people have fewer different passwords to keep, but it enlarges the danger of a personal info security breach (Florencio & Herley, 2007). The second privacy issue is unsolicited customer contacts, stated by Miyazaki and Fernandez (2000). This happens when the personal information of an individual is collected for a certain reason, but then contacted again for another reason. This way, personal data is used for goals that you did not sign up for by the same source as was given the data in the first place (Miyazaki & Fernandez, 2000), therefore the website breaches the integrity part of the privacy rules. The last privacy concern is customer information distribution. This happens
9
when one’s personal info is sold to a third party to use for purposes such as targeting for related advertisements (Mayazaki & Fernandez, 2000). Previous research shows that
companies that keep personal information safe from outsiders more easily gain respect from their costumers (Hawkins et al., 2000). This form of selling data is seen as the most
unpleasant concern and also the biggest breach in both integrity and security.
But there are other ways to get to personal online information. This might involve situations wherein websites copy outlines of other, as secure established, websites with the purpose of seeming trustworthy. This form of ‘mimetic isomorphism’ (Dimaggio & Powell, 2012) is used to make it seem like websites are legitimate and successful, by modeling themselves after well-known websites. This can also be seen in the upcoming trend ‘fishing emails’, pretending to be a known, familiar company like your bank or insurance company (Florencio & Herley, 2007). While mimicking these companies hackers include links that say ‘check your password’ or ‘you have an unread message’, but when these links are activated, PC’s get infected and data can be downloaded (Kwon et al., 2014). But not only websites or emails can use the morphing strategy and pretend to be something they are not to access personal data, this can go as far as free downloads for upgrading your malware systems or even impersonating real people like cyberfriends or customer support chats (Siponen, 2001). In this hypothesis was measured to what extent participants see a website as trustworthy enough to share their data with and whether they perceive some websites as guarded better than others, investigated with the following hypothesis:
H4: When the integrity of a website is high, the perception of security of that website is higher than when the integrity of a website is low.
Enforcement
The final privacy pillar is enforcement. This principle extends to the four core privacy principles above, since the enforcement pillar stands for the right of internet users, or consumers, to intercede when any of the earlier mention principles are violated (Bhasin, 2006). Therefore it should be possible to either at all times access or retrieve your data when possible, or in the worst case hold the website responsible for leaking personal data. This final principle is more about morality than the ones before, since this is not about precautions but about crisis management.
Especially in the case of hacking, an online failure where the corporation has little choice in whether or not they disclose about the breach, since the hackers usually could have
10
published it for them (Mansfield-Devine, 2011). In certain cases the hackers hack
corporations for fun and creating chaos, like the hackers initiative ‘LulzSec’ that broke into the system of the Public Broadcasting System (PBS) when they were unhappy about a WikiLeaks documentary. Other times a hacking might concern activism like ‘Anonymous’ is known for that recently on big scale attacked the music industry because they were in their opinion too harsh on file sharers (Mansfield-Devine, 2011). In both cases valuable
information of the companies themselves and potentially also their clients are accessed and this could damage a corporations reputation.
Having a corporate reputation involves knowing how well the mental image of this corporation is constituted by its stakeholders. This can either be clients but also suppliers or investors (Hurwitz, 2005). Therefore when a reputation is damaged, it can involve boycotts but also a drop in sales. It would start with how companies handle their missteps. Although a lot of data leak crises that the media address concern hacking, it is also possible to be a human error. Earlier research has shown that 64% of respondents, employees within the CSI and FBI, have had to report losses concerning internet security as a result of actions of insiders
(Bulgurcu et al., 2010). To research the influence of responsibility and awareness on corporate reputation, the following hypothesis was drawn up:
H5: The corporate reputation of corporations that take their responsibility about online failure is higher than the corporate reputation of corporation that do not take responsibility about online failure.
11
The views that have risen from the previous research have been divided into five concepts, that are depicted in the model above, figure 1. To answer the research question of this investigation, online behavior has to be tested. Therefore this main concept has been divided into two more testable concepts, which are ‘online security awareness’ and ‘perception of safety’. To understand what influences these main concepts, three other concepts are drawn up. In this research the possible effects of ‘Interests of social issues’ and ‘Knowledge of internet security’ on ‘Online security awareness’ is measured and the same is done with ‘Perception of website integrity and ‘Constant access’ on ‘Perception of safety’. Lastly, the possible effects of ‘corporate reputation’ from ‘online security awareness’ are measured to create a full image of internet security and how behavior can be influenced by perceived safety or danger online.
Method
Research Design
For this research a quantitative approach was used. The reason for this is that this research is based on previous research and builds up new theories from those. Through this deductive way of working, a quantitative research seem to match best. There was a questionnaire held that was spread online so a broader sample was reached considering age, gender and
educational groups. Through the online spreading of the questionnaire there was a higher chance to get more participants. The questionnaire was drafted for this research from previous research about this subject.
The research design is cross-sectional, since different factors will be determined, compared and analyzed. A ‘snapshot’ way was used for this, which means the information is gathered at a specific time, in contradiction to more longitudinal designs. The researcher choose for this approach because of the timeframe for this research. It has not harmed the quality of the data in the sense that this topic is at this time a very much discussed and alive subject and therefore a good time to question the population.
Selection of research units
The participants were gathered through social media channels of the researcher and through a snowball effect that occurred when the call for participants got shared. This was the best approach to gather respondents in different aspects like time, money, effectiveness and reach. Participants were only being selected by being 18 or older. To get a most trustworthy result, as much respondents as possible were asked to fill in the questionnaire, which lead to 440
12
unique questionnaires being partly or fully filled out within a timeframe of 2 weeks. The researcher choose for online recruiting of participants since the research is about online security and social media use.
The questionnaire starts with general information like the gender, age and working field of the respondents. After that several pages of different statements are to be answered through the measures of a 7-point Likert scale. There is always a neutral option. The researcher choose not to include an ‘I do not know/I do not want to tell’ option in light of complete transparency. In the questionnaire were purposely no fill in options except for ‘age’, so that the research would be as reproducible as possible. The questionnaire took 5 to 7 minutes to carry out for an average person and it was carried out in Dutch.
For this research handles some privacy-concerning matters and therefore some questions might seem personal, there have been taken some ethical measures as ASCor prescribes them. Before starting the questionnaire all of the participants have read and approved an informed consent, that notified them about their rights and gave them an handle for possible remarks or complaints about the research. The participants are told that if there are any questions that make them feel uncomfortable or violated in their privacy they are free to stop the questionnaire at every point along the way. From an ethic point of view, the participants were also told their information was handled anonymously and was not be shown to a third party, outside this research.
Characteristics of research units
After the questionnaire got online on Qualtrics.com, participants were accumulated via social media. In total 440 questionnaires were sent in, of which 333 remained after controlling for missing values and respondents under the age of 18. This is a response rate of 75.68%. From the descriptive statistics it was found that more women than men had filled in the
questionnaire, since 70,6% of the respondents were female. The mean age of the respondents was 33,20 years old with a minimum of 18 and a maximum of 77. Within this sample was also questioned whether the respondents were still students, or if they were already working. 110 participants indicate that they are still students, while 213 respondents state to have a job. The remaining 10 respondents declared to be unemployed at the moment of taking the
questionnaire. Of the students three of the 110 was following an computer science track, and of the 213 working participants 6 had computer science related jobs. The respondents also had to fill in their education level, which varied a lot through the sample. There were two
13
completed education being high school. Then there were 96 MBO schooled respondents, 96 HBO schooled respondents, 65 WO schooled respondents and one respondent that had completed a PhD.
Since the questionnaire was distributed on social media, most of the respondents were likely to be active on social media. When asked which social medium platforms were used, Facebook scored the highest with 323 out of 333 participants. Both YouTube and Instagram were said to be used by 178 participants, while snapchat had 112 users, LinkedIn had 98 users, then Twitter scored 54 users, Google+ found itself with 47 users and 22 participants were additionally using other forms of social media platforms. The questionnaire also registered the timeframe every respondent indicated to be online on social media. The mean time spend on social media per day was 2,43 hours.
Concepts
The results of the questionnaire are all gathered in Qualtrics. These then were exported into SPSS. This happened after the data with missing values have been deleted, participants under 18 have been removed and questionnaires with contra indicative answers have been deleted. Contemplating previous research 53 questions were constituted. Then a factor analysis was carried out to reduce the 53 questions back to the 7 main concepts as displayed in the
conceptual model, in varimax rotation. First the contra indicative questions were converted so that these were measured on the same scale as the rest of the variables. Then a total factor analysis showed that the through theory indicated concepts were mostly correct and the questions were well divided within their respective concepts. Although the concepts could be kept as they were built up through previous research, some of the questions asked in the questionnaire had to be dropped for they had no significant connection to any of the concepts.
Concept Questions
1. Social interests
7.1 I am interested in politics. 7.2 I am interested in societal issues. 7.3 I read of watch the news regularly.
7.4 I talk about or discuss actualities often with the people around me.
16.1 I use social media for social reasons. 16.4 I use social media for entertainment. 2. Knowledge of
internet
7.5 I can handle the social media that I use well.
7.6 I can handle websites and the internet in general well. 3. Constant
Access
10.1 I feel my personal info is safer when it is only accessible during opening hours.
14
17 How many hours a day are you on social media? 4. Website
integrity
11.2 I accept cookies, when it is optional.
11.6 I assume that websites that are used a lot, are safe websites. 12.6 When a website looks reliable, I will share my personal info faster.
5. Online Security Awareness
1. 10.4 I am aware of my privacy rights online. 10.5 I agree with my privacy rights online
11.3 I read the terms and conditions, before I accept cookies. 11.4 I use the same password for different websites.
2. 10.2 I feel that I get to little information of companies and websites about what happens to my personal information. 10.6 I feel that I am informed enough about my privacy rights by websites or companies.
10.7 I feel that it is too much of an effort to learn more about privacy online.
3. 10.8 I make sure that what I post online is not to personal. 16.2 I use social media to vent negative feelings.
16.6 I post personal things on social media.
6. Perception of Safety
11.5 I trust websites that have leaked data before.
12.1 When a website I frequently visit is on the new negatively, I will visit that website less.
12.2 When a company’s website has been hacked in the past, I do not trust this website.
7. Corporate reputation
10.3 I perceive a company more positive when they take responsibility for online mistakes.
12.3 When a company reacts well on online data leaks, I will keep visiting this website.
Table 1 : concept composition
All seven concepts were constructed by two or more questions put together, as shown in table 1. The first concept is ‘Interest in social issues’, which is a combination of questions concerning character traits (Q7.1, Q7.1, Q7.3, Q7.4) and the vision that practical use of social media is mostly for social purposes (Q16.1, Q16.2). The second concept, ‘Low knowledge of internet security’, is composed by Q7.5 and Q7,6, which measure online skills. ‘Constant access’ is the third concept, that holds questions Q10.1, Q17 and Q11.7. These specific questions refer to the timeframe the participants are online on a daily basis and whether they perceive more feelings of safety when information is always accessible, rather than at specific times. Concept four is the ‘Perception of website integrity’ and this was measured with questions Q12.6, Q11.6 and Q11.2, investigating whether people perceive more safety when they perceive a higher online integrity. Then the concept ‘Online security awareness’, which can be used on its own, but it is also a valid option to split the variable in three sub concepts. All three of those concepts had a similar or better Cronbach’s α than the main concept ‘Online
15
security awareness’, therefore this research used both the main concept as the sub-concepts within hypotheses this concept is included. These sub concepts can thus be divided into ‘awareness about privacy rights’ (Q10.4, Q11.3, Q10.5, Q11.4), ‘awareness about information gathering’ (Q10.2, Q10.7, Q10.6) and ‘awareness about personalized information sharing online’ (Q16.2, Q16.6, Q10.8). All of these questions together form the contents of the concept ‘Online security awareness’. The ‘Perception of safety’ concept was gathered with the questions :Q12.2, Q12.1, Q11,5. And the final concept of this research was corporate reputation, which was measured with Q10.3 and Q12.3.
As seen in table 2 the concepts ‘Constant access to personal information’ and ‘Corporate Reputation’ have a low Cronbach’s α. The results of the factor analysis also showed that within the concept ‘Online security awareness’ three sub-concepts arose, which were distinctly ‘privacy rights’, ‘information gathering’ and ‘Personal info’. All three of those concepts had a similar or better Cronbach’s α than the main concept ‘Online security
awareness’, therefore this research used both the main concept as the sub-concepts within hypotheses this concept was included.
Concept N M SD Cronbach’s α Eigenvalue % of
variance Interests in social issues 332 14.81 4.67 .689 3.09 8.76 Knowledge of internet security 333 4.17 1.46 .777 1.80 4.99 Constant access to personal information 287 10.20 2.69 .202 1.07 2.97 Perception of website integrity 331 10.74 3.20 .436 1.62 4.49 Online security awareness 309 41.86 6.55 .531 3.91 10.87 - Privacy rights 333 19.13 4.75 .638 -
16 - Information 313 15.06 2.88 .574 - - Personal info 329 7.98 3.02 .526 - Perception of safety 333 11.74 4.66 .684 1.22 3.38 Corporate reputation 333 5.79 2.20 .338 1.02 2.84
Table 2: Reliability per concept
Analysis
For all hypotheses are formulated in the same way, comparing one group to another, all concepts were tested with independent sample t-tests. This means that the concept ‘Interests in social issues’ and ‘Knowledge of internet security’ were tested against ‘Online Security Awareness’ and the same was done for the two concepts ‘Constant Access’ and ‘Perception of website integrity’ on ‘Perception of Internet Safety’. Lastly, a t-test was performed to test for the effect of ‘Online Security Awareness’ on ‘Corporate Reputation’.
Results
Interest in social issues
The first hypothesis tested whether interests in social issues affected the levels of online awareness amongst the sample. Hypothesis one specifically examined the following: People
with interests in politics and news score higher on online awareness than people that are not interested in current events. Within this sample the average score on ‘Social Interest’ was
2.47 on a 7-point Likert scale, with a standard deviation of 0.78. The minimum scored was 1, which is the smallest option, but the maximum scored was only 5.33, which lays 1.67 point away from the other extreme, being 7. The group was divided at the cut-off point 4 and since two groups are compared here, a t-test was used to determine whether there was a significant effect between these two concepts. This test showed that people with interests in politics and news (M=3.99, SD=.62) did not significantly score higher on online awareness than people with no interest in current events (M=4.20, SD=.66), t(306) = -1.20, p = .745, 95% Cl [-.55, .13]. The three sub concepts of online awareness, being privacy awareness, the gathering of information as a part of awareness and consciously posting personal information online, did also not indicate a significant result. The first sub concept tested was privacy awareness and as stated before it was not significant. This conveyed that people with interests in politics and news (M=4.66, SD=1.08) do not significantly score higher on the privacy aspect of online
17
awareness than people with no interest in politics (M=4.79, SD=1.20), t(330) = -.44, p = .603, 95% Cl [-.73, .47]. Also on the second sub concept, information gathering as awareness, no significant results were found. This states that the people with social issues interest (M=4.69,
SD=1.05) were not significantly more aware than the group that was not interested in social
events (M=5.04,SD=.96), t(310) = -1.37, p = .715, 95% Cl[-.85, .15]. The last sub concept, being personal information, had no significant result as well. This sub concept being not significant means that people with high interest in the news (M=2.50, SD=1.12) had no higher score on personal internet awareness than people with low interests in social issues (M=2.67,SD=1.00), t(326)=-.64, p = .928, 95% Cl[-.67, .34]. For both all three sub concepts and the main concept were not significant, this hypothesis was rejected.
Knowledge about the internet
The second hypothesis checked for increasing internet awareness when people possess more knowledge about the internet, through the hypothesis: When knowledge about the internet is
perceived high, the perception of online awareness is higher than when knowledge of internet is perceived low. For this assumption another t-test was carried out, for again two groups were
compared. The mean of the complete sample was 2.09, with a standard deviation of 0.73. Unlike the first hypothesis within this concept the sample used all seven answering options, creating a minimum of one and a maximum of seven. The main concept of online awareness did not find a significant result as the knowledge about internet was perceived high (M=4.03,
SD=.65) there was no higher perception of awareness than when the knowledge about the
internet was low (M=4.19, SD=.66), t(307)=-.70, p = .996, 95% Cl [-.63, .28]. Since the same concept was used as in in hypothesis one, the three sub concepts were tested for again. For two of the three sub concepts of online awareness no significant results were found, but for the information gathering aspect there was. The first sub concept, privacy awareness, was not significant as when the knowledge about internet was perceived high (M=4.75, SD=1.48) there was no higher perception of privacy awareness than when the knowledge about the internet was low (M=4.78, SD=1.18), t(331)=-.08, p = .815, 95% Cl [-.82, .76]. The second sub concept, information gathering, was significant as stated before since p<.05, so when the knowledge about internet was perceived high (M=5.11, SD=1.40) there was a significantly higher perception of awareness amongst information gathering than when the knowledge about the internet was low (M=5.02, SD=.95), t(311)=.28, p = .013, 95% Cl [-.55, .73]. As stated earlier, the final sub concept personal information was not significant, thus when the knowledge about internet was perceived high (M=2.37, SD=1.06) there was no higher
18
perception of awareness about personal online information than when the knowledge about the internet was low (M=2.67, SD=1.01), t(327)=-.86, p = .650, 95% Cl [-1.00, .42]. As the second sub concept was significant this hypothesis was not rejected, when it is taken into consideration that this only accounts for information gathering and not for the total concept of online awareness.
Constant access
The third hypothesis tested whether the perception of internet safety increases when people had non-stop access to their personal online information. The hypothesis used was: When
constant access to online personal information is guaranteed, the perception of internet safety is higher than when constant access to online personal information is not guaranteed. The
mean of this sample was 3.40 and had a standard deviation of 0.90. Within this sample the same situation occurred as within the sample of hypothesis one, where the minimum was one but the maximum was below the actual maximum option, being seven, for the maximum chosen option is 5.33. For this another t-test was used. No significant results were found which leads to the conclusion that people with constant access to their online personal
information (M=3.92, SD=1.48) had no higher score on safety perception than people with no constant access to their online personal information (M=3.77,SD=1.53), t(285)=.78, p = .438, 95% Cl[-.23, .52]. Since there were no significant results within this hypothesis, it was
rejected.
Website integrity
The fourth hypothesis, like the third hypothesis, the influence on safety perception online but this hypothesis tested the influence of integrity of websites on this safety perception. The assumption was the following: When the integrity of a website is high, the perception of
security of that website is higher than when the integrity of a website is low. Again, as two
groups are compared, a t-test was used. Of the complete sample, 331 respondents, the mean was 3.58 with a standard deviation of 1.07. Although the results of hypothesis three were not significant, hypothesis four was significant. It was found that websites that are perceived to have a high integrity (M=3.60, SD=1.52) had a higher score on perceived online safety than websites with low perceived integrity (M=4.09,SD=1.51), t(329)=-2.88, p = .004, 95% Cl[-.82, .15]. Since p<.05 this hypothesis was significant and was therefore not rejected. Corporate reputation
The last hypothesis tested whether corporate responsibility for online failure affected
19 their responsibility about online failure is higher than the corporate reputation of corporation that do not take responsibility about online failure. The mean of the sample was 2.89 and the
standard deviation was 1.10. To test this effect a t-test was again used for both the main concept ‘online awareness’ and the three sub concepts: privacy awareness, information gathering and personal information. The first concept tested was the main concept ‘online awareness’. This main concept had a significant result as p=.021 and therefore p<.05, which made this main concept significant and it was stated that companies with high general online awareness(M=4.39, SD=.67) had a higher corporate reputation than companies with low general online awareness (M=4.15,SD=.65), t(307)=2.32, p = .021, 95% Cl[.04, .45]. For the first sub concept being privacy, no significant results were found for p=.051,which was higher than p<.05, and therefore not significant. So it was stated that companies with high online privacy awareness(M=5.07, SD=1.32) had a lower corporate reputation than
companies with low online privacy awareness (M=4.72,SD=1.15), t(3331)=2.32, p = .051, 95% Cl[-.00, .69]. The second sub concept was information gathering about online privacy. The t-test checked for an effect whether gathering this specific information increased a corporation’s reputation. But companies with high amounts of information to be gathered about online awareness(M=5.12, SD=.84) had a no higher corporate reputation than
companies with low levels of information to be gathered(M=5.00,SD=.98), t(311)=.78, p = .437, 95% Cl[-.18, .42]. So this second sub concept was also not significant. The third sub concept ‘personal information’, was also not significant. So companies with high levels of personal information(M=2.85, SD=1.10) had a no higher corporate reputation than companies with low levels personal information(M=2.62,SD=.99), t(327)=1.56, p = .120, 95% Cl[-.06, .52]. So within this hypothesis all of the sub concepts, privacy, information and personal, were not significant, but the overall effect was significant. Therefore the hypothesis was not rejected.
Conclusion and Discussion
Conclusion
This research was built up from an existing structure set out by Bhasin (2006). Following this structure made subsequent theories more accessible to find and incorporate within this
research. The dangers of the internet and its ability to get all kinds of data public, for both corporations as individuals, is a much debated topic and it has been for years (Hawkins et al., 2000). This research was therefore driven by the research question: To what extend are people aware of exposure of their online data towards corporations and how do they behave towards
20
this?
To answer that question the earlier drafted hypotheses are now elaborated. The first hypothesis, that people with interests in politics and news would score higher on online awareness, was not significant. It was measured on both the main concept of awareness and its three sub concepts. So people with more received notice from the news or online social issues do not have a higher sense of online awareness. This is in line with the existing literature as there is mostly spoken of certain personal traits and characteristics that speed up the learning process (Dillon & Gabbard, 1998) . Therefore also the creating of awareness would be sped up, and in this case that would be online awareness (Hartley & Bendixen, 2001).
The second hypothesis, stating that people perceive a higher sense of online awareness when they have more knowledge and skills regarding the internet, was significant but solely for the sub concept of gathering information. This was supported by research executed by Siponen (2001), who stated that the internet would be better regulated if more people knew about it, instead of protecting people from its dangers and let them be uneducated about the subject. The lack of education about the internet in general could lead to the falling away of the privacy pillar of ‘choice’ at all, since people might not even know certain privacy settings exist and thus can nog approve or install those (Schwartz, 1999).
The internet, and as a result of that social media, is a much used tool by both teens and adults (Lenhart et al,. 2010). As stated earlier, this can be explained by the use and
gratification theory that states that the real time feedback of for example social media is a satisfying feeling, which can even lead to addiction (Cabral, 2008). It would therefore be a logical assumption that when the internet and social media were constantly accessible, people would use it more with the goal of increasing that gratifying feeling (Chen, 2011), increasing the online perceived security as well. Within this research no such findings were supported, since the third hypothesis that measures the effect of constant access on internet security had no significant results and this hypothesis was therefore rejected. So in addition to previous research that states that the interactional online dimension of communication gives people more of a sense of psychological empowerment and control (Leung, 2009), it can be expressed that the continuous access does not create more perceived security in an online environment.
Besides from constant access, the perceived integrity of used websites was also measured as to have an effect on to what extent the respondents felt secure online. This integrity is mostly formed on basis of frequent use or a familiar outline of the website (Kwon
21
et al., 2014). Although a website may look trustworthy, ‘mimetic isomorphism’ used to trick internet users into making websites look authentic but they do not have to be (Dimaggio & Powell, 2012). Earlier research found that online traps are frequently based on this strategy to steal data (Kwon et al., 2014). The findings of this investigation seem to be in line with the previous research as the fourth hypothesis was not rejected. There was a significant result implies that when websites are perceived to have a high integrity, the respondents were more likely to perceive themselves in a secure online climate. Therefore they were more likely to share their personal information on these websites, which could online fraud when a website is not what it portrays itself to be.
The final hypothesis tests whether a corporations corporate reputation can be affected by how they handle online failure as data leaks and online attacks like hacking. This came forth out of the fifth pillar of privacy, being enforcement, to test empirically whether the respondents enforced socially acceptable online responsibility by corporations. The results from this hypothesis were significant for one sub concept, which means that people that are aware of online privacy rights do view a corporation more positive, and therefore to have a better corporate reputation, than people that are less aware about privacy-related cases. It is important as a company to keep your stakeholders satisfied (Hurwitz, 2005). Within this research privacy was defined as ‘the degree of control an individual has on information about himself, his identity and who has access to those two concerns’(Schoeman, 1984). So
corporations would have a higher reputation when the public gets a higher form of control over the information accessible about the company and its identity.
Of five hypotheses, three had significant results. It was found that when people perceived they had enough knowledge about internet security, they were more aware about internet security when it came to gathering information. This research also found that when websites are perceived to have a high integrity, people also perceive them as being safe and lastly, this research showed that peopled that are more informed about online privacy are more positive about companies that have online failure when something internet-related does go wrong. So to answer the research question ‘To what extend are people aware of exposure of their online data towards corporations and how do they behave towards this?’: people perceive the internet as a safer place when they are well informed. This goes for privacy, corporations and overall awareness. In general, people seem to be informed and to be aware of the dangers online, so they act cautious around questionable websites or when they lack in knowledge about specific online situations. All of these findings point to overall responsible online behavior, which is a good sign for our respondents online privacy.
22
Discussion
The findings of this research point out that people do change their online behavior when they feel like it is needed, so when there perceived security is low. It was also found that
respondents that were better skilled within working with the internet, they appeared to feel aware about the possible dangers of the world wide web. These findings are specific and not to hard to put into practice in terms of educating people how to safely use the internet. The hypothesis testing the influence of internet skill on internet security awareness was only significant for the sub concept that represented the gathering of information. It would therefore, following these results, be the best way to teach people about internet security by offering them information in different situations for they would come in contact with these educational posters, brochures or television commercials a few times a day. The findings of this research are therefore easily empirically used to support a national government online education campaign, since they lend themselves very well for marketing purposes.
Although this research got a respectable amount of participants and significant results, there are some footnotes to be added. One of those is the fact that the sample was probably not be representative as it has been gathered online through the researchers Facebook profile. This might not only affect factors like the amount of women or men, average education level or average age, but also certain morals and values that can be shared with the researcher through the social environment. There could also have been respondents that had social desirability bias (Fisher, 1993), which could affect the outcomes of this investigation. This could also have happened through the fact that because the sample was gathered on Facebook, two specific regions where the IP-addresses of the respondents were registered, being
Zeeuws-Vlaanderen and Amsterdam. So there could have occurred a geo-demographical bias (Benevenuto et al., 2009) The first of these to places being the birthplace of the researcher and the second her current address, the respondent network was divided. Although both places are in Holland and do not vary that much, there might some differences between the two: for example the levels of awareness in technology or the active use of social media. It could be interesting to uncover in future research the differences between perceived online safety and awareness depending on the physical place the respondents live, not solely the online places they spend their time.
Another remark about this research is the questionable Cronbach’s α levels of some of the main concepts. For example, the concept corporate reputation has a Cronbach’s α of .338, which makes the significant outcome not completely trustworthy. This can also be said about the concept website integrity, since that only had a Cronbach’s α level of .436. This could
23
have influenced the results that did come out significant or not significant. A further footnote to consider within this research is the fact that the hypotheses were drawn up from existing literature. This was done that way since there was not yet a previous article that included a questionnaire that could have been used for this research, so the researcher had to create a completely new questionnaire, based on the literature. This could mean that, when there is contradicting literature, the questions in the questionnaire may be outdated.
To make sure that research about fast growing technology-driven databases like the internet, further research is encouraged on specific points. To deepen the research question of this research and to sketch a more realistic and empirical picture it would be even better if internet activity could be tracked. An example of this is to carry out the research within an office so the computers and laptops are connected to the same server. This way data can be gathered in a more accurate way. It would also give the researcher the advantage to compare the internet activity at two points in time, for example a week before a course about online safety and a week after that. The behavioral changes would be more visible and less biased. Another suggestion for future research would be to focus on the difference between online gratification and online security. In this investigation constant access had no effect on the perceived online security, while previous research states that being online more time each day makes it easier to get gratification online (Chen, 2011). This would make security and gratification having different outcomes from the same input. It would be interesting to investigate whether the level of security has any effect on the amount of gratification that is received from online communication, as access has a different effect on both of these variables. A final suggestion for a new research project would be built upon the last hypothesis within this research and focus on the increasing of corporate reputation as the transparency of a corporation increases. This research states that if more information is known about companies, the reputation will increase. It would be interesting to see if there is a
tipping point within this transparency, where people feel that they know too much and the corporate reputation decreases again.
To conclude, there are a lot of openings created by this research for future
investigation and exploration of online behavior. With technology evolving as fast as it does it is important to constantly contemplate new research possibilities and creating awareness about the possible danger that it brings with it. Besides clarifying the research question, researcher hopes to have done both of these things within this investigation and lay new groundwork for more exploration in the future.
24 Literature
Benevenuto, F., Rodrigues, T., Cha, M., & Almeida, V. (2009, November). Characterizing user behavior in online social networks. In Proceedings
of the 9th ACM SIGCOMM conference on Internet measurement conference (pp. 49-62). ACM.
Bhasin, M. L. (2006). Guarding privacy on the internet. Global Business
Review, 7(1), 137- 156.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and
information security awareness. MIS quarterly, 34(3), 523-548. Cabral, J. (2008). Is generation Y addicted to social media. Future of
children, 18, 125.
Chen, G. M. (2011). Tweet this: A uses and gratifications perspective on how active Twitter use gratifies a need to connect with others. Computers in
Human Behavior, 27(2), 755-762.
Compliance. (n.d.). Retrieved June 26, 2017, from
https://cookieconsent.insites.com/documentation/compliance/
Cutillo, L. A., Molva, R., & Strufe, T. (2009). Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE
Communications Magazine, 47(12).
Dillon, A., & Gabbard, R. (1998). Hypermedia as an educational technology: A review of the quantitative research literature on learner comprehension, control, and style. Review of educational research, 68(3), 322-349.
Dinev, T., & Hart, P. (2005). Internet privacy concerns and social awareness as determinants of intention to transact. International Journal of Electronic Commerce, 10(2), 7-29. Fisher, R. J. (1993). Social desirability bias and the validity of indirect questioning. Journal of
consumer research, 20(2), 303-315.
Florencio, D., & Herley, C. (2007, May). A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web (pp. 657 666). ACM.
Giles, J. (2005). Internet encyclopaedias go head to head.
Hartley, K., & Bendixen, L. D. (2001). Educational research in the Internet age: Examining the role of individual characteristics. Educational researcher, 30(9), 22-26.
25 Hawkins, S., Yen, D. C., & Chou, D. C. (2000). Awareness and challenges of Internet
security. Information Management & Computer Security, 8(3), 131-143. Hurwitz, R. A. (2005). U.S. Patent No. 6,856,963. Washington, DC: U.S. Patent and Trademark Office.
Kwon, S., Yoo, H., Shon, T., & Lee, G. (2014, October). Scenario-Based Attack Route on Industrial Control System. In IT Convergence and Security (ICITCS), 2014
International Conference on (pp. 1-3).
Lenhart, A., Purcell, K., Smith, A., & Zickuhr, K. (2010). Social Media & Mobile Internet Use among Teens and Young Adults. Millennials. Pew internet & American life
project.
Leung, L. (2009). User-generated content on the internet: an examination of gratifications, civic engagement and psychological empowerment. New media & society, 11(8), 1327-1347.
Mansfield-Devine, S. (2011). Hacktivism: assessing the damage. Network Security, 2011(8), 5-13.
Millett, L. I., Friedman, B., & Felten, E. (2001, March). Cookies and web browser design: toward realizing informed consent online. In Proceedings of the SIGCHI conference
on Human factors in computing systems (pp. 46-52). ACM.
Miyazaki, A. D., & Fernandez, A. (2000). Internet privacy and security: An examination of online retailer disclosures. Journal of Public Policy & Marketing, 19(1), 54-61. Powell, W. W., & DiMaggio, P. J. (Eds.). (2012). The new institutionalism in
organizational analysis. University of Chicago Press.
Schoeman, F. (1984). Privacy: philosophical dimensions. American Philosophical
Quarterly, 21(3), 199-213.
Schwartz, P. M. (1999). Internet privacy and the state. Conn. L. Rev., 32, 815. Siponen, M. T. (2001). Five dimensions of information security awareness. SIGCAS
Computers and Society, 31(2), 24-29.
Smit, E. G., Van Noort, G., & Voorveld, H. A. (2014). Understanding online behavioural advertising: User knowledge, privacy concerns and online coping behaviour in Europe. Computers in Human Behavior, 32, 15-22.
Wang, R., Chen, S., & Wang, X. (2012, May). Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In Security and Privacy (SP), 2012 IEEE Symposium
26 Attachments
Attachment 1: Research Instrument (in Dutch)
27
Q8 Beste deelnemer, Hiermee zou ik u willen uitnodigen deel te nemen aan een studie die uitgevoerd zal worden onder de verantwoordelijkheid van de Graduate School of
Communication, een deel van de Universiteit van Amsterdam. Dit onderzoek zal gaan over de perceptie van internetveiligheid en hoe dit online gedrag beïnvloedt. U zult gevraagd worden verschillende stellingen te beoordelen omtrent uw persoonlijke voorkeuren in onder andere interessegebied en internetgebruik. Iedereen mag participeren in deze studie, zolang zij ouder zijn dan 18 jaar. Deze enquête zal ongeveer 10 minuten van uw tijd in beslag nemen.
Omdat dit onderzoek uitgevoerd wordt onder de verantwoordelijkheid van het ASCoR, Universiteit van Amsterdam, kunnen wij garanderen dat:1) Uw anonimiteit gewaarborgd wordt, en dat uw persoonlijke informatie onder geen enkele voorwaarde aan derden zal worden verstrekt, tenzij u hier op voorhand nadrukkelijk toestemming voor heeft gegeven.2) U kunt deelname aan dit onderzoek weigeren of tijdens het onderzoek stoppen zonder hiervoor een reden op te hoeven geven. Ook heeft u 24 uur na de deelname de tijd om uw toestemming terug te trekken en dan zullen uw antwoorden en data niet worden
meegenomen in het onderzoek.3) Deelname van dit onderzoek zal u niet blootstellen aan enig aanzienlijk risico of ongemak, de onderzoekers zullen u niet bewust misleiden en u zal niet worden blootgesteld aan expliciet aanstootgevend materiaal.4) Niet later dan vijf maanden na het voltooien van dit onderzoek zijn wij in staat u van een onderzoeksrapport te voorzien waarin de algemene resultaten van dit onderzoek uiteengezet worden.
Mocht u vragen of klachten hebben aangaande dit onderzoek en de procedures die het met zich meebrengt als gevolg van uw deelname aan dit onderzoek, kunt u contact opnemen met de leden van de Ethics Committee van het ASCor op het volgende adres: ASCoR Secretariat, Ethics Committee, University of Amsterdam, Postbus 15793, 1001 NG Amsterdam; 020‐525 3680; ascor‐secr‐fmg@uva.nl.
Voor directe informatie of vragen kunt u ook altijd een email sturen naar de
onderzoeker, te bereiken via lauramangnus@gmail.com.We hopen u op deze wijze voorzien te hebben van voldoende informatie. Graag zouden wij van deze gelegenheid gebruik willen maken u op voorhand te bedanken voor uw assistentie met dit onderzoek.
Q9 Ik verklaar hierbij dat ik geïnformeerd ben op een duidelijke manier over de aard en methode van dit onderzoek, zoals omschreven in de voorgaande tekst. Ik ga er volledig en vrijwillig mee akkoord om deel te nemen aan dit onderzoek. Hiermee behoud ik het recht om mijn toestemming terug te trekken, zonder een reden op te hoeven geven waarom. Ik ben me
28
bewust van het feit dat ik mijn deelname ten alle tijden stop mag zetten.
Wanneer mijn onderzoeksresultaten gebruikt worden in wetenschappelijke publicaties of openbaar worden gemaakt op wat voor manier dan ook, zal dit gedaan worden op een manier waarop mijn anonimiteit gegarandeerd wordt. Mijn persoonlijke data zal niet worden doorgegeven aan derden zonder mijn expliciete toestemming.
Wanneer ik meer informatie zou willen aangaande dit onderzoek, zowel nu als in de toekomst, kan ik de onderzoeker contacteren via lauramangnus@gmail.com. Mocht ik klachten hebben over dit onderzoek, kan ik de Ethics Committee van het ASCoR contacteren op het volgende adres: ASCoR secretariat, Ethics Committee, University of Amsterdam, Postbus 15793, 1001 NG Amsterdam; 020‐ 525 3680; ascor‐secr‐fmg@uva.nl
Ik begrijp de hierboven gepresenteerde tekst en ga akkoord met deelname aan deze studie (1)
Q1 Wat is uw geslacht? Man (1)
Vrouw (2)
Q2 Wat is uw leeftijd in jaren?
Q3 Wat is uw hoogst afgeronde opleiding? Geen (1) Basis onderwijs (2) Middelbaar onderwijs (3) MBO (4) HBO (5) WO (6) PhD (7)
29
Q14 Bent u op dit moment nog student? Ja (1)
Nee (2)
Display This Question:
If Bent u op dit moment nog student? Nee Is Selected Q4 In welke sector bent u werkzaam?
Industrie (1) Horeca (2) Dienstverlening (3) Energie en Duurzaamheid (4) ICT (5) Vastgoed (6) Groothandel (7) Detailhandel (8) Onderwijs (9) Agrarisch (10) Recreatie (11) Transport (12) Bouw (13) Gezondheidszorg (14) Sport (15) Anders (16) Werkloos (17)
30
Display This Question:
If Bent u op dit moment nog student? Ja Is Selected Q15 In welke richting bent u student?
Aarde en Milieu (1) Economie en Bedrijf (2) Exact en Informatica (3) Gedrag en Maatschappij (4) Gezondheid (5) Interdisciplinair (6) Kunst en Cultuur (7) Onderwijs en Opvoeding (8) Recht en Bestuur (9) Taal en Communicatie (10) Techniek (11) Anders (12)
Q5 Welke sociale media gebruikt u actief? Facebook (1) Instagram (2) Twitter (3) Snapchat (4) LinkedIn (5) Google+ (6) Youtube (7) Anders (8) Geen (9)
31
Q17 Hoe veel tijd per dag bent u ongeveer kwijt aan social media gebruik? 0 - 1 uur (1) 1 - 2 uur (2) 2 - 3 uur (3) 3 - 4 uur (4) 4 - 5 uur (5) 5 + uur (6)
Q6 Maakt u gebruik van internetbankieren? Ja, enkel via de computer. (1)
Ja, enkel via de app op mijn mobiele telefoon. (2) Ja, via zowel een app als de computer. (3)
32
Q16 In hoeverre bent u het eens met de volgende stellingen: Zeer eens (1) Eens (2) Enigszin s eens (3) Neutraal (4) Enigszins oneens (5) Oneens (6) Zeer oneens (7) Weet ik niet (8) Ik gebruik sociale
media voor sociale redenen. (1) Ik gebruik sociale media wanneer ik voel dat ik negatieve gevoelens moet uiten. (2) Ik gebruik sociale media voor erkenning van mijn
expertise en om daarmee respect te krijgen. (3) Ik gebruik sociale media voor entertainment. (4) Ik gebruik sociale media om mijn kennis te verbreden en mijn denkwijze te verfijnen. (5) Ik zet dingen op mijn sociale media
die ik ervaar als persoonlijk. (6)
33
Q11 In hoeverre bent u het eens met de volgende stellingen: Nooit (1) Bijna nooit (2) Meestal niet (3) Neutraal (4) Meestal wel (5) Vaak (6) Altijd (7) Weet ik niet (8) Ik accepteer cookies, wanneer het
de enige manier is op een website te bezoeken. (1)
Ik accepteer cookies, wanneer dat
optioneel is. (2)
Ik lees de voorwaarden van cookies, voor dat ik ze accepteer.
(3)
Ik gebruik hetzelfde wachtwoord
op verschillende sites. (4)
Ik vertrouw websites die in het
verleden data gelekt hebben. (5)
Ik ga er vanuit dat veel gebruikte
websites veilige websites zijn. (6)
Ik maak gebruik van open wifi netwerken wanneer ze beschikbaar zijn (op werk, op school, in de trein of in cafés). (7)
Ik open privacygevoelige websites of apps (bijv. internetbankieren, DigiD of zorgverzekering) ook op
open wifi netwerken. (8)
34
Q12 In hoeverre bent u het eens met de volgende stellingen: Zeer eens (1) Eens (2) Enigszins eens (3) Neutraal (4) Enigszins oneens (5) Oneens (6) Zeer oneens (7) Weet ik niet (8) Als een website die ik
regelmatig gebruik negatief in het nieuws komt rondom privacy, ga
ik deze website minder bezoeken. (1)
Wanneer de website van een bedrijf in het verleden
gehackt is geweest, vertrouw ik de website
minder. (2)
Wanneer een bedrijf op een goede manier reageert
op online gelekte data, blijf ik hun website
bezoeken. (3)
Wanneer een bedrijf gehackt wordt en er wordt
data gelekt, vind ik het goed dat ze de schuld bij
de hacker leggen en niet bij het bedrijf. (4)
Ik vind dat mijn gegevens veiliger zijn wanneer ik ze op elk willekeurig moment kan inzien en wijzigen dan wanneer dit enkel tijdens
kantooruren kan. (5)
Wanneer een website er betrouwbaar uitziet, sta ik
sneller gegevens af. (6)
35
Q10 In hoeverre bent u het eens met de volgende stellingen: Zeer eens (1) Eens (2) Enigszins eens (3) Neutraal (4) Enigszins oneens (5) Oneens (6) Zeer oneens (7) Weet ik niet (8) Wanneer een website enkel
up to date informatie geeft op gezette tijden (zoals tussen 08:00 en 17:00), vind
ik dat veiliger dan wanneer dit elk moment kan. (1)
Ik vind dat ik te weinig krijg van bedrijven/websites over wat er met mijn gegevens gebeurt nadat ik ze online
invoer. (2)
Ik lees de voorwaarden van cookies voordat ik ze
accepteer. (3)
Ik ben op de hoogte van mijn privacyrechten op het
internet. (4)
Ik ben het eens met mijn privacyrechten op het
internet. (5)
Ik vind dat ik genoeg geïnformeerd word door
websites/bedrijven over mijn privacy rechten. (6)
Ik vind dat ik te veel moeite moet doen om meer te leren over privacy op het internet.
(7)
Ik let op dat wat ik op internet zet niet te persoonlijk of privé is. (8)
36
Q7 In hoeverre bent u het eens met de volgende stellingen: Zeer eens (1) Eens (2) Enigszins eens (3) Neutraal (4) Enigszins oneens (5) Oneens (6) Zeer oneens (7) Weet ik niet (8) Ik ben geïnteresseerd in politiek. (1) Ik ben geïnteresseerd in maatschappelijke kwesties. (2) Ik lees of kijk regelmatig het nieuws. (3) Ik praat en discussieer regelmatig met mensen in mijn omgeving over actualiteiten. (4) Ik kan goed omgaan met de social media die
ik gebruik. (5) Ik kan goed omgaan met internet en websites in het algemeen. (6) Ik vind het prettig wanneer er een optie is om te bellen naar bedrijven en niet enkel online informatie te verkrijgen is. (7)
38
Q13 Hartelijk bedankt voor het deelnemen aan dit onderzoek! Druk nog een keer op >> om uw resultaten in te sturen.
Attachment 2: SPSS output
Factor analysis (with results of >.4):
