Having Two Conflicting Goals in Mind: The Tension Between IS Security and Privacy when Avoiding Threats

Abstract

Despite users of personal IT devices perceive high risks of losing their personal data if their devices get lost or damaged, many are reluctant to use user-friendly online services (i.e., online backups) to recover from such incidents. We suggest that the reason for this denial are information privacy concerns because users need to disclose their personal files to the safeguard provider. As safeguarding services promise to reduce the IS security threat of losing data, individuals are subsequently tensed between two goals: protecting their data against loss (IS security) and their information privacy. To shed light on this goal conflict, our work builds on the theory of goal-directed behavior. Based on a quantitative online survey among 446 participants, we show that privacy concerns impede threat avoidance to prevent data loss. Comparing current users and non-users of online backup services, our results confirm that provider-related privacy concerns are significantly higher for non-users.