Article Type : Research Article
Authors : Pham Van Tuan, Nguyen Kim Ngan, Tran Thi Thao Ngan, Dinh Tran Ngoc Huy, Nguyen Phuong Ngoc, Ly Thuy Linh and Pham Anh Thu
Keywords : Behaviour of sharing information on social media; Risk perception; Data security; Perception; Risk
In the context of the Industrial Revolution 4.0 with the
Internet of Things, online platforms, especially social networks, have grown
constantly and play an important part in people’s lives, making the issue of
data security increasingly important and urgent. This study focuses on users'
perception of data security risks, and to learn and measure the influencing
factors in the process of risk perception formation in relation to perceived
benefits and behaviours of sharing information on social networks. The survey
of 419 users in metropolitan cities in Northern Vietnam was conducted and
results showed that social media users of different generations have
distinctive risk perception, resulting in different information-sharing
intentions and behaviours. The authors applied SPSS 26.0 software to evaluate
the scale reliability based on Cronbach's Alpha test, exploratory factor
analysis EFA, confirmatory factor analysis CFA and structural equation
modelling SEM, One-way ANOVA test. The findings show that the scales are
reliable and the hypotheses are accepted. The study thereby aims at proposing
strategic suggestions for businesses on marketing solutions, recommendations
for consumers and authorities on creating fair legal corridors to facilitate
the businesses’ development.
The remarkable development of science -
technology has been opening up great opportunities and breaking boundaries.
Along with the great possibilities come the limitations in other aspects of
life. While the Industrial Revolution 4.0 had an impact on human rights to some
extent in terms of both legislation and implementation, the development of the
internet and social networks posed various legal challenges to the process of
recognition and assurance of human rights in Vietnam. Regarding privacy,
certain new issues related to personal data protection rights, the right to be
forgotten (droit a loubli) require codification with legal provisions, which
Vietnam has yet to pass any separate privacy law to regulate, despite being
mentioned in the 2013 Constitution. As mentioned above, technology has enabled
many actors, including governments and companies, to collect data, track and
monitor conversations, exchanges, commercial transactions and other activities
of service users, which raised the question of their personal privacy being
violated and can worsen the power imbalance between individual users and
institutions. The issue of whether users are aware of data security and privacy
or not has become so urgent that it affects not only the users themselves but
also other involved parties. Although there have been several conducted studies
on data security and the process of perceiving those risks, some of which aimed
at learning the subject’s impact within the context of social networks, there
are still limitations on the number of research works being done, as well as
the scope of the study. Based on such a study gap, this research paper is done
to study the Influences of data security risk perception on the behavior of
sharing information on social media by residents of metropolitan areas in
Northern Vietnam, thereby giving important user insights and raising the users’
awareness of the mentioned subject.
Two classical models
were used to measure behaviour intention as follows:
Theory
of reasoned action - TRA
The Theory of Reasoned Action was first developed in 1967 by Fishbein, and then modified and extended [1]. According to this theory, the individuals have the basis and motivation in their decision-making process and make a reasonable choice among the best solutions and tools to judge whether their behaviour is an intention which is determined by their behavioural intention (BI). Behavioural intention will be influenced by attitudes and subjective norms to behavioural intention (Figure 1).
Figure 1: Theory of reasoned action – TRA model.
Theory
of planned behaviour – TPB
Developed from the Theory of Reasoned Action [1]. This theory was created due to limitations of the previous theory on assuming that human behaviour is purely due to rational control. Similar to TRA, the central factor of the Theory of Planned Behaviour is the individual’s intention to perform a certain behaviour (Figure 2).
Figure 2: Theory of planned behaviour - TPB model.
The information seeking has positive impacts on systematic information processing. The demand for information stimulates people to seek and process the information systematically. Its work’s findings also revealed that the higher the intent to seek information, the more thorough and systematic the information processing will be (Figure 3).
Figure 3: Model.
Based on the above
mentioned theories, the following hypotheses were built in order to re-check
the relationship between systematic information processing, risk perception,
benefit perception and information sharing behaviour on social media.
H1:
Perceived knowledge about data security has a negative impact on users’ lack of
information about data security on social media
The concept of gaps, or
lack of knowledge, as defined in the work on “interplay between knowledge gap
and perceived risk in motivating risk information seeking” (Shadi Shakeri,
Nicholas Evangelopoulos and Oksana Zavalina) are related to the concept of lack
of information, used in the Risk Information Seeking and Processing model
(RISP), and The Planned Risk Information Seeking model (PRISM) [2]. Lack of
information is defined as the difference between an individual’s current
knowledge and the amount of information he/she deems necessary, in order to
deal with a given situation (ie, well-informed). However, the knowledge gap, as
defined herein, refers to realizing such differences. In view of lack of
information, a more cognitive approach to information gap is adopted, removing
emotional factors. The current study has been carried out based on the
classical concept of knowledge gap as a cognitive-emotional driver for
information seeking.
H2:
Perceived knowledge on data security has negative impacts on information
seeking about data security on social networks
According to people
rarely need information for information only, but they need it as a means to
serve different purposes [3]. The works in health risks confirm that people
actively seek information on risks they are aware that they are facing a
crucial decision i.e. when topics become relevant and important for them. The
Information Searching Process Model claims that the information searching is
initiated when a person becomes aware about the lack of information he or she
needs in order to understand a problem or perform a specific activity. Focusing
on this cognitive aspect of the information searching process, ASK (Anomalous
State of Knowledge) model also states that the gap between the available
information and the desired one reflects a person’s information needs,
motivating him/her to seek information [4,5].
H3:
Information insufficiency has positive impacts on information seeking about
data security on social networks
The concept of Lack of
information in the RISP model is derived from the Completeness principle in the
heuristic?systematic model of which people are cognitively optimistic and
always make the least possible effort however, they can easily try harder if
motivated [6,7]. The Completeness principle suggests that people are “capable
of trying until they are confident enough that they have well accomplished
their set goals”. When an individual’s current knowledge does not meet the
level of confidence to fulfil his or her goals, they may fall into a lack of
information. Then, according to the RISP model, when such lack of information
reaches high enough, such persons start searching for information. In addition,
then, he/she is more motivated to participate in systematic processing
(in-depth and thorough evaluation of information) rather than in empirical
processing (superficial evaluation of information).
H4:
Systematic information processing is positively influenced by perceived
knowledge about data security
Background knowledge is
a factor affecting the hypothetical information processing in the HSM system
[8]. The previous literature has shown that the background knowledge has
positive impact on the systematic information processing. Trumbo and McComas
have shown that people are motivated and capable of applying the systematic
strategies to process information as they acquire more knowledge. “Systematic
information processing is positively affected by available knowledge” is also
supported after accreditation.
H5:
Information seeking has impacts on systematic processing
The systematic
processing is deliberative and conducted by analysing, comparing, and judging
information, whereas heuristic processing is based on simple decision rules to
arrive at a judgment [9]. HSM assumes that individuals often perceive things in
a simplified way and that heuristic processing is preferred because it requires
less effort. However, the heuristic processing tends to make subsequent
judgments and behaviours less stable than the systematic one. Therefore, the
authors have used the systematic processing to put into the model and test
hypotheses [10].
H6:
Information insufficiency has impacts on systematic processing
The lack of information
is again influenced by affective responses to risks (emotions) and
informational subjective norms. Firstly, strong emotional responses such as
anxiety or anger are likely to worsen the lack of information, which in turn
leads to information seeking. Secondly, the lack of information is influenced
by the informational subjective norms. Those norms refer to individuals’
perceptions of whether others think they should know about a particular risk,
and the higher they are, the worse the lack of information becomes. Recently,
have noted that the informational subjective norms do not only indirectly
influence the information searching and processing due to the lack of
information but can also directly affect the same [11].
H7:
Systematic processing has impacts on perceived risks
Information processing
is another determinant of risk perception. The previous scholars have extended
the information processing model according to the HSM to figure out influences
of the information processing on individuals’ risks.
H8:
Systematic processing has impacts on perceived benefits
In the study on
“Consumers’ perception and information processing affect their acceptance of
genetically modified foods in China: A risk communication perspective'' it was
assumed that the benefit perception directly affects the consumers’ purchasing
intentions for the same. However, the influence of benefit perception on
information processing has not been proposed in previous studies. The perceived
benefit has positive impacts on the systematic processing”. The hypothesis set
as the following model has been proved to be significant, thereby confirming
the relationship of perceived benefits and systematic processing. However,
there still exists a research gap in the social network context in Vietnam, so
in order to test the relationship between the systematic processing and the
perceived values, the authors have made a hypothesis that the systematic
processing has impacts on perceived benefits.
H9:
Perceived knowledge about data security has positive impacts on data security
perceived risks
The studies with
various findings have been performed on relationship the perceived knowledge
about data security and perceived risks of the same. The work formalized the
relationships between the three constructs, by considering knowledge gap as
both a cause of perceived risk and a driver for information seeking. The
knowledge gap is recognized by individuals when “they encounter differences or
lack of awareness in their environment” Many scientific literature has
considered uncertainty as a component of perceived risk and have found a link
between the knowledge gap and the sense of uncertainty or perceived risk [12].
The study, has hypothesized: The knowledge gap has positive impacts on data
security risk perception.
H10:
Perceived risks have negative impacts on intention to share information on
social networks
According, there are 5
factors of risk perception that often come into mind, consisting of: financial,
performance, physical, psychological, and social risk. In addition, pointed out
that time risk perception is also an important component of risk perception
factor group. The time risk perception is related to the perception of time
loss, convenience. The time risk perception is more common in online situations
and social media; and many studies have shown that the time/convenience risk is
the Consumers’ experience of inconvenience and time consuming due to
difficulties in website navigation or data security. In the current growing
social network context, users’ sharing information through social networks
hides a certain degree of risk.
H11:
Data security perceived benefits have positive impacts on a users’ intention to
share information on social networks
Intention is seen as a
direct predictor of actual behaviour. The stronger a participant’s intention or
attempt for behaviour is, the more successful they are expected to be in
implementing that behaviour. However, the degree of success will depend not
only on one’s wishes or intentions, but also on non-material factors such as
availability of necessary opportunities and resources (for example: time,
money, skills, cooperation of others, etc.) To the extent that a person has the
necessary opportunities and resources and intends to behave, he/she will be
successful in executing such behaviour, the intention will be the correct
predictor of the actual behaviour [13].
H12:
Impact of intention on the behaviour of sharing information on social networks
The intention is a driver of human consciousness
to take action [14,15]. The intention to continue sharing information on social
networks is what users think they will decide whether to continue sharing
information or not argues that intention is considered to be an indicator of
the degree of willingness to approach a certain behaviour and their attempt to
do the same. In addition, the research model mentioned in H11 also confirms
that the intention to share information positively affects information sharing
behaviour on online communities. So whether the intention to continue sharing
information on social networks really affects the behaviour of sharing the same
or not, if so, what is its influence degree, impact on the behaviour? To answer
this question, the research team proposed the research hypothesis: Impact of
intention on the behaviours of sharing information on social networks.
From actual growth of social networking associated with the risks of data security and the necessity for research on influences of data security risks on users’ use of social networks, together with summary of the works of previous scholars, the research team has proposed the following model (Figure 4).
Figure
4: Proposed
research model
Data
collection method
The secondary data used
in the study are collected from statistics from various sources such as the
Ministry of Information and Communications, Department of Cyber Security, etc.
through previous relevant domestic and international research papers, reports,
documents, theses on data security perceived risk and information sharing on
social networks: factors and theories that have been given and proven
previously to have impacts on the users’ behaviour of sharing information on
social networks. The primary data sources are collected by distributing online
questionnaires via email and social network groups (Facebook); distributing
questionnaires directly in 9 provinces/cities in the Northern Vietnam,
consisting of Hanoi, Hai Phong, Vinh Phuc, Bac Ninh, Ha Nam, Thanh Hoa, Thai
Binh, Nam Dinh, Quang Ninh. Regarding the survey via email and social networks,
the research teams received 450 responses within 4 weeks (After cleaning, there
were 419 valid votes) [16].
Data
analysis method
Through document review, the research team
selected the questionnaires, refined the data, encoded the necessary
information in the questionnaire, entered data and analysed the same using SPSS
software version 26.0 with the following steps: Making statistics of
characteristics of the research samples, assessing scale reliability, testing
the scale value by the exploratory factor analysis – EFA which is evaluated
through the following criteria: KMO coefficient, Bartlett test, factor load
factor and variance extracted, thereby synthesizing main factor groups. Then,
the scale was tested by confirmatory factor analysis - CFA and structural
equation modelling SEM to check the model’s appropriateness and the research
hypotheses. Finally, the One-way ANOVA test was carried out. The study thereby
tested the hypotheses given at the beginning and assessed the regulatory
effects on the user’s behaviour of information sharing on social networks. The
study learned 419 respondents’ opinions related to the criteria of factors
affecting information sharing behaviour. The scale using SPSS software
initially 419 respondents initially shows that the variable RISK6 is removed
because it fails to meet the scale reliability requirement which requires all
variables to be within the allowable confidence level (Cronbach's Alpha
coefficient > 0.6 and load factor > 0.5). After removing non-conforming
variables, the remaining variables were tested for the scale by CFA method. The
CFA test results of all groups of variables are consistent with market data and
differentiated value is reached because the correlation coefficient between the
variables is less than 0.9 [17-19].
Analysis
of synthetic reliability test results and variance extracted
The synthesis results of assessing the scale reliability are qualified, so the authors can continue to analyse in the SEM model based on SEM indexes, consisting of TLI = 0.988, IFI = 0.919, CFI = 0.918, GFI = 0.875, CMIN/df = 1.856 and RMSEA = 0.045, although the variance extracted of the SP variable is slightly low. Based on the calculations of the synthesis reliability and the variance extracted, it is concluded that the research concepts have achieved differentiated values (Table 1).
Table 1: Calculation of synthetic reliability and variance extracted.
Analysis
of research hypotheses test results
Figure 5: SEM model.
In addition to the SEM test results, the hypotheses also show (Figure 6).
Figure 6: Research hypotheses test results.
Based on the results
shown in the figure above, all the hypotheses are accepted and statistically
significant with P-value of less than 5%. There are 3 easily recognizable
negative correlations which are Perceived knowledge about Data Security towards
Information Seeking and Information Insufficiency (-0.144 and -0.225); Risk
awareness towards Users’ intention to share information on social networks
(-0.132). For the remaining relationships, the user’s behaviour of sharing
information on social networks is most strongly influenced by their intention
to share information (regression index reaches 0.657). And the Data Security
Perceived Risk gets the least positive impact from the Perceived Knowledge
about Data Security. It can be seen that information processing positively
affects data security risks and benefits perception. In addition, the perceived
benefits have positive impacts on the information sharing intention while the
perceived risk has negative impacts on the same. The more users become aware of
the possible risks of information sharing, the more they consider their
intentions. The information sharing intention has positive impacts on the
information sharing behaviour and has the strongest impact (0.657).
Analysis
of test results of hypotheses about differences between factors in the research
model
When testing the differences among different generations of the factors in the research model, the authors concluded that all judgments, except for that related to the systematic processing, are true. However, there is still a need for more representative studies with more practical questions which better describe meanings of the factors in order to have more evidence to support these judgments (Table 2).
Table 2: Test results of hypotheses about differences between factors in the research model.
Factor |
Synthetic
reliability |
Cronbach
Alpha (SPSS) Coefficient |
Variance
extracted (AVE) |
Variance
extracted (SPSS) |
Perceived
knowledge about data security (KNOW) |
0.827 |
0.826 |
0.546 |
0.658 |
Information
seeking (SEEK) |
0.727 |
0.726 |
0.400 |
0.549 |
Information
insufficiency (LACK) |
0.814 |
0.800 |
0.690 |
0.835 |
Systematic
processing (SP) |
0.785 |
0.783 |
0.423 |
0.536 |
Perceived
benefits (VALUE) |
0.811 |
0.810 |
0.421 |
0.514 |
Data
security perceived risks (RISK) |
0.806 |
0.809 |
0.457 |
0.561 |
Information
sharing intention (YDINH) |
0.902 |
0.901 |
0.696 |
0.772 |
Information
sharing behaviour (HV) |
0.831 |
0.831 |
0.498 |
0.598 |
Judgment |
Conclusion |
There are differences in data
security perceived knowledge among different generations. |
Accepted |
There are differences in seeking information about
data security among different generations. |
Accepted |
There are differences in lack of information among
different generations. |
Accepted |
There are differences in systematic processing among
different generations. |
Rejected |
There are differences in data security perceived risks
among different generations. |
Accepted |
There are differences in data security perceived
values among different generations. |
Accepted |
There are differences in the intention of
information sharing on social networks among users of different generations. |
Accepted |
There are differences in the behaviour of
information sharing on social networks among users of different generations. |
Accepted |
For users-For Baby Boomer generation (those born
between 1955 and 1964): Baby
Boomers are the oldest generation to participate in this study and one with the
latest and shortest time exposed to technology and social media. Due to their
generational characteristics, Baby Boomers did not pay much attention to issues
related to technology or social networks, nor did they have many opportunities
to access and adopt the new “tricks”, which results in their little knowledge
about the risks of information sharing on social networks, especially in
Vietnam. It is suggested that Baby Boomers limit the risks of using social
networks by learning more about personal data security on social networks
through their younger family members or acquaintances, such as the Z Generation
who are highly quick with social media.
For X Generation (those born between 1965 and 1979): Generation X, like Baby Boomers, are
suggested to seek more information upon data security on social networks from
various sources. In today’s world where the tool of social listening is being
fully utilized to collect users’ data through their digital footprints,
personal information is even more vulnerable.
For Y Generation (those born between 1980 and 1994): Born and raised in the era of the
Internet, the Y Generation is, to some extent, exposed to technology which has,
in turn, partly influences their behaviour. According to the data output,
Generation Y is the most aware of the risks, negative perspectives, and
consequences of information sharing on social networks, leading to their
needing to seek more knowledge. Therefore, the study recommends that Y
Generation continue to learn more about the issue to perform rational
intentions and behaviours on social networks, and prevent risks of data
security violation from business, organizations, or third parties.
For Z Generation (those born between 1995 and 2008):
Born and currently
living in the era of digital technology development, which comes with a
gigantic amount of data, Generation Z is forced to make more efforts in seeking
and selecting information. The Z Generation should enrich their knowledge about
data security, specifically on privacy policies and how to secure their data
since the current technology world is rapidly changing day by day.
For
businesses
Recently, CSR
(Corporate Social Responsibility) is very popular and has been widely applied
in many companies, proving its power in long-term growth, which requires
special attention from businesses in general and those operating on social
networking platforms. In terms of CSR, protection of customers’ personal
information for businesses in the 4.0 era should ensure the following aspects:
Firstly, it should be
aimed at realizing the compliance of the business with social network users
through its commitments to protecting personal information as well as enhancing
security. In addition to good protection of users’ data, the businesses need to
eliminate violations to the users’ data.
Secondly, in terms of
information transparency: Social networking platforms should develop and
declare their information protection policies on websites. In this policy, the
businesses should clearly state their purpose of collecting personal
information, commitments to personal information protection and
confidentiality, and corporate responsibilities for disclosure of personal
information, etc.
Thirdly, the corporate
social responsibility is not about flashy, attention-grabbing activities but
the true act of protecting its customers. In the field of social networks, CSR
can come from the deed of actively tightening privacy terms and policies.
Setting up a “barrier” to secure users’ data will help users feel more secure
and safe on the social networking platform.
Fourthly, to organize
propaganda and education activities for everyone about network security, how to
protect their data when using social networking platforms. Today, social
networking has become an indispensable need in every person’s life; the social
networks are used anytime, anywhere.
In addition to CSR
activities, the businesses should also increase their security system to avoid
attacks, minimize cyber frauds and comply with policies and laws enacted by
authorities to avoid unfortunate circumstances such as lawsuits between users
and social networking platforms.
For
state management agency
Firstly, it is necessary to build a unified law
for this issue to overcome the current dissipation of many documents and
concretize and supplement stronger and stricter legal enforcement institutions.
Secondly, there should be a national data strategy that serves as the
foundation for an overall national action framework, which covers coherent
coordination of all three sectors: public, business, and social functions. The
introduction of good policies for the users’ interest protection will
contribute to increasing their trust in social networks, thereby promoting the
development and sharing of information on social networks. The government,
agencies, departments, and ministries should focus on researching and proposing
policies for social network users’ personal information and data protection.
Also, effective channels should be built to help users easily access, reflect
and receive information such as Facebook pages, Official portals of Ministries,
Agencies, and Departments. The management agencies and authorities should have
solutions to raise users’ awareness of the importance of information security
on social networks. The Ministry of Information and Communications should have policies
and reforms to facilitate the businesses to enter the Vietnamese market, and
those who have been involved or will be involved in cyber security. Besides,
there should also be regulations and penalties for social networks which work
with a third party to illegally use their users’ information; prevent
unauthorized access and attacks of other types on the internet.
The research results show that all hypotheses
are accepted in this study. There are 3 hypotheses with negative correlation,
which are H1 - information seeking, H2 - perceived knowledge about data
security, showing the impact of background knowledge about data security on the
lack of information and information seeking; and hypothesis H10 data security
perceived risk has negative impacts on the users intention of information
sharing on social networks. The variable of intention has the strongest impact
on the behaviour of information sharing on social networks, reaching 65.7%. In
the last part, the authors test the differences of factor groups among
different generations. The results show that except for the Systematic
Processing, the remaining factors have differences among the four targeted
generations (Baby Boomers, X, Y, and Z generations). The data was collected in
metropolitan areas in Northern Vietnam however, respondents are focused in the
central cities such as Hanoi and Hai Phong. These are developed cities, where
people are familiar with using social networks in general and information
sharing behaviours in particular and already had a certain level of perception
about the risks of data security on social networks. As such, the authors,
thereby, could not conclude the same for other cities/provinces. The study also
had difficulty in examining subjects for generations as it was carried out in
the Covid-19 outbreak and social distancing, leading to obstacles in in-depth
research. All of these can make this study less comprehensive and
representative for all generations. Despite the above limitations, it is
expected that future studies will overcome these problems and bring innovative
findings in this regard
Thank you editors,
friends and Mr Dinh Tran Ngoc Huy to assist this publication.