Data Breaches and the Trust Gap: Impact on Businesses and Market Competitiveness

Project Title
Data Breaches and the Trust Gap: Impact on Businesses and Market Competitiveness

Principle Investigator and Contact Person
Prof. Dr. Yasemin Acar, Paderborn University, Department of Computer Science

Student Researchers
Daniyal Nawaz, Zubair Dar, Muhammad Asif

Purpose of this Study : To understand how consumer perceptions and responses to data breaches

Project Description:
We aim to gain insights into the root causes of data breaches, understand the impact of data breaches on customer trust that can be critical since the loss of trust can lead to decreased customer loyalty, reputation damage and ultimately financial losses and develop effective strategies to mitigate the risks of data breaches.

Procedure:
We are conducting research to investigate the causes of data breaches and their impact on users.
After defining the research objectives and clearly outlining the specific objectives of the research, including to identify common causes of data breaches and understand their impact on organizational operations, we created a survey covering various aspects of data breaches and their impact.
To obtain consent, participants are asked to sign a carefully crafted consent form to protect their privacy and examine the frequency, type and severity of data breaches among participants. Participants will be asked to provide details of known potential causes or vulnerabilities that contributed to the breach. The determined audience includes respondent from different demographics or specific areas of interest. Then we'll Forward the link to the survey to the intended recipients and to ensure anonymity and encourage participation, each participant will receive a Lime survey link to complete the survey. We'll conduct a pilot test with a small, similar group of people before surveying your target audience. This will help us to ensure the clarity and validity of your survey questions and identify any necessary corrections. sufficient time will be given to selected participants to respond.
Once data collection is complete, we'll analyze the survey responses using appropriate statistical techniques.
In order to identify trends, patterns, and correlations in the data to gain insight into the causes of data breaches and their impact on your organization, we will considering using statistical software for data analysis.
After analysis, the findings will interpreted in light of the
research objectives.
Results will be summarized by highlighting key insights and recommendations will be based on the findings.
Finally, we'll produce a detailed report containing the overview, methodology, results and conclusions. While conducting research involving human subjects, we'll ensure to maintain the confidentiality and anonymity of participant responses and ensure that relevant ethical guidelines are adhered to.
Only aggregated data and pseudonymized citations are published.

You can participate if:

• You are over 18 years’ old

• Has an E-Mail Address

• Currently residing in India and Pakistan

Estimated duration:

It will take around 15 minutes to complete the survey. Participation in the survey is voluntary and you are free to leave the survey at any time.

Duration of this Study:
The duration of out study will be around 2-3 weeks

Compensation
There is no monetary compensation for participation in this study.

Risks & Benefits

Risks:
We will do the following to reduce the risk
• Respondent privacy and confidentiality should be prioritized in the survey design and data collection process.
• Communicate to make it clear to participants that no personal or confidential information will be shared.
• Obtain informed consent from survey respondents and clearly explain the purpose of the survey, the use of the responses, and the potential risks and benefits of taking the survey.
• Allow respondents to opt in or out of surveys at any time.
• Implement appropriate security measures to protect data collected during investigations. This includes using a secure survey platform like Lime Survey to collect responses and store data securely.
• We won't collect demographic information that could be used to identify individual participants.
• We avoid collecting unnecessary personal data and use aggregation techniques to minimize the risk of re-identification.
• We will handle data with care and limit access to only authorized individuals involved in the research process.
• When reporting survey results, we will aggregate data to show trends and patterns rather than revealing specific responses from individual respondents. This will further protects the anonymity of participants and prevents possible negative consequences.

Benefits:
• We will be able to collect information directly from users who have experienced a data breach. This helps us identify specific vulnerabilities, weaknesses in security measures, and human errors that lead to breaches. By understanding the root cause, we can take targeted actions to reduce risk and strengthen your security posture.
• It will provide quantitative and qualitative insights to enable a comprehensive understanding of the causes and impacts of data breaches. Quantitative data allows for statistical analysis and the identification of trends and patterns, while qualitative data captures detailed user descriptions, experiences and opinions. This combination helps us paint a more comprehensive picture of the problem at hand.
• The transparency in engagement helps us restore and reinforce user trust as they feel their concerns are being heard and taken seriously. Increased trust will strengthens customer relationships and increases loyalty.
• Our results will provide valuable insight into the development of policy and regulatory frameworks related to data breach prevention and mitigation. This could potentially be considered to identify common problems, gaps in security practices, or areas where regulatory intervention is needed to protect users and encourage better privacy practices.

Confidentiality: 

To ensure data confidentiality:
• We won't collect personally identifiable information or sensitive data from research participants. In this way, we protect the privacy of respondents and ensure that individual responses are not assigned to a specific person.
• We conduct surveys using secure channels and use secure methods when collecting survey responses to prevent unauthorized access or interception.
• Securely store survey data and responses using an online survey platform such as Lime Survey.
• Restrict access to survey data to only specific authorized individuals who need to process or analyze the data.
• Colleagues involved in data analysis would be asked to agree to confidentiality protocols. These agreements ensure our responsibility to maintain data confidentiality and prevent unauthorized disclosure.
• Survey results are presented in an aggregated and anonymized format to avoid revealing individual responses. It focuses on general trends, patterns, and general insights rather than presenting specific answers that might identify participants.
• Data will be retained for as long as necessary to achieve research goals and comply with applicable legal or ethical requirements. After the desired goal is achieved, the data will be safely destroyed so that it cannot be recovered or retrieved.
• We will comply with ethical guidelines and regulations regarding research and data protection. This includes obtaining informed consent from participants, informing them of applicable confidentiality measures, and addressing potential risks associated with data collection.

Note:

Some tips to prevent from data breaches-

• Limit access to your most valuable data.

• Update software regularly.

• Strictly limit privileged access.

• Implement proper password policies.

• Go through security training at least once.

Subjects’ Rights

Your participation is voluntary.

You may terminate your participation at any time by leaving the study environment or notifying the investigator. Partial results may be stored de-identified. You may withdraw your consent to the use of your personal data at any time by emailing at daniyal@mail.upb.de Or send an email to humanfactors@lists.upb.de. Please note that while we will delete all personal data at your request, once we have de-identified the data and can no longer associate it with your request, it may still be used for our research.

Future use of research data

To maximize the benefits of your participation in this project, by further contributing to science and our community, your de-identified information may be stored for future research. Research data at Paderborn University are typically stored for 10 years in order to be available for questions and concerns with the research.

Contact
For additional questions about this research, you may contact Daniyal Nawaz, Zubair Dar, Muhammad Asif

By clicking NEXT on this consent form, I am affirming that

• I am age 18 or older.
• I am comfortable using the English language to participate in this study.
• I meet the requirements to participate in this study.
• I have read and understood the above information. All of the questions that I had about this research have been answered.
• I have chosen to participate in and continue this study with the understanding that I may stop participating at any time without penalty or loss of benefits to which I am otherwise entitled.
• I am aware that I may revoke my consent at any time.
• I hereby consent (Art. 6 para. 1 lit. a GDPR) that my submitted personal data may be stored and processed. I have read the privacy policy for the form. I am aware of the right of withdrawal.

Data Handling Information:

The survey is anonymous.

The information collected in this study is used only for research purposes. Your no personal information will be saved. Even the email address that you will provide will not be saved with us or by Firefox Monitor website.
Your survey responses will not be associated with any of your personally identified information. We will only be able to create generalized statistics from the survey responses. The collection
of socio-demographic data such as gender, age etc. is carried out solely for the purpose of evaluating the statements group heterogeneously. No attempt will be made based on the information you have provided to draw conclusions about specific persons. The evaluation results will be published in an anonymous form (in tables and / or graphics), so that it is not possible to draw conclusions about individuals.
In accordance with Art. 4 para. 1 of the “Datenschutz-Grundverordnung” (DS-GVO, General Data Protection Regulation), personal data describe all kind of information which relate to an identified or identifiable natural person. A natural person is considered as being identifiable, directly or indirectly, as soon as this natural person can be identified by means of in particular an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity.

Ask Questions and Contact Information: You can contact any member of our group-

Daniyal Nawaz (daniyal@mail.uni-paderborn.de)

Muhammad Asif (masif@mail.uni-paderborn.de)

Zubair Dar (Zzd@mail.uni-paderborn.de) 

Voluntary Consent:

By moving to the next page, you agree to participate in this study. Make sure you have answered all of your questions about the study and that you understand what you are being asked to do.

This survey is anonymous.

The record of your survey responses does not contain any identifying information about you, unless a specific survey question explicitly asked for it.

If you used an identifying token to access this survey, please rest assured that this token will not be stored together with your responses. It is managed in a separate database and will only be updated to indicate whether you did (or did not) complete this survey. There is no way of matching identification tokens with survey responses.

STATEMENT BY PERSON AGREEING BY CLICKING NEXT TO PARTICIPATE IN THIS STUDY

I am over 18 years old, I have read this informed consent document and the material contained in it has been explained to me. I understand each part of the document, all my questions have been answered, and I freely and voluntarily choose to participate in this study. I can choose to withdraw from this research project at any time without penalty.