Search results

The purpose of this paper is to examine the challenges that arise when introducing an electronic identification (eID) card for professional use in a health-care setting.

This is a case study of an eID implementation project in healthcare. Data were collected through interviews with key actors in a project team and with eID end users. The authors viewed the eID card as a boundary object intersecting social worlds. For this analysis, the authors combined this with an electronic government initiative challenge framework.

The findings of this paper illustrate the interpretative flexibility of eID cards and how eID cards as boundary objects intersect social worlds. The main challenges of implementing and using eID cards in healthcare are usability, user behaviour and privacy. However, the way in which these challenges are interpreted varies between different social worlds.

One of the implications for future practice is to increase our understanding of the eID card as a socio-technical artefact, where the social and technical is intertwined, at the same time as the eID card affects the social as well as the technical. By using a socio-technical perspective, it is possible to minimise the potential problems related to the implementation and use of eID.

Previous research has highlighted the need for more empirical research on identity management. The authors contextualise and analyse the implementation and use of eID cards within healthcare. By viewing the eID card as a boundary object, the authors have unveiled its interpretative flexibility and how it is translated across different social worlds.

In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.

By using value-focused thinking, eliciting values from interviews of three groups of health-care staff’s objective hierarchies for three stakeholder groups are identified and defined. Objective hierarchies allow comparison across multiple stakeholder groups such that strategic objectives for identity management can be compared and contrasted.

This qualitative investigation, which used value-focused thinking, revealed 94 subobjectives, grouped into 12 fundamental and 14 means objectives, which are essential for developing measures that address potential value conflicts in a health-care organization around electronic identity management. The objectives developed in this study are grounded socioorganizationally and provide a way forward in developing measures aimed to reducing potential conflicts at a policy level.

In a final synthesis, congruence (or lack thereof) in the electronic identity management approach for a Swedish health organization is suggested. This also creates a foundation to evaluate and weight different objectives for strategic decision management.

Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.

This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality.

The paper argues that management of information security and design of countermeasures should be based on an understanding of users' rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees' non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees' rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance.

This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear.

The purpose of this paper is to analyze the values of IT in elderly care.

The paper is an empirical investigation based on four in‐depth case studies concerning IT in elderly care. The study draws on Actor‐Network Theory (ANT) and Social Construction of Technology (SCOT) with a focus on different actor groups' sense‐making regarding the role of IT in elderly care. The empirical analysis is, however, influenced by Grounded Theory (GT). Values are studied through the concept of “value areas”, which is a categorization of various actor groups' anticipated and experienced effects of developing, implementing, and using IT in elderly care.

The paper finds that the values of IT in elderly care can be organized in four related value areas: administration values, integration values, care values, and professional values. Research limitations/implications – Although the findings in this paper are related to elderly care it is believed that the value areas could be valid for all kinds of care work. Practical implications – The paper illustrates how different values are present during the development of IT, and discusses the importance of not only including, but also permitting, various actor groups' interests and values to influence the design process.

This paper examines the value of IT in elderly care, as well as presenting an approach for analyzing the values of IT. The paper and its findings should be valid for researchers, as well as for practitioners.

The purpose of the paper is to reveal how identities are constructed when electronic identification (eIDs) cards are introduced through information systems in public organisations.

Through two case studies, the authors generate rich data on the construction of identities through use of eID within public organisations. The author’s analysis, based on actor network theory, focusses on the translation of eIDs in these two settings.

ID can be viewed as an artefact where the public and private spheres meet. The authors found at least three mixed roles in employees’ use of eID: as a purely private person; as a private person in the work place; and as a professional in the work place.

There is a need for further research on how eID is translated into organisational contexts and how institutional settings define the openings for local translation processes. However, the results are based on two small cases, meaning that broad generalisations are difficult to make.

EID is so much more than technology. The technical framing of the identification system appears to be subordinated to organisational arrangements and cultures, making it important to apply a socio-technical perspective when working with eID.

The empirical cases have offered a unique chance to study implementation and use of eID in two very different public service organisations. The findings illustrate how eID translated into organisational contexts, and how identity management within an organisational setting is linked to the employees’ private and professional roles.

The aim of this paper is to describe a local government effort to realise an open government agenda. This is done using a storytelling approach.

The empirical data are based on a case study. The authors participated in, as well as followed, the process of realising an open government agenda on a local level, where citizens were invited to use open public data as the basis for developing apps and external Web solutions. Based on an interpretative tradition, they chose storytelling as a way to scrutinise the competition process. In this paper, they present a story about the competition process using the story elements put forward by Kendall and Kendall (2012).

The research builds on existing research by proposing the myth that the “public” wants to make use of open data. The authors provide empirical insights into the challenge of gaining benefits from open public data. In particular, they illustrate the difficulties in getting citizens interested in using open public data. Their case shows that people seem to like the idea of open public data, but do not necessarily participate actively in the data reuse process.

The results are based on one empirical study. Further research is, therefore, needed. The authors would especially welcome more studies that focus on citizens’ interest and willingness to reuse open public data.

This study illustrates the difficulties of promoting the reuse of open public data. Public organisations that want to pursue an open government agenda can use these findings as empirical insights.

This paper answers the call for more empirical studies on public open data. Furthermore, it problematises the “myth” of public interest in the reuse of open public data.

This paper aims to present empirical results exemplifying challenges related to information security faced by small and medium enterprises (SMEs). It uses guidelines based on work system theory (WST) to frame the results, thereby illustrating why the mere existence of corporate security policies or general security training often is insufficient for establishing and maintaining information security.

This research was designed to produce a better appreciation and understanding of potential issues or gaps in security practices in SMEs. The research team interviewed 187 employees of 39 SMEs in the UK. All of those employees had access to sensitive information. Gathering information through interviews (instead of formal security documentation) made it possible to assess security practices from employees’ point of view.

Corporate policies that highlight information security are often disconnected from actual work practices and routines and often do not receive high priority in everyday work practices. A vast majority of the interviewed employees are not involved in risk assessment or in the development of security practices. Security practices remain an illusory activity in their real-world contexts.

This paper focuses only on closed-ended questions related to the following topics: awareness of existing security policy; information security practices and management and information security involvement.

The empirical findings show that corporate information security policies in SMEs often are insufficient for maintaining security unless those policies are integrated with visible and recognized work practices in work systems that use or produce sensitive information. The interpretation based on WST provides guidelines for enhancing information system security.

Beyond merely reporting empirical results, this research uses WST to interpret the results in a way that has direct implications for practitioners and for researchers.