Executive summary

With the increase in the importance of information and communications systems in the era we are living in it becomes vital for every organisation to embrace them since they offer a wide array of opportunities to them (Agre and Rotenberg, 1998). Moreover, the increased use of these information systems as well the tremendous advancements occurring in the same field has compromised the privacy of many customers and employees of these organisations. This is mainly because they end up giving up much of their personal information whose privacy is not fully guaranteed. Thus despite the advantages which come with these information and communication systems they are also the main contributor to the breach of privacy since information captured in these systems is easily retrievable hence finding its way in the wrong hands (Marcella and Stucki, 2003).

Moreover, despite a great number of people treasuring their privacy they also ends up compromising it willingly since no one can actually live at this age without compromising deal of their privacy. This mainly occurs as a result of the organisations which they join or are involved in whereby their personal information must be availed (Karyda, Gritzalis, Park and Kokolakis, 2009). For instance, financial institutions offering credit cards and cash cards whereby someone’s personal information can be tracked in terms of their financial status and shopping behaviours. The other obvious example of compromising privacy is through the usage of the social networking whereby if the information is not regulated then it becomes possible for accessibility of your personal information which in turn can be used against you (Bahadur, Chan and Weber,  2002).

Moreover, the privacy within organisation is often compromised through unauthorized information accessibility, loss of the information and misconduct by the organisation employees. All of these three means are usually the leading causes of the compromise of privacy within most of the organisations (Abbas, Magnusson, Yngstrom and Hemani, 2011).




In this electronic age we  are living in raw data or information has increasingly become very crucial hence the need for  the upholding of high levels of privacy  arises. With the  current advancements in the communication and information systems management their utilisation by organisations has also been on increase as a result of the role they play in the facilitation of daily operations of these organisations (Bahadur, Chan and Weber,  2002). Thereby this has  necessitated the importance of protecting personal information as a result its increased significance in our sense of privacy. Thus irrespective of the activities  associated with any organisation the communication and information management has to ensure that there is adequate privacy maintenance (Wirtz, Lwin and Williams, 2007). This is due to the fact that most of the information harboured  by these organisation involves the personal information of their employees as well as their customers. However, a great number of customers will only be interested to  deal with an organisation if only the assurance of the protection of their personal information is guaranteed (Abbas, Magnusson, Yngstrom and Hemani, 2011).

To many organisations the communications and information systems management leads to the provision of a great number advantages to the organisations well as its stakeholders. However, among those advantages the apparent one within the working environment remains to be the situation whereby it manages to be able to link as well as empowering employees within such organisations (Wirtz, Lwin and Williams, 2007). This mainly because electronic communication within the organisation ends up increasing overall communication within it. This situation is very crucial since it allows people from different units and department of the organisation to interact amongst themselves thereby enabling the promotion of horizontal communication (Agre and Rotenberg, 1998).

Moreover, there is also the obvious advantage manifested  by the increased ease of information accessibility whereby the information is usually stored in an organised manner which makes its retrieval quicker (Mbanaso, Cooper, Chadwick and Anderson, 2009). However, these organisations are not supposed to over too much electronic information as well as communications mainly because there are high chances of leading to an increase in alienation of employees mainly because there is an increase in impersonality whereby in relation to this the communications and information management leads to an increase in the boundary spanning (Abbas, Magnusson, Yngstrom and Hemani, 2011). Moreover, an employee is capable of accessing the required information in any area while he or she is within the organization as  a result of using the appropriate technology which is very crucial in facilitating the task. This phenomenon proves to be very vital to the organisation since it eliminates the repetition of information need thereby promoting non-redundancy (Chieh and Kleiner, 2003).

The use and the management of the information and communication systems by the organisation usually means that these organisation are not supposed to entirely rely on the human error fallibility, which is usually the subject to erosion and error. This is due to the fact that these systems enables the information storage, retrieval as well as  the  communication of the same information far more easily, efficiently  and effectively. However, many are the times when  these information and communication systems usually cause an information overload, which means the organisation managers will have to definitely sift through a voluminous amount of data that is stored within the systems thereby hindering a decision-making process that is timely (Mbanaso, Cooper, Chadwick and Anderson, 2009). Moreover, the problem of information overload does not always arise as a result of the systems problem but mainly as a result of a problem in the process of documentation. Furthermore, most of the organisations managements usually tend to alleviate the prevailing problems in their communication and information systems with increase in the advancement of new technologies (Abbas, Magnusson, Yngstrom and Hemani, 2011).

Management of communication and information systems and privacy

Privacy is a very crucial aspect of fundamental human rights which should be held concerning individual information. This situation should be maintained a secret by the organisations which an individual deals with may it be banks, hospitals, learning institutions or credit card organisations (Agre and Rotenberg, 1998). Thus any personal information provided to these organisations should always remain a secret and should at no one time be revealed without the individuals consent. This aspect involves both the employees and customers of an organisation. For instance, depending on the advancement in communications and information systems your credit card company is usually capable of knowing the places you like visiting as well as tracking your shopping behaviours (Blogging, 5). This conforms with the aspect of just doing away with the strict privacy but also be in a position to be prevented by such organisations which should ensure your personal information does not leak to the public.

Moreover, your internet service provider is also capable of getting a lot of your personal information. For instance,  they usually knows what computer model you own whereas at the same time they are also capable of knowing your interests, preferences as well as your living style since they are capable of tracking the sites you often visit. If you are for example interested in celebrities nude photographs your internet service provider is capable of knowing this. However, the main question arises at this level concerning to what these companies will do with this information (Abbas, Magnusson, Yngstrom and Hemani, 2011). Hence as long as someone has to conform with the modern way of living it will always be inevitable to keep their information secret any longer mainly because majority of the services we will ever need will require revealing our personal information to the respective service provider organisation of which you do not have a hundred percent guarantee that the information will permanently remain secret from the public (Karyda, Gritzalis, Park and Kokolakis, 2009).

Alternatively, despite people treasuring their privacy so much it is apparent that nowadays our privacy  which constitutes our illusive personal seclusion quality is without any doubt shrinking at a very tremendous rate as a result of continued expansion and advancements of the information revolution. Moreover, the privacy may have various meanings regarding to the context in which it has been used (Wirtz, Lwin and Williams, 2007). For instance, the drastically growing of the internet usage as well as other aspects of communications and information technology raises various concerns regarding to the information privacy. Moreover, there has been attempts by the involved companies to make sure that any personal information revealed un to them is maintained private. Others gives their customers and employees the mandate to be in charge of the control of their personal information hence being able to regulate the accessibility, acquisition, disclosure and usage of their personal information (Mbanaso, Cooper, Chadwick and Anderson, 2009).

Always there has been leakage of peoples’ personal information which therefore necessitates the need for maintenance information privacy mainly on the basis of two propositions. Firstly, the personal information require to be controlled by the individuals themselves since accessibility of peoples’ private information may be used in harmful ways that will potentially pose a danger to the information owner. Secondly, irrespective in a harmful manner there also the potential that the personal information is capable of being used unfairly, improperly, or even for other purposes that were not intended by an individual (Bahadur, Chan and Weber,  2002).

The information and communications systems are nowadays leading to the erosion of the organisations’ information privacy which is mainly occurring in three major ways. Firstly, there has been an increase in the information accessibility. This is not to mean that the information which was previously confidential nowadays become public, but it is mainly because the communications and information technology systems is rapidly changing what the meaning of  the word public (Abbas, Magnusson, Yngstrom and Hemani, 2011). For instance, computer networks are capable of making sure that public access may be used to mean the whole of the on-line world. Secondly, the ways in which information has been collected also contributes to a reduction in information privacy (Gurau and Ranchhod, 2009). This is mainly because the electronic databases have the  power to collate as well as sharing of extensive information about an individual which ends up creating someone’s profile in these databases.  Thirdly, as a result of information storage an ubiquity of these systems therefore allows generation of a huge volumes of information that are redundant usually kept for longer periods (Peel and Rowley, 2010).

However, over the recent past the communication and information technology systems are rapidly contributing to the destruction of a large number of the characteristics of our protean and vague concept of privacy (Agre and Rotenberg, 1998). Therefore these changes enables us to consider afresh the amount and nature of our personal information that we are interested in keeping private as well as the best ways on  how to achieve it (Chieh and Kleiner, 2003). This phenomenon at least ensures that there is a bit of control on the information which we release to the public hence to some extend controlling the extend of information privacy achieved by an individual (Tsarenko and Tojib, 2009).

Alternatively, in order for ensuring that there is enough control over the personal information there is however the need to have more effective legislations, that ensures that organisations expressly acknowledges their customers and employees ownership of personal information as well  as giving them the means on how to protect that information as among one of their main goal (Gurau and Ranchhod, 2009). In addition, there would also be the need of recognising that with the prevailing market conditions whereby it is always a consumer-driven one, peoples’ personal information has already gained a market value,  this therefore necessitates  the need for the protection of this information and more so when it is likely to be used by other people for their personal gain may be in terms of finances or otherwise (Karyda, Gritzalis, Park and Kokolakis, 2009). Thus these organisations always deserves to act as privacy guardians of  individuals’ personal information as well as acting in the screening of the individual’s information that is shared with the other people as well as globally (Marcella and Stucki, 2003).

Examples of situations which hinder peoples’ privacy

It is surprising top note how  the  current generation is very willing to give up information relating to their privacy mainly by joining social networking groups such as MySpace or Facebook. Thus under these circumstances it is hard to believe that anybody who is such willing to avail his or her private information in this careless ways has any right of complaining for the privacy of their issues (Abbas, Magnusson, Yngstrom and Hemani, 2011). For instance, if someone has no vested interested it is therefore not there business to know you privately live as well as viewing your daily routines (Blogging, 5). Moreover, people who use these social networking sites such  as MySpace and Facebook are simply interested in keeping contact with their friends, however they are not capable of realising to  what extent they are ending up giving their privacy (Peel and Rowley, 2010). Thus these exposes a lot of your personal information whereas it could have been possible to keep contact with your friends  and family using other means such telephone hence keeping your privacy. Moreover, this  does not  guarantee a hundred percent privacy mainly because even the calls you make are usually recorded and can be retrieved by the service providers at their wish (Gurau and Ranchhod, 2009).

The increase in the embracing of technology has greatly contributed to the undermining of our privacy mainly because there is  always a consistent posting of private information on the web. Moreover, it is not the web which only consists of a lot of only everybody’s confidential information but also most of the organisations involved in credit cards or cash cards that we are fond of using on daily basis consists of a lot of our financial data (Peel and Rowley, 2010). For instance, all the things we buy using the credit cards are known through the credit cards whereas our financial status can be known by use of the cash cards (Abbas, Magnusson, Yngstrom and Hemani, 2011). Under these circumstances, it is however what is at stake is indeed our financial privacy. Therefore, if we are aware of this knowledge and continues using those cards then we are and we are just giving up our privacy right willingly. Thus it must be admitted  that during this era in which we are living it is very hard retaining our personal lives privacy because the technology nowadays constitute a big role in our societies (Tsarenko and Tojib, 2009). However, despite this situation it is necessary to take the necessary precautions so as to try as much as we can to avoid publicly revealing much of our personal information (Chieh and Kleiner, 2003).

On contrary, when the governments choose to violate their citizens’ privacy in very obvious ways, this therefore becomes the responsibility of the people to seek for the restoration of their privacy even though this is not always guaranteed (Bahadur, Chan and Weber,  2002). For instance, the England government has a great control over its citizens, yet the represented populations are just comfortable with it. For example, each and every corner of all the street is installed with a camera hence accessing more control of every step of their citizens (Marcella and Stucki, 2003). Moreover, this installation of cameras has also been extended in the households of people. However, in overall this is purported to be done in order to adequately provide the security for the English citizens but this is without any doubt infringing into peoples’ privacy and way of living (Agre and Rotenberg, 1998).

However, most of the large organisations nowadays possess the finest communications and information technology systems which ensures  that their information cannot be intruded leading to the leakage to the public thus affecting their privacy (Blogging, 5). Moreover, they also purport to have on board the finest and brightest information technology technicians responsible in maintaining the information systems in order to ensure adequate protection from hackers who may access the organisation’s private and vital information (Abbas, Magnusson, Yngstrom and Hemani, 2011). However, despite all these measures at once in a while these organisations have fallen victims of unauthorised data accessibility to their private information concerning the customers or employees mainly to the employees themselves, clients and customers.

The main causes of breach of privacy in organisations

Irrespective of many organisations trying their best not in any way to compromise their customer and employees privacy. Sometimes their efforts are overwhelmed by the forces that are always interested in ensuring the there is privacy compromise. These are mainly as a result of unauthorized access to information, stolen or even lost information as well as actions carried out by dishonest employees (Chieh and Kleiner, 2003).

However, the unauthorized accessibility of information that is regarded private in any organisation forms the basis of the breach of privacy among these organisation (Bahadur, Chan and Weber,  2002). Thus companies involved in storing and maintaining private information belonging to both businesses and individuals have the obligation of safeguarding this information by use of the most recent technology methods and applications available (Agre and Rotenberg, 1998). Thus there is always need to ensure the privacy of the customers and employees is maintained by preventing the accessibility of this information to the public. Hence some organisations have opted to be encrypting their customers’ information in continual attempts of safeguarding this information from unauthorized access (Abbas, Magnusson, Yngstrom and Hemani, 2011).

The loosing of information either through loss or even theft of the devices containing the information such as the notebook or laptop computers also leads to the revealing of vital private and confidential information (Chieh and Kleiner, 2003). A great number of computers that are stolen or lost on annual basis whereby only a very small percentage of these devices is ever recovered by their owners meaning that there are high chances that the information contained in these devices has the potential to be misused by those get hold of them (Bahadur, Chan and Weber,  2002).

Employee actions are also very responsible aspect which leading to the breach of privacy within the organisations mainly because of lax attitudes of the employees toward security or even through their dishonest actions (Bahadur, Chan and Weber,  2002). For instance, a recent survey that was carried out by the Ponemon Institute led to a conclusion that there is an increased number of employees end up more lax when it came to the issues of  compliance with data security guidelines within their organisations (Karyda, Gritzalis, Park and Kokolakis, 2009). Moreover, if these dishonest actions by employees are checked there would be a reduction in the cases of compromise with the customers privacy. However, despite the necessary measures been taken nowadays it remains very hard to completely maintain a hundred percent of the privacy the information within organisation (Gurau and Ranchhod, 2009). Hence there is always the need to make sure that necessary measures are taken into consideration to avoid unauthorised access to the organisation’s information (Peel and Rowley, 2010).


An individual’s privacy is always a very crucial and fundamental right for each and every one. However, a great number of people are taking it for granted since they compromise their privacy willingly (Peel and Rowley, 2010). This can be accounted from the activities they are usually involved in on daily basis. This includes consistent involvement in the social networking site whereby they end up giving up most of their personal information leading to the revelation of personal details which could later be used against them (Abbas, Magnusson, Yngstrom and Hemani, 2011).

Moreover, someone privacy is not in any point guaranteed leading to the compromise of privacy in the era in which we are living in. This is mainly because most the services offered nowadays are always monitored and this leads to the tracking of every detail of the daily operations of an individual (Tsarenko and Tojib, 2009). For instance, the social networking are capable of revealing most of your personal information if you have not regulated to what extent your personal information can be accessed. Moreover, other services such as the credit cards and cash cards can also provide almost all your financial information which can also be used in later against you (Karyda, Gritzalis, Park and Kokolakis, 2009). This may therefore result in detrimental actions which could in other words be placing your financial situation at stake.

Finally, there are several causes which may result to the compromise of the customers or employees privacy within organisations. For instance, unauthorised access to information may reveal very crucial information about an organisation concerning its employees as well as customers. This leaked information may in turn end up being used later against the whole organisation or specific individuals (Agre and Rotenberg, 1998). Also the loss of the data may end facilitate its accessibility to the public. This may occur through normal loss or theft. The employees conduct is also another issue that can be considered crucial in facilitating the compromise of privacy within organisation if they do not adhere to the code of conduct in many organisation which requires that no one should reveal information about the organisation unless authorised to do so (Blogging, 5). However, it has become apparent that it is hard to keep our privacy totally however necessary measures needs to be taken to ensure it is only revealed at unavoidable circumstances (Gurau and Ranchhod, 2009).


Abbas, H., Magnusson, C., Yngstrom, L. and Hemani, A. 2011. Addressing dynamic issues in information security management. Information Management & Computer Security, 19 (1), pp. 5 – 24

Agre, P.E and Rotenberg, M. 1998. Technology and privacy: the new landscape. New York: The MIT Press

Bahadur, G., Chan, W. and Weber, C. 2002. Privacy defended: protecting yourself online. California: Que

Bateman, P.J., Pike, J.C. and Butler, B.S. 2011. To disclose or not: publicness in social networking sites. Information Technology & People, 24 (1), pp. 78 – 100

Blogging, B.G. n.d. Privacy in Organizations. Available at: [Accessed on 6th April 2011]

Cate, F.H. 1997. Privacy in the information age. Washington, DC: The bookings Institution

Chieh, C.M. and Kleiner, B.H. 2003. How organisations manage the issue of employee privacy today. Management Research News, 26 (2/3/4), pp. 82 – 88

Collier, G. 1995. Information privacy.  Information Management & Computer Security, 3 (1), pp. 41 – 45

Connoly, K.J. 2003. Law of internet security and privacy: 2004 Edition. New York: Aspen Publishers

Fact Sheet 7: Workplace Privacy and Employee Monitoring. Available at: [Accessed on 6th April 2011]

Gritzalis, D.A. 2004. Embedding privacy in IT applications development. Information Management & Computer Security, 12 (1), pp. 8 – 26

Gurau, C. and Ranchhod, A. 2009. Consumer privacy issues in mobile commerce: a comparative study of British, French and Romanian consumers. Journal of Consumer Marketing, Vol. 26 (7), pp. 496 – 507

Herold, R. 2010. Managing and information security and privacy awareness and training program. 2nd ed. Boca Raton, FL: CRC Press

Hung, H. and Wong, Y.H. 2009. Information transparency and digital privacy protection: are they mutually exclusive in the provision of e-services?”. Journal of Services Marketing, 23 (3), pp. 154 – 164

Ifinedo, P. 2009. Information technology security management concerns in global financial services institutions: Is national culture a differentiator?”. Information Management & Computer Security, 17 (5), pp. 372 – 387

Karyda, M., Gritzalis, S., Park, J.H. and Kokolakis, S. 2009. Privacy and fair information practices in ubiquitous environments: Research challenges and future directions. Internet Research, 19 (2), pp. 194 – 208

Kavakli, E., Kalloniatis, C., Loucopoulos, P. and Gritzalis, S. 2006. Incorporating privacy requirements into the system design process: The PriS conceptual framework. Internet Research, 16 (2), pp. 140 – 158

Marcella, A.J. and Stucki, C. 2003. Privacy handbook guidelines, exposures, policy implementation and international issues. Hoboken, NJ: John Wiley & Sons, Inc.

Margulis, S.T. 2003. Contemporary perspectives on privacy: social, psychological, political and economic issues. Malden: Blackwell Publishing

Mbanaso, U.M., Cooper, G.S., Chadwick, D. and Anderson, A. 2009. Obligations of trust for privacy and confidentiality in distributed transactions. Internet Research, Vol. 19 (2), pp. 153 – 173

Nissenbaum, H. 2009. Privacy in context: Technology, policy and the integrity of social life. Stanford: Stanford University Press

Parkin, J.K., Austin, S.A., Pinder, J.A,  Baguley, T.S. and Allenby, S.N. 2011. Balancing collaboration and privacy in academic workspaces. Facilities, 29 (1/2), pp. 31 – 49

Peel, M. and Rowley, J. 2010. Information sharing practice in multi-agency working.  Aslib Proceedings, 62 (1), pp. 11 – 28

Peters, A.T. 1999. Computerized monitoring and online privacy. Jefferson, NC: McFarland& Company, Inc., Publishers

Schoeman, F.D. 1984. Philosophical dimensions on privacy: an anthology. Cambridge: Cambridge University Press

Shedden, P., Scheepers, R., Smith, W. and Ahmad, A. 2011. Towards a Knowledge Perspective in Information Security. VINE, 41(2),  pp. 67-76

Sileo, J.D. 2010. Privacy means profit: prevent identity theft and secure you and your bottom line. Hoboken, NJ: John Wiley & Sons, Inc.

Singh, T. and Hill, M.E. 2003. Consumer privacy and the Internet in Europe: a view from Germany.  Journal of Consumer Marketing, 20 (7), pp. 634 – 651

Sun, J., Ahluwalia, P. and Koong, K.S. 2011. The More Secure the Better? A Study of Information Security Readiness. Industrial Management & Data Systems, 111(4), pp. 123-34

Tsarenko, Y. and Tojib, D.S. 2009. Examining customer privacy concerns in dealings with financial institutions.  Journal of Consumer Marketing, 26 (7), pp. 468 – 476

Tsohou, A., Kokolakis, S., Lambrinoudakis, C. and Gritzalis, S. 2010. A security standards’ framework to facilitate best practices’ awareness and conformity. Information Management & Computer Security, 18 (5), pp. 350 – 365

Turnbull, I.J. 2009. Privacy in the workplace. 2nd ed. Ottawa: CCH Canadian Limited

Wirtz, J., Lwin, M.O. and Williams, J.D. 2007. Causes and consequences of consumer online privacy concern. International Journal of Service Industry Management, Vol. 18 (4), pp. 326 – 348

Zhou, T. 2011. The impact of privacy concern on user adoption of location-based services. Industrial Management & Data Systems, 111 (2), pp. 212 – 226


Written by