Abstract
Risk abounds as individuals engage in activities involving the sharing of sensitive information through a third-party cloud storage tool. In this research, we investigate the storage and sharing of very sensitive information (an individual’s tax filing information) through a specific third-party technology provider, Google Drive. Within the specifics of such a potentially risky act we argue that information assurance mechanisms implemented by the cloud storage service provider reduce risk perceptions of individuals even when very sensitive information is being shared. Previous positive experience with a cloud service is likely to mitigate concerns on information sharing on the cloud. To elaborate this proposed relationship a research model of information assurance is proposed and tested in the context of tax filing sharing intention.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
More and more organizations and people today are using cloud storage services for the centralized storage of their financial information. While participants enjoy the service’s convenience and ease of use, the sharing of sensitive financial information on the cloud has raised many concerns regarding the safety of the information shared. Such concerns might be even more serious when these services are a mandatory part of how modern financial services conduct business [1]. To take an example, the Equifax security breach of summer 2017 has shown that there are considerable risks with utilizing the cloud from both a consumer and business model perspective [2].
One financial action requiring an individual to share sensitive information is their annual tax filing [3]. This action is required by law and a majority of individuals have to share their information with a third party as part of this process [4]. Given the prevalence of data breaches and their severe consequence, do individuals feel that this traditional act is risky? Do assurance mechanisms of a trusted third party (e.g., Google Drive) reduce these risk perceptions and influence the intention to share? Drawing on past literature on information assurance and risk the authors propose a research model of continuance intention in this setting. To empirically validate this proposed model of risky behavior a survey instrument will be developed and tested.
2 Financial Services and Tax Filing
The financial systems of a nation play a pivotal role in the proper functioning of modern economies [1]. While running smoothly they can contribute to the nurturing of economic growth [5]. In contrast, failures within the financial system, as have been crystallized by the recent financial crisis, can be devastating for the economy. Proper execution requires an orchestration framework of highly interconnected economic agents and services connected through government regulation [6]. One of these required integrations is for tax filings between governments and individuals in the United States of America. This annual filing requirement is often processed through a key financial service: tax preparation companies.
The tax filing process has come a long way from the paper-based system used for decades. In the past, tax preparation companies collected clients’ information in paper form and mailed the tax forms to Internal Revenue Service Department. Now tax preparation companies provide the service for individuals to submit their forms and be paid in short order through the use of the Internet and cloud services [7]. With the advancement of the Internet, the cloud storage services enable individuals to store their information in the cloud and instantaneously on-demand share information with tax preparation companies. By using the cloud storage services, tax preparation companies do not need to store their client’s information in their computer system. As a result, the security and privacy issues regarding using cloud services become the major concerns for the users [8].
Given the mandatory nature of tax filing and the encouraged use of these third-party tax filing service, the access provided to sensitive information should not be overlooked. By requiring this annual activity, the government is in effect encouraging a significant risk-taking behavior [9]. The storage of this information and its transmission cannot be guaranteed to be risk-free similar to other kinds of trusting behaviors [10, 11]. The nature of the internet leaves it vulnerable to a number of privacy and security attacks [12]. It is the nature of these limitations which inhibit the adoption of this process for tax filing.
This proposed study seeks to look at how participants perceive this risk-taking behavior through a well-known third-party cloud provider, Google Drive. The study seeks to understand how tax filers in a country perceive this risk and their likelihood to engage in the behavior.
3 Proposed Model of Sharing Intention
The proposed model of risk in cloud storage sharing shown in Fig. 1 below. Prior studies on online sharing suggest that the intention to share is influenced by the information assurance mechanisms of the third party, the individual’s perception of risk in the behavior, and the benefit of using the service [13,14,15]. The factors driving the intention of these participants to perform this act with a specific service will change based on the users’ perceptions of the provider’s authenticity and ability to protect their data. The proposed study will look at Google Drive storage and how Google Drive builds technological and institutional assurance of competence in the ability to be used for this service.
Proposed model of risk in cloud storage sharing of tax documents.
3.1 Continuance Intention
The continued use of a cloud service provider will be based on the perception of benefits to the use of the service relative to the risk of undertaking the action. When a user feels the benefits outweigh the risks then the actions are continued [16]. This might be influenced by the history of the individual having any issues with sharing sensitive information in the past. It is also possible the fact that the sharing behavior is mandatory and regulated might mean the participants feel the use of sharing is not that large of a risk. At the same time, some individuals might have become immune to the threat of data breaches due to their prevalence over the last few years. The third-party provider of the sharing service can also influence the risk perception through many trust-building mechanisms [17]. Google Drive has a strong incentive to be assured users come back and use the service repeatedly like other technology providers [18].
3.2 Information Assurance
Prior studies suggest that information assurance mechanisms, such as privacy-preserving technologies [19] and institutional policies [20] may enhance user perceptions of control and decrease the perception of risk. Following previous literature [21, 22] this study looks at two broad categories of information assurance: technology-based assurance and institution-based assurance. The use of certain technologies such as encryption and using current versions of software are some of the ways a cloud service provider can show it is providing technology-based assurance [23]. At the institutional level, we see actions done by a firm to assure users their data is being protected and continued use of a company’s service is warranted [24].
A number of technology-based assurance mechanisms can enhance a person’s willingness to use a particular technology service [25]. Data storage and transmission safeguards and the ability to manage data being collected and shared enhance the ability of the user to share information [26]. This might include third-party certifications and a prominent security policy displayed for the user [27]. The technologies provide safeguards to my personal information which is being shared in this context (i.e. tax filing). In general, these privacy enhancing technologies (PET) add to a sense of empowerment to the user of these services [28]. The ability of Google Drive to set up a robust technological environment will enhance the ability of a participant to share personal information.
The organizations providing the cloud storage services can also provide a number of assurance mechanisms such as privacy policies and joining in industry self-regulation associations to reduce risk concerns [29]. By engaging in these actions, the cloud storage provider demonstrates their commitment to privacy and the protection of data stored on their service. The reputation of the cloud storage provider can also enhance trust [30]. Those providers with a better reputation would not want to lose this status and as such would actively protect data it stores [31]. In this sense, there is a business need for Google Drive to protect personal information from getting into the wrong hands. A failure to do will result in lost business and revenue.
In the proposed model, we formulate that information assurance is a second-order factor derived from technology- and institution-based factors. The combination of these two factors together is seen as a more comprehensive framework of information assurance from the perspective of the service user. In the context of this study, this includes a participant’s perspective of Google’s technology and of Google as a company. Both of these perspectives are expected to create a sense of a person’s information assurance related to using Google Drive.
-
Hypothesis 1a: Information assurance is positively associated with perceived benefits of cloud sharing of tax documents.
-
Hypothesis 1b: Information assurance is negatively associated with perceived risk perception in cloud sharing of tax documents.
3.3 Perceived Risk and Benefits
Due to the considerable economic and usage-based benefits cloud-based file sharing technologies provide; more and more users are considering the use of these services. The associated economies of scale, on-demand continuous availability, flexibility and agility benefits has made cloud services an indispensable tool for users across many aspects of their computing activities [32]. For many cloud service clients, the perceived economic benefits are based on the fact that economies of scale of delivering computing from a centralized, shared infrastructure are often significantly lower than those incurred when compared to providing and supporting one’s own computing infrastructure. With the growing dependence on mobility and need for on-demand access, utilization of cloud-based services is the access method needed for flexible on-demand file access. However, cloud service clients cannot only consider the benefits without evaluating the risks involved. In order to ensure the adoption of cloud services, several perceived risks centered around security, privacy, trust, performance and other quality attributes need to be considered [32]. The inherent flexibility involved with cloud services has left these services vulnerable to potential malicious intrusion and security risks. Cloud services are subject to continuous attacks by adversaries and malicious intruders’ intent on exploiting critical databases and the theft of intellectual property (IP) and other resources [33]. Thus, consideration of both the benefits and risks involved in the adoption decision are needed.
The evaluation and management of perceived risks and benefits between clients and vendors are often noted to be significant in the use and ultimate success of sourcing relationships [34]. In this research, we consider the utilization of a cloud-based file service as an example of a client/vendor relationship. The client must make an evaluation of the perceived risks involved in the utilization of the cloud-based service. Clients must determine if the perceived benefits outweigh the perceived risks. Perceived risk is the product of the probability of an undesirable outcome and the loss due to the undesirable outcome [35]. The perceived risks of using a cloud service vendor revolve around security and privacy as noted above. In many cases, it may be difficult for the cloud services client to effectively check the data handling practices of the cloud vendor and thus to be sure that the data is handled in a secure and lawful way [36]. Consequently, the client must make a determination if the use of a cloud-based service to share tax information is more or less risky than other non-cloud based sharing options. As a result, we hypothesize the following:
-
Hypothesis 2: Perceived benefit is positively associated with intention to use cloud sharing of tax documents.
-
Hypothesis 3: Perceived risk perception is negatively associated with intention to use cloud sharing of tax documents.
3.4 Previous Positive Experience with Cloud Service
Previous positive experience refers to the overall satisfaction and quality of previous experience with the service. Prior experience is an important cognitive factor that affects users’ perceptions of the cloud service as well as the intention to use it. Studies have shown that previous positive experience helps to build the trust of users with an online service provider and increases the use of the service [e.g., 27, 37]. Pires et al. [38] found that prior positive experience is negatively associated with the perceived risk of online purchase. In the setting of a cloud service, a user who has a prior positive experience is more likely to have favorable trusting beliefs on the cloud service, thus alleviating the concern on the potential risks associated with confidential information disclosure. Overall satisfaction with prior cloud service experience strengthens users’ intention to use the service. Therefore, the following hypotheses are proposed:
-
Hypothesis 4: Previous positive experience with cloud service is negatively associated with perceived risk.
-
Hypothesis 5: Previous positive experience with cloud service is positively associated with the intention to use cloud sharing of tax documents.
3.5 Controls
A number of individual differences are expected to influence the intention to engage in this potentially risky behavior. These include privacy awareness, disposition to value privacy [29], disposition to trust [39], and disposition to engage in risk behaviors [40], and demographic differences [24]. Including these measures will provide a clear sense of who would be more likely to engage in this behavior of confidential information disclosure. In the suggested research model, we control for these factors in order to rule out alternative explanations of the proposed theoretical relationships.
4 Method (Proposed)
A survey will be conducted to evaluate the perception of Google Drive as an appropriate way to share tax information with a third-party tax preparation company. Since every citizen is required to file taxes and most users are familiar with Google Drive we should have a large pool of respondents to sample. The specific focus will be on sharing a specific item (latest tax filings) into a cloud storage location to facilitate a service exchange with a tax preparing agency.
The subjects are expected to be US residents who are filing personal income tax. MBA and undergraduate students will be used for the data sample collection process as they meet the criteria for a valid user of Google Drive and an obligation to file taxes each year. The respondents will be asked to respond relating to the current filing year for their income earned in the last calendar year.
Data will be analyzed by using partial least squares structural equation modeling (PLS-SEM) as the PLS-SEM can easily analyze a research model containing formative items [e.g., 41] and non-normal variables [42, 43]. Information assurance will be modeled as a formative second-order construct.
5 Expected Contribution and Discussion
This study has the potential to validate how tax filers in the US view potential data security concerns when using a cloud based service. Of course, not all tax filers will see issues with the sharing of sensitive data via the cloud. Some might not see any risk due to a lack of assets (students for example) while others may have already been a victim of data theft and thus are more vigilant. Understanding how customers approach the problem and antecedents of their intention to adopt the cloud storage service will provide guidance for Google Drive to find innovative ways to mitigate the potential information sharing risk.
The provider of a data share between the two parties, such as Google Drive, has a number of approaches to safeguard data as they are stored and shared. There is a strong incentive on the part of cloud service provider to minimize data breaches in order to maintain a market share among competitors. This proposed study will look at how a set of users perceive this set of safeguards (both technological and institutional) in this setting.
A future study might also expand on these proposed contributions and look at other types of mandatory data sharing activities through a cloud provider. One potential study might look at the sharing of education data. Education data provides an example of a common but not as critical scenario of personal information share. Another direction is to look at sharing health data through a cloud provider or online health communities [44]. Future studies are encouraged to investigate the challenges involved with sharing health data through the cloud. The popular press has a number of stories related to unauthorized disclosure or accessing of health information. Another study might look at comparing different cloud providers such as Google Drive, Amazon cloud, and Microsoft cloud to see how users evaluate the information assurance, benefits and risks involved with these popular cloud service providers.
References
Bernal, O., Gnabo, J.Y., Guilmin, G.: Assessing the contribution of banks, insurance and other financial services to systemic risk. J. Bank. Financ. 47, 270–287 (2014)
CNN 2017: Giant Equifax data breach: 143 million people could be affected. http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html. Accessed 7 Feb 2018
Chen, J.V., Jubilado, R.J.M., Capistrano, E.P.S., Yen, D.C.: Factors affecting online tax filing–an application of the IS success model and trust theory. Comput. Hum. Behav. 43, 251–262 (2015)
Venkatesh, V., Thong, J.Y., Chan, F.K., Hu, P.J.: Managing citizens’ uncertainty in E-government services: the mediating and moderating roles of transparency and trust. Inf. Syst. Res. 27(1), 87–111 (2016)
Levine, R.: Financial development and economic growth: views and agenda. J. Econ. Lit. 32(2), 668–726 (1997)
Salampasis, D., Mention, A.L., Torkkeli, M.: Open innovation and collaboration in the financial services sector: exploring the role of trust. Int. J. Bus. Innov. Res. 8(5), 466–484 (2014)
Albring, S., Robinson, D., Robinson, M.: Audit committee financial expertise, corporate governance, and the voluntary switch from auditor-provided to non-auditor-provided tax services. Adv. Account. 30(1), 81–94 (2014)
Thilakanathan, D., Chen, S., Nepal, S., Calvo, R.A.: Secure data sharing in the cloud. In: Nepal, S., Pathan, M. (eds.) Security, Privacy and Trust in Cloud Systems, pp. 45–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-38586-5_2
Guo, J.T., Harrison, S.G.: Tax policy and stability in a model with sector-specific externalities. Rev. Econ. Dyn. 4(1), 75–89 (2001)
Claybaugh, C.C., Haseman, W.D.: Understanding professional connections in LINKEDIN—A question of trust. J. Comput. Inf. Syst. 54(1), 94–105 (2013)
Claybaugh, C.C., Haried, P., Chen, L., Twyman, N.: Dueling for trust in the online fantasy sports industry: fame, fortune, and pride for the winners. In: Nah, F.F.-H., Tan, C.-H. (eds.) HCIBGO 2017. LNCS, vol. 10294, pp. 203–212. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58484-3_16
Kshetri, N.: Big data’s impact on privacy, security and consumer welfare. Telecommun. Policy 38(11), 1134–1145 (2014)
Hajli, N., Lin, X.: Exploring the security of information sharing on social networking sites: the role of perceived control of information. J. Bus. Eth. 133, 111–123 (2016)
Hu, W., Yang, T., Matthews, J.N.: The good, the bad and the ugly of consumer cloud storage. ACM SIGOPS Oper. Syst. Rev. 44(3), 110–115 (2010)
Li, H., Sarathy, R., Xu, H.: Understanding situational online information disclosure as a privacy calculus. J. Comput. Inf. Syst. 51(1), 62–71 (2010)
Yang, H.L., Lin, S.L.: User continuance intention to use cloud storage service. Comput. Hum. Behav. 52, 219–232 (2015)
Haried, P.J., Claybaugh, C.C.: Evaluating information systems offshore project success: can success and failure coexist? J. Glob. Inf. Technol. Manag. 20(1), 8–27 (2017)
Claybaugh, C.C., Srite, M.: Factors contributing to the information technology vendor-client relationship. JITTA: J. Inf. Technol. Theory Appl. 10(2), 19 (2009)
Chakraborty, R., Ramireddy, S., Raghu, T.S., Rao, H.R.: The information assurance practices of cloud computing vendors. IT Prof. 12(4), 29–37 (2010)
Sunyaev, A., Schneider, S.: Cloud services certification. Commun. ACM 56(2), 33–36 (2013)
Li, X., Hess, T.J., Valacich, J.S.: Why do we trust new technology? A study of initial trust formation with organizational information systems. J. Strateg. Inf. Syst. 17(1), 39–71 (2008)
Hsu, M.H., Chang, C.M., Chu, K.K., Lee, Y.J.: Determinants of repurchase intention in online group-buying: the perspectives of DeLone & McLean IS success model and trust. Comput. Hum. Behav. 36, 234–245 (2014)
Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 735–737. ACM (2010)
Smith, H.J., Dinev, T., Xu, H.: Information privacy research: an interdisciplinary review. MIS Q. 35(4), 989–1016 (2011)
Boritz, J.E., No, W.G.: E-commerce and privacy: exploring what we know and opportunities for future discovery. J. Inf. Syst. 25(2), 11–45 (2011)
Chandra, S., Srivastava, S.C., Theng, Y.L.: Evaluating the role of trust in consumer adoption of mobile payment systems: an empirical analysis. Commun. Assoc. Inf. Syst. 27(1), 561–588 (2010)
Bansal, G., Zahedi, F.M., Gefen, D.: The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis. Support Syst. 49(2), 138–150 (2010)
Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)
Xu, H., Dinev, T., Smith, J., Hart, P.: Information privacy concerns: linking individual perceptions with institutional privacy assurances. J. Assoc. Inf. Syst. 12(12), 798 (2011)
Dillon, T., Wu, C., Chang, E.: Cloud computing: issues and challenges. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications, AINA, pp. 27–33 (2010)
Claybaugh, C.C., Ramamurthy, K., Haseman, W.D.: Assimilation of enterprise technology upgrades: a factor-based study. Enterp. Inf. Syst. 11(2), 250–283 (2017)
Chun, S., Choi, B.: Service modes and pricing schemes for cloud computing. Clust. Comput. 17, 529–535 (2014)
Haimes, Y., Horowitz, B.M., Guo, Z., Andrijicic, E., Bogdanor, J.: Assessing systemic risk to cloud-computing technology as complex interconnected systems of systems. Syst. Eng. 18(3), 284–299 (2015)
Kern, T., Willcocks, L.: Exploring information technology outsourcing relationship: theory and practice. J. Strateg. Inf. Syst. 9, 321–350 (2000)
Aubert, B.A., Patry, M., Rivard, S.: A framework for information technology outsourcing risk management. Database Adv. Inf. Syst. 36(4), 9–28 (2005)
ENISA (European Network and Information Security Agency) Cloud Computing: Benefits, risks and recommendations for information security. http://www.enisa.europa.eu/. Accessed 7 Feb 2018
Gefen, D., Karahanna, E., Straub, D.: Trust and TAM in online shopping: an integrated model. MIS Q. 27(1), 51–90 (2003)
Pires, G., Stanton, J., Eckford, A.: Influences on the perceived risk of purchasing online. J. Consum. Behav. 4(2), 118–131 (2004)
Bélanger, F., Carter, L.: Trust and risk in e-government adoption. J. Strateg. Inf. Syst. 17(2), 165–176 (2008)
Kull, T.J., Oke, A., Dooley, K.J.: Supplier selection behavior under uncertainty: contextual and cognitive effects on risk perception and choice. Decis. Sci. 45(3), 467–505 (2014)
Chen, L.: Essays on health information technology: insights from analyses of big datasets. Dissertation, Georgia State University (2016)
Gefen, D., Rigdon, E.E., Straub, D.: An update and extension to SEM guidelines for administrative and social science research. MIS Q. 35(2), iii–xiv (2011)
Hair, J.F., Hult, G.T.M., Ringle, C., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). SAGE Publications, Incorporated, Thousand Oaks (2013)
Chen, L., Straub, D.: The impact of virtually crowdsourced social support on individual health: analyzing big datasets for underlying causalities. In: Proceedings of the 21st Americas Conference on Information Systems, Puerto Rico (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Claybaugh, C.C., Chen, L., Haried, P., Zhou, D. (2018). Risk and Information Disclosure in Google Drive Sharing of Tax Data. In: Nah, FH., Xiao, B. (eds) HCI in Business, Government, and Organizations. HCIBGO 2018. Lecture Notes in Computer Science(), vol 10923. Springer, Cham. https://doi.org/10.1007/978-3-319-91716-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-91716-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91715-3
Online ISBN: 978-3-319-91716-0
eBook Packages: Computer ScienceComputer Science (R0)