Article Preview
TopIntroduction
Personal information or personal data is the heartbeat or the basis for online transaction processing. In other words, the disclosure of personal information is the bedrock upon which electronic activities, over the Internet, flourishes. Personal information includes personal identifiable information, personal financial information, and personal healthcare information. Some personal information can be classified as sensitive or confidential. The personal information and online transaction relationship is such that an online user would always be required to provide some sort of personal data in any human-internet interaction for proper identification, authentication, payment, and for ensuring the completeness of the transaction, whether the transaction is for goods or for services. Completeness of a transaction involves all activities from the initiation of a transaction to the receipt of the goods or services.
The numbers of online transactions are on the rise because the number of users of internet capable devices and the number of organizations with online presence have increased dramatically in the U.S., and around the world (Offor, 2016). Therefore, the need for organizations to obtain, store, and use or deploy their online users’ personal information in electronic commerce or business (e-commerce or e-business), electronic government (e-government), electronic healthcare (e-healthcare), electronic marketplace (e-marketplace), online banking, and the like has grown exponentially.
Sadly, the same personal information has also become the main target of cybersecurity incidents and attacks, from malicious and non-malicious attackers, because of the central role it plays in advancing online transactions. The largest exposures of data breaches, around the world, have occurred in the last couple of years. Among them are (1) the 3.0 million records exposed at Yahoo in 2016, (2) the 2.0 billion records at DU Caller Group, in China, in 2017, (3) the 1.3 billion records at River City Media, in the U.S., in 2017, (4) the 1.2 billion records at NetEase Incorporated (dba 163.com), in China, in 2017, (5) the 1.1 billion records at Aadhaar database, in India, in 2018, and (6) the 711 million records from a misconfigure spambot database, in the Netherlands, in 2017 (Risk Based Security Report, 2018). Furthermore, the average cost of each lost or stolen record that has sensitive or confidential information was $141 in 2016 and the average total cost of data breach was $3.62 million in the same year, according to the 2017 Cost of Data Breach study, which involved 419 companies in 13 countries (Ponemon Institute Report, 2017). Henceforth, while the costs associated with cybersecurity attacks and the possibility of loss of revenue from negative media coverage inform organizations’ cybersecurity concerns, the lack of control of personal information informs online users’ concerns. Meanwhile, the costs of data breaches increased by 6.4% in the 2017 and the cost of each stolen record rose to $148 (Ponemon Institute Report, 2018).