A comprehensive concept map for adequate protection and effective management of personal information in networked Chinese services

Purpose - This paper aims to develop a comprehensive concept map to guide adequate protection and effective management of personal information in the provision of networked services in China through comprehensively considering the multi-disciplinary perspective of personal information protection and management with respect to their multi-dimensional applications, multi-directional controls and multi-contextual analysis in today's networked environments. There arc different perspectives on what personal information protection and management is about, why and how personal information should be protected and managed in the literature. Little, however, is known about the relationships between these multiple perspectives and their implications to personal information protection and management in the real-world practice. Design/methodology/approach - A multi-methods approach is adopted in the study, including a comprehensive review of the related literature, a content analysis of the relevant laws, polices, standards, a multi cases study of the relevant network services providers and an online survey of the Chinese citizens who are the end-users of the networked services to adequately achieve the objective of this study. The concept map building technique is used as a tool for conducting the meta-synthesis of the findings from multiple data resources in the development of a comprehensive concept map for personal information protection and management. Findings - This study rationalizes the importance of the identification of personal information for adequate protection and effective management. It identifies five perspectives on personal information protection and management, namely, law, economics, sociology, information technology and information resources management for their applications at the organizational level. Five types of personal information are identified in the study for protection and management, namely, identifiable personal information, personal identity information, personal moral right information, personal civil right and interest information and personal business and transaction information. An integrated approach consisting of risk control, security control and users control is proposed for personal information protection and management in the provision of networked services in China. The study shows that not enough attention has been paid to the personal information protection and management from multi-disciplinary perspectives with respect to their multi-dimensional applications, multi-directional controls and multi-contextual analysis in the literature. There is a lack of understanding of What, why and how personal information is protected and managed in real-world practices in China. Practical implications - The investigation of the issues of personal information protection and management with respect to the relevant laws, polices, standards, networked services and organizations can lead to a better understanding of what, why and how personal information is protected and managed in real-world practices in China. The development of a comprehensive concept map for personal information protection and management can be used as an effective guideline for the formulation and implementation of appropriate strategies and policies in individual organizations for providing their stakeholders with quality-networked services in today's highly connected network environment in China. Originality/value - The paper is the first step of a comprehensive study on the protection and management of personal information for the provision of networked services in China. It provides a solid foundation for further research with respect to the personal information protection and management. It is the first of this kind of studies to answer the questions of what types of personal information needed to be protected, why and how they should be protected in conformity with laws, regulations, polices, standards and the needs of networked services and business activities of organizations.