A Conceptual Framework for Consumer IS Compliance Awareness: South African Government Context

The requirement for consumers to divulge personal data to obtain basic products/services from organizations, is becoming the norm. It has, to a large extent, benefitted consumers as it enabled organizations to profile their customers to provide them with relevant products/services and an improved shopping experience. Nevertheless, although profiling driven by big data, offers endless lists of opportunities/value through improved customer experience, it is also accompanied by many risks of which consumers are not always aware. In South Africa (SA), being a developing country, it became clear that there is a divide between the level of trust consumers extend towards organizations they transact/share personal data with and the extent to which that trust is warranted by organizational Information Security (IS) compliance efforts. Human factors significantly influence IS behaviour. Trust is a crucial human factor as it influences IS behaviour. Awareness is a powerful element that can in turn influence trust and IS behaviour. There is currently a definite lack of IS compliance awareness amongst consumers and a disregard of the cost/value benefit of IS compliance from an organizational perspective. The failure of realizing/addressing these issues in previous data protection frameworks emerged as key lessons. There is currently no government-led/sponsored IS compliance awareness and training initiatives in SA. The primary research objective of this paper is to propose a Consumer Data Protection Framework to assist the South African Government with creating IS compliance awareness amongst consumers. This Framework will be developed based on key building blocks derived from literature.