The privacy paradox: organisational data utilisation versus individual privacy

Abstract

This qualitative research explores the privacy paradox at the organisational level, specifically investigating the discrepancy between high privacy concerns and low protective behaviour. The study focuses on organisations in South Africa's post-Protection of Personal Information Act (POPIA) corporate landscape and examines the role of Human Resource Management (HRM) practices in managing this challenge. Drawing on Paradox Theory, the study utilises an interpretivist approach, collecting rich data through in-depth, semi-structured interviews with data privacy experts and senior managers. The findings reveal that while organisations implement structured HRM programs, such as Privacy Impact Assessments and continuous employee sensitisation, these efforts are vulnerable to persistent behavioural, ethical, and technological gaps. The core conclusion of the study is that true privacy protection in organisations emerges from a culture of accountability, rather than mere compliance. This implies that effective governance requires a holistic approach integrating law, technology, and human behaviour. The study provides empirical grounding for the emerging in the Organisational Privacy Culture and Climate (OPCC) framework. The study's findings have significant implications for organisations seeking to promote data privacy and security. By fostering a culture of accountability and implementing effective HRM practices, organisations can better protect sensitive information and build trust with customers. The research also highlights the importance of considering the organisational level when examining the privacy paradox, as this perspective can provide valuable insights into the complex dynamics of data privacy and security.