Abstract
The purpose of this paper is to validate two domain-specific information privacy competency models (IPCMs); the first for online consumers and the second for users of mobile applications (apps). For the validation of the competency models, we conducted qualitative research, using interviews to collect feedback by a group of nine information privacy experts. Regarding the evaluation, the experts commented largely positively for the structure and content of the IPCMs, as well as for the extent to which they achieve the intended goals. They also provided several points for improvements, which resulted in enhancing the quality of both IPCMs. The validation of the domain-specific demonstrated that this is the first study to empirically examine the privacy competencies that users of specific technological contexts should hold. The IPCMs can be used not only by educators and privacy policy makers for the design of privacy interventions, but also by e-commerce and mobile-apps providers, who could gain important insights into the way that they can be more reliable for their users. Both consumers and users of mobile-apps could benefit from IPCMs by acquiring the necessary privacy competencies through training programs for the protection of their information privacy.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
In today’s era of the internet, the explosive development of information and communications technologies has extremely facilitated individual’s life in many ways. For instance, advances on e-commerce techniques have offered new opportunities such as faster selling process or removal of location limitations [1], impressively increasing the number of users of such services. Specifically, especially after the outbreak of COVID-19, half of the consumer population (52%) prefer to shop online rather than go brick and mortar shopping [2]. Additionally, rapid growth of mobile app downloads worldwide is justified by the abundance of services offered, such as health apps [3] communication apps, location-based or payment apps [4]. Particularly, according to [5], the number of annual mobile app downloads worldwide is constantly increasing, noting 255 billion downloads in 2022, instead of 230 billion downloads in the previous year.
Nevertheless, the increasing tendency in the use of such services has also raised significant concerns about users’ information privacy. Although e-commerce services offer useful and convenient personalized recommendations, they also require the processing of large amount of personal data [6]. Moreover, mobile apps’ use is recently accompanied by users’ concerns regarding location tracking and selling personal data [7].
Literature has demonstrated significant efforts towards addressing this issue, such as investigating the factors influencing users’ self-disclosure behaviors and privacy concerns [8,9,10]. Additionally, specific recommendations have been provided to developers and experts for more effective application of privacy design principles in software development [11].
However, providers are not the only ones responsible for limiting the disclosure of personal data, but users should also assume their own responsibility acting for their privacy protection [12]. Especially effective towards this direction could be research in the information privacy competency domain, which can not only help understanding individual’s privacy protective behavior, but also trigger it [13, 14]. More specifically, competency models, which are organizing frameworks that describe the combination of specific knowledge, skills and other personal qualities required to effectively perform duties in an organization, when oriented to privacy competencies, could act as a guide to users who to apply more privacy protective behaviors. Although these privacy competency models appear to be quite promising, the relevant empirical research is still limited in literature. For this reason, this study advances the research in information privacy competency domain, by addressing one key research question: Which are the privacy competencies that a user should hold depending on the specific technological context so as to apply privacy protective behaviors?
Identifying privacy competencies that are specialized to specific technological contexts is important, because the actions that users perform may differ significantly from one online service to another (e.g., different user actions are performed when purchasing goods online compared to when installing a mobile application) and thus different competencies are involved. This is highlighted in the literature as situation awareness [15], that is “the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future”. For this reason, we selected to focus on two main objectives; first, to search for domain-specific privacy competencies in the literature and second, to strengthen existing competencies through validation and refinement by information privacy experts.
The results of this work are expected to be useful both for researchers in the information privacy domain, who can incorporate the proposed models into privacy-enhancing efforts and for users of e-commerce services or mobile-apps who wish to protect their online privacy. Additionally, e-commerce and mobile-app providers could benefit from this study, since they may acquire important knowledge and information that can lead to the increase of users’ trust toward their services.
The paper is structured as follows; Following this introduction, Sect. 2 presents the theoretical background on competency models and privacy competencies implied in the literature. Section 3 presents the methodology used for the validation of the IPCMs by information privacy experts. Section 4 presents the validation results of IPCMs and finally, Sect. 5 concludes the paper and provides useful implications and future direction in information privacy competency domain.
2 Theoretical background
2.1 Competency and competency models
Competency is a concept which has primarily been related to effective performance to a task [16]. Mcclelland [17] first states that competency is as a critical differentiator of performance between superior and average performers. Likewise, Spencer and Spencer [18] define competency as an underlying characteristic of a person which is associated with superior performance in a job situation. More broader definitions of competency state that it is a set of observable performance dimensions, including individual knowledge, skills, attitudes, and behaviors, as well as collective team, process, and organizational capabilities, that are linked to high performance, and provide the organization with sustainable competitive advantage [19]. Nevertheless, a common definition of competency refers to a set of knowledge, skills, and attitudes of an individual which are prerequisite to achieve superior job performance [20]. Knowledge refers to an individual’s awareness of the required information to complete a task, skills refer to behavioral demonstration of expertise, meaning an individual’s ability to perform a task applying own knowledge and attitudes refer to individual’s disposal to react to a situation [21].
2.2 Competency models
A competency model is a descriptive measurement tool which allows employees to agree on a common language through defining a set of competencies that are necessary for superior performance [22]. Such models consist valuable tools in many domains. For instance, in human resource management, competency models can act as criteria guide to hire employees who better respond to the given task. Boyatzis [23] proposes a competency model for managers which includes six clusters of competencies; goal and action management, leadership, human resource management, directing subordinates, focusing on others and specialized knowledge. Additionally, in vocational training, competency models can act as curricula which guides the schedule of learning activities [24]. A widely known type of competency model is the Iceberg Model, which represents competencies as an iceberg. Specifically, knowledge and skills are the visible competencies, which are easy to develop and are located on the top of the iceberg, whereas motives and traits, are the hidden competencies located at the bottom and under the water surface, which are deeper and central to personality [18].
In the Information Systems (IS) literature majority of competency models refer to professionals. Bogoviz et al. [25] propose a competency model for information technology specialists which includes both professional competencies, such as analytical thinking or technical expertise and personal competencies, such as stress resistance or learning ability. Klendauer et al. [26] introduce a competency model for software requirements analysts which comprise sixteen competencies that are crucial for an effective system analyst, such as “close interaction” or “communication with customers”. Moustroufas et al. [27] introduce a competency model for software engineers which includes three main clusters of competencies; professional, social and innovative competences. Additionally, Holtkamp et al. [20] suggest that, for software developers who work in global settings, internationalization competences are the most important followed by software design. Ying Ho et al. [28] introduce a competency model in the form of Iceberg model, which defines fourteen competencies that information technology architects should hold so as to cope with the new challenges. On the other hand, there is limited research on the development of competency models that refer to IS end-users. Prifti et al. [29] have proposed the competency model for employees with higher education in Industry 4.0., defining as essential competencies domain related knowledge and specific behavioral competencies in order to cope with new challenges that modern digitally transformed work environments include. Eschenbrenner and Nah [30] propose that a competent information systems (IS) user should hold specific cognitive competencies, such as the ability to provide meaning to immediate experiences, which work as guides for subsequent behaviors. Tsohou and Holtkamp [31] identify the competencies associated with end-users’ information security policy compliance behavior, such as perceived rewards/sanctions, self-efficacy and security awareness.
2.3 Privacy competencies
Although competency models have been effectively applied in many areas of management, little attention has been paid to the investigation of users’ competencies that lead to more effective privacy protection. Specifically, Tsohou [14] attempts to summarize privacy competencies in the information privacy competency model for citizens which indicates attributes that one should hold so as to be competent to protect own information privacy, such as knowledge, skills, attitudes and values. Moreover, two domain-specific privacy competency models have been proposed which aim to identify the privacy competencies that one they should hold for specific Internet activities [32, 33]; the IPCM for consumers, which represents indicative competencies that consumers should hold in the purchase process and the IPCM for mobile applications, which summarizes indicative competencies that users should hold during the usage of mobile apps. Further, other privacy competences can be found scattered within other competency models, which are not specialized to information privacy. Table 1 below summarizes the privacy competencies that we identified by analyzing the literature and are included in frameworks or competence models.
2.4 Validation of two domain-specific IPCMs
Despite the fact that some important steps have been taken towards the creation of specialized privacy competency models, we find that literature still lacks empirical work in this domain, as the above works only developed conceptually. Specifically, we argue that empirical work on privacy competencies will contribute not only to the understanding and establishment of current proposed competencies, but also to the addition of new ones. Moreover, as privacy competencies may vary depending on the technological context, we argue that there is a need for the understanding of the specific competencies that users should hold to deal with privacy issues when using specific online services. For example, it would be expected that a user who purchases products online should hold competencies associated with understanding the privacy policies of the merchant and the bank provider. Such competencies might be irrelevant to users of mobile applications or social media services. Following a literature search we found only two domain-specific IPCMs; the first for online consumers [32] and the second for users of mobile apps [33]. Nonetheless, both competence models were only conceptual and had not been empirically validated. In this paper, we conduct interviews with information privacy experts in order to validate those two domain-specific IPCMs. By validating the two domain-specific IPCMs, we argue that we draw significant contributions not only about the competencies that users should generally hold during online activities, but also about the specific competencies that they should hold in domain-specific environments. The analysis made by the experts contributes to the improvement of the two existing domain-specific models by adding new competencies or refining the existing ones based on expert opinion. Consequently, researchers in the information privacy domain could benefit, by incorporating the revised models into privacy-enhancing efforts. Moreover, our results could be beneficial for e-commerce and mobile-apps providers, as they could gain important insights into the way that they can provide proper guidance to users throughout the usage of such services. Furthermore, we expect that users of e-commerce services or mobile-apps who wish to protect their online privacy will also benefit, as comments of experts are expected to make the models more comprehensible to ordinary users.
3 Validation methodology
In order to perform the validation of the proposed IPCMs, we applied the expert opinion methodology. We invited 13 information privacy experts via e-mail. Nine of them finally participated in the research. Table 2 shows the academic and practical profile of the experts.
We invited the privacy experts to study the proposed models and in sequence to provide their evaluation and recommended refinements. For the assessment of our IPCMs, we relied on the success criteria by Beecham et al. [40]. Table 3 below shows our criteria to validate the IPCMs based on the success criteria proposed by Beecham et al. [40].
To assist the evaluation task and prepare the experts for the upcoming interviews, we created an interview protocol comprising the questions that could guide the experts in providing feedback in accordance with the criteria in Table 3 (Appendix 1). We documented the interview protocol in Google forms and invited the experts to study the material with the IPCMs and to answer to the respective questions that aimed to collect feedback in a structured manner. The questions were separated into four parts. The first part aimed to collect general feedback on the IPCM for online consumers, whereas the second part on the IPCM for users of mobile applications. Questions in the first two parts of the protocol were adopted and adapted—where applicable- from [12, 40]. The third part included questions which correspond to the rest of the criteria mentioned in Table 3 adapted from Beecham et al. [40], for both IPCMs. Finally, the fourth part included open-ended questions, which we developed, to allow experts to freely provide their own commends (Appendix 1). Nine privacy experts completed their feedback by responding to the Google form within the period of (April 2023–May 2023). We invited the nine experts to participate in a one-to-one interview, so that they could provide more detailed comments and recommendations. All interviews were conducted shortly after the respective participation of the expert and within the period (June 2023–July 2023).
4 Validation results
The overall evaluation by the experts was quite positive, as both IPCMs were greatly appreciated in terms of importance, structure and content, as well as in terms of the extent to which they can achieve the intended objectives. Specifically, regarding the IPCM for online consumers, one expert noticed that “it is a valuable tool to provide both a better understanding and an overall enhancement of the stances and behaviors of online consumers, P4, June 2023”. Additionally, one expert stated that “it seems that the model suffices to cover all the required areas and will be of high value, P9, June 2023”. Moreover, the rest of experts also argued that the model is quite promising and includes variety of examples. The same comments were made for the IPCM for the users of mobile apps, as the experts highlighted its importance and adequacy for the target group.
Regarding the criterion of “consistency”, all experts agreed that the level of detail given within the two IPCMs is a lot or fully consistent, and moreover, all key competencies are represented at a baseline level. Τhe comments were also encouraging for the level of granularity and abstraction, as majority of experts stated that the both the description of the elements and the examples given are quite detailed. Nevertheless, three out of the nine experts pointed out the need to further clarify or rephrase some elements of the tables, so as to be more comprehensible to users. For instance, one expert stated that “I think that some are more detailed than others—e.g., regarding the exercise of rights, I think the description is a little bit abstract compared to others, P9, June 2023”. Additionally, two experts (P5, June 2023, P1, July 2023) also pointed out the need to rephrase the elements of competencies using the word “should”, as we refer to desired skills. Moreover, one expert noticed that the element of self-image applies only to actions that there is interaction with other consumers or users (P5, June 2023). Following their recommendations, we propose changes in the two IPCMs, as presented in Table 4.
As far as the criterion called “understandable” is concerned, majority of experts argued that the representation of the IPCMs is clear enough. However, one out of the nine experts (P3, May 2023) stated that it would be useful for better comprehension to visualize the phases and the actions that each time we analyze. For this reason, we propose the addition of Table 5, which summarizes the phases and actions that were followed in each IPCM. Additionally, one expert (P9, June 2023) pointed out that there are also competencies that users should hold, during the installation process (i.e., she/he may be asked for granting permissions). In order to address this issue, we propose to extend the activities involved in the installation of mobile applications, by adding except from the pre and post installation phases, the “installation phase” as well. (See Table 5).
Moreover, most of the experts stated that it is easy to understand the path from initial visible competencies to hidden privacy competencies, as the IPCM model follows the Iceberg model. However, three out of the nine participants (P1, July 2023, P2, July 2023, P5, June 2023), noticed that it is difficult to understand what are the “initial visible competencies” vis-a-vis the "hidden privacy competencies". Following their advice, we propose to integrate the proposed framework for the design of IPCMs into the iceberg image [32, 33] and moreover, to list it next to each action that is analyzed, so as to facilitate user to each time separate the visible and invisible elements of the iceberg. Figure 1 below represents the proposed framework for the design of IPCMs integrated into the iceberg image and Table 6 shows the privacy competencies that a consumers should hold in the pre-purchase phase at the action “Recognizing and evaluating commercial communication and advertisement”.
The proposed framework for the design of IPCM
Additionally, although all the experts agreed that each information privacy competency is easy to understand (i.e., they are clearly defined and unambiguous), one expert argued that the incorporation of PMT into the IPCM needs further elaboration (P1, July 2023). Specifically, he stated that there is a need to better frame the way that motives should act as capabilities that lead to more protective privacy behaviors. For instance, he noticed that it’s not right to say that “belief on the effectiveness of protection tools” is a competence factor. On the other hand, the ability to assess the effectiveness could serve as a competence factor. For this reason, we further elaborated on the adaption of PMT for the purposes of IPCM. Table 7 below shows indicative changes that we propose to make to the IPCM for the usage of mobile applications to the element of motive in the pre-installation phase (See also Table 6; element of motives).
As far as the aspects of IPCMs that need improvement, three out of the nine experts pointed out that IPCMs could be improved regarding terminology. Specifically, experts specified the need for some elements of the competencies to be better articulated. For instance, one expert stated that we should also specify in both IPCMs that “users should be able to identify whether the content of the privacy policy is being indeed implemented in-practice—i.e., to identify possible violations of the privacy policy, P9, June 2023” (See Table 4 for the changes we made following their instructions). Moreover, another expert stated that “The privacy policy may have flows or ommisions that the consumer shoud be able to identify, P8, June 2023”. Additionally, two experts emphasized the need of enrichment of existing competencies, meaning that there is a need for further elaboration on the incorporation of PMT into the IPCMs (See Table 7). Moreover, one expert suggested that updating is an aspect which needs improvement, meaning that there are some differentiations which should be made based on the type of the service, such as specification of kind of privacy preventive behavior that the users should apply depending on the specific service. Moreover, two experts argued that appearance needs further improvement (See Fig. 1 for the changes that we propose), whereas one expert stated that both IPCMs are complete.
We requested the experts’ opinion for the ease of use of both IPCMs and more specifically, about the previous knowledge of privacy competencies that they think that are necessary for the interpretation of the IPCMs. Half of the experts stated that adequate knowledge is required, whereas the rest argued that a lot of knowledge is needed. However, all experts agreed that the addition of the iceberg image which depicts the proposed framework for the design of IPCM (Fig. 1) is quite helpful and offers significant knowledge to the user in relation to the role of the elements. Moreover, we asked participants whether they think that there is another type of competency model that would be more appropriate than the Iceberg model for the representation of IPCMs. Two experts argued that they also agree that there is not a more appropriate model, whereas rest of experts were not aware of alternatives. Finally, we also requested from experts to assess the interview protocol that we first asked to answer, and all of them agreed that the level of detail allowed them to give a fair assessment of the strengths and weaknesses of IPCMs.
5 Conclusions
Literature review indicates that empirical research in information privacy competency domain is still limited. Based on our literature analysis aiming to identify domain-specific privacy competencies, we concluded that there are only two domain-specific IPCMs, one for online consumers and the other for users of mobile applications, which however still lack empirical analysis, which can contribute to their effective application.
To address this gap and strengthen these competency models through validation, we present an empirical evaluation, based on expert opinion methodology, in which nine information privacy experts participated. The experts gave positive feedback not only for the content of IPCMs and the extent to which they can achieve the intended goals. Nonetheless the proposed valuable comments, assisted us into further advancing and improving the existing IPCMs (Appendices 2 and 3). Specifically, aiming to strengthen existing competencies through validation and refinement by information privacy experts, we proceeded to clarification changes to the wording (Table 4), which are related to the criterion of “consistency” and contribute to better understanding of the models. Furthermore, following experts’ suggestions regarding the representation of the IPCMs, we added a supplementary table which summarizes the phases and actions that were followed in each IPCM (Table 5). Additionally, aiming to facilitate the understanding of what are the “initial visible competencies” vis-a-vis the "hidden privacy competencies as proposed by three experts, we proposed both the integration of the proposed framework for the design of IPCMs into the iceberg image (Fig. 1) and moreover, placing it next to each action that is analyzed, so as to facilitate user to each time separate the visible and invisible elements of the iceberg. Furthermore, following expert’s note that there are also competencies that users should hold, during the installation process, we propose to extend the activities involved in the installation of mobile applications, by adding except from the pre and post installation phases, the “installation phase” as well. (See Table 5). Finally, following one expert’s concern that there is a need to better frame the way that motives should act as capabilities that lead to more protective privacy behaviors, we further elaborated on the adaption of PMT for the purposes of IPCM (Table 7).
Additionally, analysis of the models shows that the elements of privacy competencies (such as knowledge or digital privacy skills), are usually common, following the flow of the Iceberg model. As a result, an information privacy competent user should generally hold all the elements included in the privacy competencies (Fig. 1). Nevertheless, there are some differentiations depending on the phase. For instance, whereas the “Self-image” element does not apply in the purchase phase of online shopping, it is applicable to the post-purchase phase.
This paper offers significant theoretical implications. Initially, to the best of our knowledge, this is the first attempt for the evaluation of IPCMs (generic or domain-specific). Considering the value of situation awareness [14], domain-specific IPCMs can significantly contribute to the information privacy research field, as they can become the basis for the design-oriented awareness and education programs, which can provide internet users with the necessary competencies to protect their information privacy in specific environments. Although previous research has demonstrated some primary results regarding the investigation of privacy competencies related to domain-specific activities, empirical research is still missing. Based on our empirical investigation we have implemented improvements and extensions to both IPCMs.
The proposed IPCMs can also offer significant practical implications. The design of privacy educational interventions which refer to domain-specific environments is a demanding task, which requires a well-designed framework that includes all the necessary competencies that users should hold. Consequently, this paper could act as a guide to educators who aim to design learning interventions for users acting in the two selected technological contexts. For instance, the IPCM of online consumers, could be the basis for the design of a seminar aiming to strengthen consumers’ privacy awareness. Furthermore, policy makers could benefit knowing that there are different actions included in the purchasing process or the mobile app installation process. For instance, policy makers of mobile apps should keep in mind that users need to have easy access to privacy policy during several actions (Action 1; Using the Play Store app and finding an app and Action 2; Checking that the app is reliable). Additionally, our results could be beneficial for both the e-commerce and mobile-apps providers, as they could gain important insights into the way that they can be more reliable for their users. For instance, having in mind the importance of reading and understanding the privacy policy on behalf of privacy competent consumers, e-commerce providers could provide visual representations of their privacy policies so as to be more attractive and conceivable. Likewise, considering the value of transparency in data usage when users grant permissions, providers of mobile-apps could also provide visual representations of the app permissions that they request. Furthermore, users of such internet activities (e-commerce and mobile-apps), could also gain significant knowledge in relation to the protection of their information privacy. Especially after the application of the experts' comments regarding the criterion called “understandable”, the users themselves can more easily understand the models. Specifically, both Table 5, which summarizes the phases and actions that were followed in each IPCM and Fig. 1, which represents the proposed framework for the design of IPCMs integrated into the iceberg image, offer a better understanding of the models.
Although this paper provides useful insights into the competencies that are necessary for someone to apply privacy protective behavior, the limited number of privacy experts who participated in the validation process, is one limitation that should be considered. This research proved that IPCMs could be a valuable tool in information privacy management. Future research should involve the empirical validation of both models by users. Furthermore, another future research direction is the construction and validation of an assessment instrument for information privacy competencies. Such assessment instrument can contribute to the motivation of enhancing privacy competencies and being able to evaluate the level of privacy competencies to allow continuous improvement. Additionally, future research may include the development of professional IPCMs, such as competency models for Data Protection Officers. Finally, IPCMs could also be developed and validated for other popular domains, such as social media.
Data availability
The datasets generated and analyzed during the current study are available from the corresponding author on reasonable request.
References
Kumar, V., Prasad, C.: E-commerce: problems and prospects. Spec. Educ. 1, 1621–1628 (2022)
Bhatti, A., Akram, H., Basit, M., Khan, A.U.: E-commerce trends during COVID-19 pandemic. Int. J. Future Gen. Commun. Netw. 13, 1449–1452 (2020)
Yee, T.S., Seong, L.C., Chin, W.S.: Patient’s intention to use mobile health app. J. Manag. Res. 11, 18–35 (2019). https://doi.org/10.5296/jmr.v11i3.14776
Meena, R., Sarabhai, S.: Extrinsic and intrinsic motivators for usage continuance of hedonic mobile apps. J. Retail. Consum. Serv. (2023). https://doi.org/10.1016/j.jretconser.2022.103228
Ceci, L.: Annual number of global mobile app downloads 2016–2022. Statista. https://www.statista.com/statistics/271644/worldwide-free-and-paid-mobile-app-store-downloads/ (2023). Accessed 8 August 2023
Chen, X., Sun, J., Liu, H.: Balancing web personalization and consumer privacy concerns: mechanisms of consumer trust and reactance. J. Consum. Behav. 21, 572–582 (2022). https://doi.org/10.1002/cb.1947
Nema, P., Anthonysamy, P., Taft, N., Peddinti, S.T.: Analyzing user perspectives on mobile app privacy at scale. Proc. Int. Conf. Softw. Eng. 2022, 112–124 (2022). https://doi.org/10.1145/3510003.3510079
Gu, J., Xu, Y., Xu, H., Zhang, C., Ling, H.: Privacy concerns for mobile app download: an elaboration likelihood model perspective. Decis. Support. Syst. 94, 19–28 (2017). https://doi.org/10.1016/j.dss.2016.10.002
Kang, J., Lan, J., Yan, H., Li, W., Shi, X.: Antecedents of information sensitivity and willingness to provide marketing intelligence and planning. Emerald Group Holdings Ltd. 40, 787–803 (2022). https://doi.org/10.1108/MIP-02-2022-0065
Wottrich, V.M., van Reijmersdal, E.A., Smit, E.G.: The privacy trade-off for mobile app downloads: the roles of app value, intrusiveness, and privacy concerns. Decis. Support. Syst. 106, 44–52 (2018). https://doi.org/10.1016/j.dss.2017.12.003
Brečko, B., Ferrari, A.: The digital competence framework for consumers (2016). https://doi.org/10.2791/838886
Lavranou, R., Tsohou, A.: Developing and validating a common body of knowledge for information privacy. Inf. Comp. Sec., 26, 668–686, (2019). https://doi.org/10.1108/ICS-08-2018-0099
Papaioannou, T., Tsohou, A., Bounias, G.,Karagiannis, S.: A constructive approach for raising information privacy competences: the case of escape room games, Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13582 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 33–49, (2022), doi: https://doi.org/10.1007/978-3-031-17926-6_3.
Tsohou, A.: Towards an information privacy and personal data protection competency model for citizens. In: Fischer-Hübner, S., Lambrinoudakis, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2021. Lecture Notes in Computer Science, vol 12927. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-86586-3_8
Endsley, M.R.: Toward a theory of situation awareness in dynamic systems. Hum. Factors J. Hum. Fact Erg. Soc. 37, 32–64 (1995)
Kolibácová, G.: The relationship between competency and performance. Mendel Univ. Agric. For. Brno 62, 1315–1327 (2014). https://doi.org/10.11118/actaun201462061315
Mcclelland, D.C. Testing for Competence Rather Than for “Intelligence” (1973)
Spencer, L.M., Spencer, S.M. Competence at work : models for superior performance, Wiley (1993)
Athey, T.R., Orth, M.S.: Emerging Competency Methods for the Future,Human Resource Management, Fall 38 (1999)
Holtkamp, P., Lau, I., Pawlowski, J.M.: How software development competences change in global settings-an explorative study. J. Softw. Evol. Process 27, 50–72 (2015). https://doi.org/10.1002/smr.1701
Vazirani, N.: Competencies and competency model-a brief overview of its development and application. SIES J. Manag. 7, 121–131 (2010)
Ibrahim, I., Hasnan, N.: Development and application of competency model in manufacturing operations: an overview (2014)
Boyatzis, R.E.: Competencies in the 21st century. J. Manag. Dev. (2008). https://doi.org/10.1108/02621710810840730
Sampson, D., Fytros, D.: Competence models in technology-enhanced competence-based learning. Handb. Inf. Technol. Educ. Train. (2008). https://doi.org/10.1007/978-3-540-74155-8_9
Bogoviz, A.V., Suglobov, A.E., Maloletko, A.N., Kaurova, O.V., Lobova, S.V.: Frontier information technology and systems research in cooperative economics, Vol. 316 (2021). https://doi.org/10.1007/978-3-030-57831-2
Klendauer, R., Berkovich, M., Gelvin, R., Leimeister, J.M., Krcmar, H.: Towards a competency model for requirements analysts. Inf. Syst. J. 22, 475–503 (2012). https://doi.org/10.1111/j.1365-2575.2011.00395.x
Moustroufas, E., Stamelos, I., Angelis, L.: Competency profiling for software engineers: Literature review and a new model. In: ACM International Conference Proceeding Series, Vol. 01–03-October-2015, Association for Computing Machinery, pp. 235–240 (2015). https://doi.org/10.1145/2801948.2801960
Ying Ho, S., Frampton, K., Ying, S.: A competency model for the information technology workforce: implications for training and selection. Commun. Assoc. Inf. Syst. 27, 5 (2010)
Prifti, L., Knigge, M., Kienegger, H., Krcmar, H.: A competency model for “Industrie 4.0” Employees (2017)
Eschenbrenner, B., Nah, F.F.H.: Information systems user competency: a conceptual foundation. Com. Ass. Inf. Syst. 34, 1363–1378 (2014). https://doi.org/10.17705/1cais.03480
Tsohou, A., Holtkamp, P.: Are users competent to comply with information security policies? An analysis of professional competence models. Inf. Techn. People 31, 1047–1068 (2018). https://doi.org/10.1108/ITP-02-2017-0052
Soumelidou, A., Papaioannou, T.: An information privacy competency model for online consumers. In: Nurcan, S., Opdahl, A.L., Mouratidis, H., Tsohou, A. (eds) Research Challenges in Information Science: Information Science and the Connected World. RCIS 2023. Lecture Notes in Business Information Processing, vol 476. Springer, Cham. (2023). https://doi.org/10.1007/978-3-031-33080-3_42
Soumelidou, A., Tsohou, A.: Towards an information privacy competency model for the usage of mobile applications. In: 38TH International Conference on ICT Systems Security And Privacy Protection IFIP, Poznan Poland. Accepted (2023)
Lauricella, A.R., Herdzina, J., Robb, M.: Early childhood educators’ teaching of digital citizenship competencies. Comput. Educ. (2020). https://doi.org/10.1016/j.compedu.2020.103989
James, C., Weinstein, E., Mendoza, K.: Teaching digital citizens’in today's world: research and insights behind the Common Sense K–12 Digital Citizenship Curriculum. (Version 2). San Francisco, CA: Common Sense Media (2021)
Desimpelaere, L., Hudders, L., Van de Sompel, D.: Knowledge as a strategy for privacy protection: how a privacy literacy training affects children’s online disclosure behavior. Comput. Hum. Behav. (2020). https://doi.org/10.1016/j.chb.2020.106382
Schueller, S.M., Armstrong, C.M., Neary, M., Ciulla, R.P.: An introduction to core competencies for the use of mobile apps in cognitive and behavioral practice. Cogn. Behav. Pract. 29, 69–80 (2022). https://doi.org/10.1016/j.cbpra.2020.11.002
Cham, K., Edwards, M.-L., Kruesi, L., Celeste, T., Hennessey, T.: Digital preferences and perceptions of students in health professional courses at a leading Australian university: a baseline for improving digital skills and competencies in health graduates. Austr. J. Educ. Tech. (2021). https://doi.org/10.14742/ajet.6622
Moll, R., Pieschl, S., Bromme, R.: Competent or clueless? Users’ knowledge and misconceptions about their online privacy management. Comp. Hum. Behav. 41, 212–219 (2014). https://doi.org/10.1016/j.chb.2014.09.033
Beecham, S., Hall, T., Britton, C., Cottee, M., Rainer, A.: Using an expert panel to validate a requirements process improvement model. J. Syst. Soft (2005). https://doi.org/10.1016/j.jss.2004.06.004
Funding
Open access funding provided by HEAL-Link Greece.
Author information
Authors and Affiliations
Contributions
A.S. and A.T. contributed equally to the conception, design, and execution of this study. They collaborated closely throughout the research process, including data collection, analysis, and interpretation. Additionally, both authors were actively involved in drafting and revising the manuscript, providing critical intellectual input, and finalizing the content for publication.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no competing interests.
Consent Informed
The current study involves human participants and informed consent was obtained.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
See Table 8.
Open-ended questions
-
Please provide your general impression of IPCM for online consumers.
-
Please provide your general impression of IPCM for users of mobile apps.
-
Please note any deficiencies of the IPCM.
-
Is there another type of competency model that would be more appropriate that the Iceberg model?
-
Would you be available for a brief discussion on the proposed models?
Appendix 2: Revised version of IPCM for online consumers
For the revised indicative pre-purchase privacy competencies for online consumers, see Table 6, whereas for the revised indicative purchase privacy competencies, see Table 9 and for revised indicative post-purchase privacy competencies, see Table 10.
Appendix 3: Revised version of IPCM for mobile-apps
See Tables
11,
12 and
13.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Soumelidou, A., Tsohou, A. Validation and extension of two domain-specific information privacy competency models. Int. J. Inf. Secur. 23, 2437–2455 (2024). https://doi.org/10.1007/s10207-024-00843-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-024-00843-x