Reducing data privacy breaches: an empirical study of relevant antecedents and an outcome

PurposeThis paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.Design/methodology/approachA cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.FindingsThe exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.Research limitations/implicationsThis study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.Practical implicationsThe results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.Originality/valueAntecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.