'The role of information systems personnel in the provision for privacy and data protection in organisations and within information systems'
Many societies throughout the world are currently designing or implementing national schemes for privacy and data protection (PDP). The European provision for PDP is seen by many as a model to follow and or emulate. It is argued here that in order to provide for effective PDP, organisations will need to transform the way they analyse data requirements and design systems. Fundamental to this process is the role of the information systems (IS) professional. This paper reports the findings of a research study into the relationship between IS staff and the provision for PDP within both organisations and information systems.
The study was designed to explore the precise relationship between IS staff roles and the provision for PDP. In order to facilitate this, a research instrument was designed, piloted and applied to distinct groups of IS personnel. In order to define and measure the relationship between IS roles and PDP, the study required respondents to define what roles IS staff perform and to map these roles to particular contributions they can make in supporting the data protection principles found in the United Kingdom 1998 Data Protection Act.
The research instrument was designed for use in focus group sessions and was piloted before being used with respondent groups. In order to seek a broad understanding with regard to IS roles and the relationship between particular staff and particular data protection principles different respondent groups were involved in the study. This provided insight into distinct views of what IS staff actually do and what their relationship is with regard to the data protection principles. As well as seeking input from different staff groups the study also used different techniques for data gathering and analysis. The main research method was to apply the research instrument within focus groups, this was supported by semi-structured interviews with particular staff to gain detailed and or specialist insights. Data analysis was undertaken using content analysis.
Findings are presented from groups and compared, with suggested explanations for differences noted. The main findings presented include:
The increasing pressure on organisations to provide for PDP has led
to the identification of IS staff as key contributors. It is suggested
in this paper that whilst it is accepted that the IS profession has
a contribution to make; the precise nature of that contribution has
yet to be articulated. This paper provides a starting point in that
process and identifies future research areas and themes in this important
field. A precise mapping between IS staff and the particular data protection
principles they have a responsibility to support emerges out of the
research. IS staff and the systems they produce are increasingly seen
as key organisational providers of PDP; this study identifies strategies
that can be employed to support both IS staff and organisations meet
their PDP obligations and in doing so it highlights significant implications
for the transformation of the organisations in the information age.