Out

([SORULQJ,QGLYLGXDO,QWHQW7RZDUGV%ORFNFKDLQ7HFKQRORJ\LQ5HVSRQVHWR7KUHDWVWR3HUVRQDO
'DWDDQG3ULYDF\

'LVVHUWDWLRQ0DQXVFULSW

6XEPLWWHGWR1RUWKFHQWUDO8QLYHUVLW\
6FKRRORI%XVLQHVVDQG7HFKQRORJ\0DQDJHPHQW
LQ3DUWLDO)XOILOOPHQWRIWKH
5HTXLUHPHQWVIRUWKH'HJUHHRI
'2&7252)3+,/2623+<

E\

&+,',(=80$1*:8

6DQ'LHJR&DOLIRUQLD
-XQH

ProQuest Number: 22616186

All rights reserved

INFORMATION TO ALL USERS
The quality of this reproduction is dependent upon the quality of the copy submitted.

In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.

ProQuest 22616186

Published by ProQuest LLC (2019 ). Copyright of the Dissertation is held by the Author.

All rights reserved.
This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.

ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
DocuSign Envelope ID: 93A7A588-A81F-44D8-8662-CD2C56B3514B
Approval Page
Exploring Individual Intent Towards Blockchain Technology in Response to Threats to Personal Data and Privacy
By
CHIDI EZUMA-NGWU
Approved by the Doctoral Committee:
DBA 08/06/2019 | 21:41:45 MST
Brian M. NAME
Dissertation Chair: INSERT Allen Degree Held Date
PhD 08/07/2019 | 08:09:01 MST
Committee Member: Robert

INSERT Davis
NAME Degree Held Date
08/07/2019 | 07:59:29 MST

DBA, MBA
INSERT
Committee Member: Marie NAME Degree Held
Bakari Date
Abstract
The purpose of this quantitative cross-sectional exploratory study was to analyze factors that
influence attitude towards blockchain applications when an individual perceives threats to their
privacy. Individual concerns about threats to personal privacy have increased due to breaches at
various organizations as well as the prevalence of spy software, location tracking, insecure
applications, viruses, trojans, and malware. The ascent of blockchain technology as a foundation
for cryptocurrencies presents opportunities for new applications that feature anonymity and data
integrity. This study is intended to fill a gap in research on individual behavior and attitude
towards blockchain technology, in response to privacy threats. Researchers have shown that a
person's perception of insecurity can evoke a protective response, although such realization did
not always predict actual behavior because salient factors also play important roles. Exploratory
factor analysis was used to determine factors influencing intent towards privacy-enhancing
technologies such as blockchain. Relying on constructs derived from published studies and a
model based on the protection motivation theory and the theory of planned behavior, participants
(n = 187) drawn from a blockchain forum on Facebook were surveyed on responses towards
perceived severity of threats, perceived vulnerability to threats, technology facilitation,
autonomy, self-efficacy and behavioral intent towards blockchain applications. The researcher
collected responses using a pre-validated questionnaire on Qualtrics with appropriate disclosures
and constraints. Results show that six factors were influential; these include threat appraisal,
technology affection, autonomy, self-efficacy, and feelings towards privacy. The data also
indicates that intent towards adopting blockchain applications for personal privacy is multi-
faceted and differs by gender in relation to threat perception and technology. These results
provide information for further confirmatory analysis and practice.
ii
Acknowledgments
I wish to thank God, my family, and the faculty at Northcentral University for making
this academic journey possible. I appreciate the loving support of my wife, Bessie, and our four
children, Chioma, Chidi Jr, Ikechi, and Akachi, who endured my mental and physical absences
during this period. I am grateful for the support and dedication provided by my dissertation
committee chair, Dr. Brian McKay Allen, as well as the encouragement and thoughtful
contributions from my dissertation committee members; Dr. Robert Davis, and Dr. Marie Bakari.
I will dedicate my overall effort to the memory of my late father, Mazi Ezuma Ngwu, and the
exceptional sacrifices of my loving mother, Florence Ngwu, who both affectionately named me
“Chidiebube.” I also acknowledge the patience and encouragement of my brothers and sister;
especially my older brothers, Nnanna and Ezuma who made impactful contributions to this
worthy aspiration. Finally, it is a blessing to complete this journey with confidence in my Lord
Jesus Christ, and the assurance that anything is possible.
iii
Table of Contents
Chapter 1: Introduction ................................................................................................................... 1

Statement of the Problem ................................................................................................................ 6
Purpose of the Study ....................................................................................................................... 7
Theoretical/Conceptual Framework ............................................................................................... 8
Nature of the Study ....................................................................................................................... 11
Research Questions ....................................................................................................................... 14
Hypotheses .................................................................................................................................... 16
Significance of the Study .............................................................................................................. 16
Definitions of Key Terms ............................................................................................................. 18
Summary ....................................................................................................................................... 22
Chapter 2: Literature Review ........................................................................................................ 25
Theoretical/Conceptual Framework ............................................................................................. 26
Research and Documentation ....................................................................................................... 28
Technology Adoption in Reaction to Privacy Threats.................................................................. 29
Exploratory Factor Analysis ......................................................................................................... 31
Privacy Threat and Response ........................................................................................................ 35
Individual Intent ............................................................................................................................ 41
Individual Relatedness .................................................................................................................. 41
Threats to Privacy ......................................................................................................................... 44
Individual Autonomy .................................................................................................................... 48
Organizational Privacy Practices .................................................................................................. 51
Ethics of Data Breaches ................................................................................................................ 53
Blockchain Technologies .............................................................................................................. 54
Cloud Technology......................................................................................................................... 61
Encryption and Obfuscation ......................................................................................................... 64
Mobile Technology Considerations .............................................................................................. 65
Summary ....................................................................................................................................... 65
Chapter 3: Research Method ......................................................................................................... 69
Research Methodology and Design .............................................................................................. 69
Population and Sample ................................................................................................................. 71
Materials/Instrumentation ............................................................................................................. 73
Operational Definitions of Variables ............................................................................................ 77
Privacy construct (PVA). ...................................................................................................... 77
Behavioral intention (BHI). .................................................................................................. 78
Autonomy (AUT).................................................................................................................. 78
Technology facilitation (TFC). ............................................................................................. 79
Self-efficacy (SEF). .............................................................................................................. 79
Perceived severity (PSE)....................................................................................................... 80
Perceived vulnerability (PSV). ............................................................................................. 80
Study Procedures .......................................................................................................................... 80
Data Collection and Analysis ....................................................................................................... 82
iv
Assumptions.................................................................................................................................. 83
Limitations .................................................................................................................................... 84
Delimitations ................................................................................................................................. 84
Ethical Assurances ........................................................................................................................ 85
Summary ....................................................................................................................................... 90
Chapter 4: Findings ....................................................................................................................... 93
Results ........................................................................................................................................... 95
Validity and Reliability of the Data ............................................................................................ 105
Research Questions and Hypotheses .................................................................................. 107
Evaluation of the Findings .......................................................................................................... 111
Summary ..................................................................................................................................... 116
Chapter 5: Implications, Recommendations, and Conclusions .................................................. 118
Implications ................................................................................................................................ 120
Recommendations for Practice ................................................................................................... 122
Recommendations for Future Research ...................................................................................... 124
Conclusions ................................................................................................................................. 124
References ................................................................................................................................... 126
Appendix ..................................................................................................................................... 144

Appendix A: Informed consent................................................................................................... 144
Appendix B: Forum Posting for General Study.......................................................................... 146
Appendix C: Forum Posting Used to Recruit Pilot Reviewers ................................................... 147
Appendix D: Email to Forum Administrators for Permission to Post on Forum ....................... 148
Appendix E: Survey and Constructs ........................................................................................... 149
Appendix F: Citi completion report – student ............................................................................ 154
Appendix G: Parallel Analysis Results ....................................................................................... 155
Appendix H: SPSS Information .................................................................................................. 157
Appendix I: Factor Extraction .................................................................................................... 166
Appendix J: Communalities........................................................................................................ 167
Appendix K: Rotated Factor Matrix Using Varimax.................................................................. 168
Appendix L: Initial Eigenvalues ................................................................................................. 169
Appendix M: Rotated Factor Matrix With Suppression ............................................................. 170
Appendix N: Descriptive Statistics from Pilot Study ................................................................. 171
Appendix O: Sample Characteristics of Final Study .................................................................. 173
Appendix P: Descriptive Statistics of Final Study...................................................................... 175
v
List of Tables
Table 1 Parallel Analysis Results ................................................................................................. 97

Table 2 Relating Items to Questions and Labels .......................................................................... 98
Table 3 KMO and Bartlett’s Test from Final Study .................................................................... 99
Table 4 Participant Employment Status ..................................................................................... 102
Table 5 Education Demographics of Participants ...................................................................... 103
Table 6 Reliability Statistics of Individual Scales ..................................................................... 103
Table 7 Factors Identified Using Male Participants Only .......................................................... 104
Table 8 Factors Identified Using Female Participants Only ....................................................... 104
Table 9 KMO By Gender ............................................................................................................ 105
Table 10 Bartlett’s Test of Sphericity ......................................................................................... 107
vi
List of Figures
Figure 1: Conceptual Model ......................................................................................................... 76

Figure 2 Scree Plot ..................................................................................................................... 100
vii
1
Chapter 1: Introduction
The focus of this research was to analyze factors influencing individual attitude towards
blockchain applications when there is a perception of threats to privacy. The researcher assessed
behavior in the context of intent towards blockchain applications, in reaction to threats to privacy
and autonomy. Blockchain emphasizes anonymity; in contrast, other technologies require
authentication and authorization to establish identity (Woodside, Augustine, & Gilberson, 2017;
Zyskind, Nathan, & Pentland, 2015). Although individuals prefer to conduct online transactions
in relative privacy, many platforms and solutions cannot guarantee such security (Hughes et al.,
2019; Lupton & Pedersen, 2016). For example, a majority of pregnant women use pregnancy
monitoring applications; however, those applications were found to store such sensitive data
insecurely (Hughes et al., 2019; Lupton & Pedersen, 2016). Insecurity may also arise from lapses
in infrastructure investment, poor security practices, and sales of private data (Kim, Park, &
Baskerville, 2016). Unfortunately, exposure to the internet presents many organizations with
persistent security challenges arising from sophisticated cyber-attackers which often
compromises confidentiality, integrity, and availability (CIA) of resources and assets (Chatterjee,
Sarker, & Valacich, 2015). Further evidence of this problem comes from the 2018 Data Breach
Investigations Report, which listed over 53,000 incidents and 2,216 confirmed data breaches at
organizations around the world (Verizon Inc., 2018).
As corporate, organizational, and social network data breaches continue to escalate,
individual attitude to insecurity and anonymity warrants further research (Stavova et al. 2017).
Unauthorized exposure of sensitive private information (Zimmerle, 2018) could compel
individuals to seek the comfort of an anonymity-preserving technology such as blockchain. The
use of internet technologies and smartphones often expose individuals to events that may
2
compromise private information within their devices. In extreme cases, significant concessions
can be obtained through blackmail using sensitive records such as private texts or private
pictures stolen from personal devices (Marwick, 2017). Individuals often suffer emotional
trauma or shame due to the release of private media or text messages (Citron, 2019). Threats
exist in other areas as well. Some organizations collect data from individuals or clients and
sometimes use such information for profit, often without the knowledge of the sources
(Shoshana, 2015). Data collected in this manner may be analyzed and combined with location
information to supply extraordinary perspective into an individual’s behavior and preferences
(Al-Saggaf, 2015). Information retrieved for profit may sometimes include personal confidential
data (PCD).
PCD refers to any non-public personal information an individual may consider
confidential, which may include protected health information (PHI) or personally identifiable
information (PII). NIST publication SP 800-122, defines PII as information about an individual
stored or kept by an entity which can be used to identify an individual’s race, name, social
security number, location or date of birth (McCallister, Grance & Scarfone, 2010). PII includes
biometric, financial, educational, and employment information that linked to the individual. PCD
used without authorization or accessed for malicious intent may cause victims social and
economic harm (Gressin, 2017; Primoff & Kess, 2017). While the unauthorized collection of
PCD is unethical, it also increases the possibility that collected data could fall into malicious
hands, and then used for identity fraud or discrimination (Joly, Feze, & Simard, 2013; Favaretto,
De Clercq, & Elger, 2019).
Symantec reported in its "Internet Security Threat Report" (Price, 2016) that more than
500 million individuals were victims of online crime in 2015. The data used in this report came
3
from sensors located in over 157 countries (Price, 2016). The Symantec report also showed that
552 million individuals were affected by breaches in 2013. Similarly, in 2014, 348 million
individuals were victims of successful data breaches. Malicious data breaches often lead to other
insecurity events such as malware incursions, phishing, viruses, and trojans (Edwards, Hofmeyr,
& Forrest, 2016; Richardson, & North, 2017). For many organizations, unauthorized disclosure
of confidential data may lead to lawsuits, financial challenges, and threats to the viability of the
organization (Gressin, 2017; Primoff & Kess, 2017). Unfortunately, individuals
disproportionately suffer from the consequence of data breaches (Solove & Citron, 2018).
However, personal perception and response to privacy events vary by ability, sensitivity to data
and the ease in securing personal information (Menard, Gatlin, & Warkentin, 2014; Stavova,
Matyas, Just, & Ukrop, 2017). Researchers also found that adverse privacy events compel
individuals to adopt a more secure technology (Mamonov & Benbunan-Fich, 2018). Similarly,
when confronted with privacy threats, individuals have been shown to actively engage in
protecting their assets (Stavova et al. 2017).
This researcher focused on factors that affected a user’s intent towards blockchain
applications. The ascent of Bitcoin and other crypto-currencies based on blockchain signified a
trend towards greater individual privacy; although the popularity of these applications among
criminals is also of great concern (Kshetri, 2017). According to Tang and Liu (2015), when users
perceive strong security in an underlying technology such as blockchain, they respond positively
to it. With the emergence of blockchain, the researcher engaged in an effort to identify factors
that affect behavioral intent towards this technology. Bringula et al. (2018) found that security
and trust are significant motivators for the adoption of new technology, a view this is supported
by other researchers and industry experts (Cisco, 2016; Chaoqun, Xiaolin, Qiujun, & Zhongding,
4
2019). Since autonomy, anonymity, and trust are the highlights of technologies such as
blockchain, it is necessary to evaluate individual intent within that context (Hughes et al., 2019).
On the other hand, anonymity is associated with malfeasance and unethical behavior (Yam &
Reynolds, 2016). Autonomous and anonymous transactions provide a compelling and trust-free
alternative to reliance on identity and authentication without PCD (Yang, Lo, Xia, Wan, & Sun,
2016). With blockchain, identity is a random string which minimizes concern for PCD. If data is
lost, it is technologically and physically more difficult to exploit it on blockchain applications
(Gino & Staats, 2015; Feng, Wang, & Li, 2014). However, blockchain is a poorly understood
emerging technology, and little is known about its adoption for personal use even though there is
a significant public interest in Bitcoin (Hughes et al., 2019).
Blockchain technology is a peer-to-peer cloud network with a public ledger that stores an
irreversible copy of every transaction in the transaction block, secured with cryptographic hashes
(Woodside, Augustine, & Gilberson, 2017). Data threats such as ransomware, malware, or data
theft are rarely of concern; however, digital keys may be vulnerable, as well as attacks on entire
digital communities (Hughes et al., 2019). A foundation on integrity makes Blockchain
technology attractive to individuals who value data reliability and control (Beck, Czepluch,
Lollike, & Malone, 2016). Transactions using immutable cryptographic keys are impossible to
corrupt and are also trust-free and anonymous (Yang et al., 2016). Unfortunately, there are
drawbacks to anonymity because it enables criminal activity especially when it is coupled with
proxy networks such as Tor (The Onion Router) to facilitate money laundering and extortion
(Syverson, Tsudik, Reed, & Landwehr, 2009).
Many research publications in information security have relied on protection motivation
theory (PMT) to analyze behavior towards security policies and threat response (Ifinedo, 2012;
5
Sommestad et al., 2015). In some of those studies, threat severity and perceived threat
susceptibility have been shown to have a significant impact on protective behavior (Sommestad
et al., 2015). Derived from the cognitive-processing theories and expectancy-value theories,
PMT was developed to clarify fear appeals and is a reliable explanatory theory often used in
predicting an individual’s behavioral intention towards protective responses such as the use of
anti-virus software (Anderson & Agarwal, 2010). Using PMT, researchers have shown that
individual perception of a risk to privacy will evoke a corresponding protective response
(Menard et al., 2014). The foundational principle of PMT as proposed by Rogers (1975) explores
three dimensions (strength of a threatening event, the chance it might occur, and the ability of the
individual to mitigate its effect).
The focus of this study is to explore factors that may influence an individual’s attitude
towards blockchain technology when they perceive a threat to their privacy or anonymity
(O'Leary, 2017). Common factor model studies such as exploratory factor analysis provide
internal validity through the use of random assignment as well as external validity through
population sampling (Weinberg, Freese, & McElhattan, 2014). Using an exploratory factor
analysis, individual perceptions of anonymity, privacy, intent, and threats were used to explore
factors that influence intention towards blockchain applications. Findings from this study
enriched existing literature on individual technology choices, and the impact of privacy,
anonymity, and threats in shaping those choices. This research effort also answers a call for
studies on emerging technology using multiple theories (Oliveira, Thomas, & Espadanal, 2014;
Wang, Chen, & Xu, 2016; Zyskind et al., 2015). Relevant factors analyzed in this study were
privacy concerns, anonymity concerns, technological concerns, susceptibility to threats, the
severity of threatening events, and self-efficacy.

6
Statement of the Problem
The problem the researcher addressed is the prevalence of data breaches and its impact on
individual technology choices. When individuals perceive a significant threat to sensitive
personal records arising from their dependence on the internet, software, and applications; they
may explore alternative technologies that feature greater anonymity such as blockchain-based
applications (Assadulah, & Onyefolahan, 2015; Zhao, Detlor, & Connelly, 2016). Threats to
personal data is a global problem. Recently, five hundred million individual accounts were
exposed after a data breach at Yahoo (Verizon, 2018; Experian, 2018). Other large organizations
such as Facebook, Grindr, Equifax, TJX also suffered significant data events (Gressin, 2017). A
Facebook data breach gave malicious actors complete control over 50 million personal accounts,
while the Grindr breach exposed subscriber records to third parties which included the HIV
status of individuals (Lomas, 2018). Willful collection and misuse of confidential personal data
also occur at popular payment sites and e-commerce establishments (Preibusch, Peetz, Acar, &
Berendt, 2016).
Researchers have shown that individual perception of a risk to privacy will evoke a
corresponding protective response (Goldberg, 2013; Hart, 2016; Van Schaik, Jansen, Onibokun,
Camp & Kusev, 2018). Unfortunately, there is little research on individual attitude towards
specific privacy-enhancing technologies such as blockchain. The trend towards blockchain is
evident in the financial services industry, where users emboldened by the availability of
blockchain technology have shown a preference for cryptocurrencies (Beck et al., 2016). As a
result, an inquiry into factors that motivate individuals towards greater participation in personal
security through the adoption of blockchain-type technology illuminates privacy and security
research. Findings from this study provide additional data to researchers evaluating technology
7
adoption behavior and the potential consequences of insufficient organizational privacy
practices.
Purpose of the Study
The purpose of this quantitative non-experimental cross-sectional study is to assess
factors influencing individual attitude towards blockchain applications when individuals perceive
threats to their privacy. As concern for privacy increases, the determinants that influence intent
towards secure technologies are likely to provide practitioners, businesses, and researchers with
improved visibility into individual choice (Kraus, Wechsung & Möller, 2017; Acquisti,
Brandimarte, & Loewenstein, 2015). While researchers have shown that the perception of
insecurity can evoke a protective response (Van Schaik et al., 2018), such insight does not
accurately predict protective behavior because salient psychological and privacy factors play a
role (Kraus et al., 2017). While there is scarce research on intent towards autonomous peer-to-
peer cloud technology; cloud technology adoption studies are abundant although those rarely
differentiate between organizational and personal attitudes, or the underlying factors unique to a
specific technology (Chen et al., 2016; Menard et al., 2014; Oliveira et al., 2014).
Empirical tests show that there is a significant connection between behavior and intent to
adopt technological initiatives (Ifinedo, 2014; King & Thatcher, 2014) but there is disagreement
on the influence of insecurity on protective response (Acquisti et al., 2015; Kraus et al., 2017;
Van Schaik et al., 2018). Hence, response to privacy threats may not follow established coping
responses resulting in a phenomenon known as the privacy paradox (Dienlin & Trepte, 2015). To
further illuminate this area of inquiry, the researcher evaluated subsets of measures that
influenced threat response, such as the need for privacy, need for autonomy and the influence of
technology and anonymity, on intention towards blockchain technology.

8
The researcher explored individual behavior towards secure peer-to-peer technology such
as blockchain, in the context of personal autonomy and threats to privacy with theoretical
foundations pertinent to cloud technology (Senyo, Addae, & Boateng, 2018). Exploratory factor
analysis (EFA) is a reliable methodology used to explore relationships between various variables
and to formulate theories (Fabrigar & Wegener, 2017). The researcher leveraged theoretical
foundations such as PMT and TPB. PMT and TPB, in combination, have explained 70% of the
variance related to behavioral intention, in contrast with 45% and 60% of the variance, when
evaluated individually (Ifinedo, 2012). The researcher surveyed participants who were members
of a Facebook forum dedicated to Blockchain technology. Using published guidance on EFA, the
final sample size (n = 189) was considered sufficient for this study (Field, 2013; Tabachnick &
Fidell, 2014; Stevens, 2002).
Theoretical/Conceptual Framework
Researchers exploring variables that influence technology and cloud adoption such as
convenience, perceived usefulness, and threat protection, do not agree on the relative
significance of the underlying decedent and antecedent variables (Chatterjee et al., 2015; Menard
et al. 2014; Sommestad et al., 2015). This inconsistency compels further exploration to uncover
the influence of variations in individual knowledge, trust, perception, and efficacy (Lai, 2017).
Inconsistent results arise when researchers explore variables that are antecedents of
organizational insecurity (Oliveira et al., 2014; Posey et al., 2015). Inconsistent results are also
evident in research on the insecure behavior of individuals within the organization (Huigang &
Yajiong, 2009; Zyskind et al., 2015). On the other hand, scarce research exists on individual
reaction to privacy threats caused by third parties and the influence of autonomy in adopting
9
technology solutions. To further enhance available research, the researcher evaluated factors that
influence individual intention towards blockchain applications in response to threats to privacy.
The blockchain is a type of distributed ledger technology where data is continuously
encrypted and distributed across many participating nodes without personally identifiable
information. Much of the research on distributed ledger systems focused on Bitcoin (Zhong,
Clark, Hou, Zang, & Fitzgerald, 2014). Several qualities made blockchain a suitable underlying
technology for the cryptocurrency market, which has seen explosive growth (Coinbase, 2017).
The qualities of distributed ledger systems such as blockchain include anonymity, trust-free,
peer-to-peer, self-verifying, encrypted, and spread across participating nodes without the need to
identify participants using PCD (Kshetri, 2017; O'Leary, 2017).
Blockchain has gained worldwide attention and is currently perceived to be an
evolutionary step towards distributed, self-managing anonymous, and secure networks (Yli-
Huumo, Ko, Choi, Park, & Smolander, 2016). This adoption of blockchain is prevalent in
financial services, healthcare, supply chain, and some public agencies (Sullivan & Burger, 2017).
Researchers have advanced many theories to assess individual and organizational security
behavior including (a) the general deterrence theory, (b) rational choice theory, (c) accountability
theory, and (d) justice theories (Boss, Galletta, Lowry, Moody, & Polak, 2015). Recent models
commonly used by researchers in information security increasingly involved protection
motivation theory (Crossler & Belanger, 2014). In this study, the researcher explored the
behavioral response to privacy threats using PMT as a theoretical model because PMT is a
reliable model for threat appraisal and protective behaviors (Rogers, 1975). The researcher
incorporated factors derived from studies in information systems security research on technology
10
adoption and personal security (Boss et al., 2015; Crossler & Bélanger, 2014; Menard et al.,
2014).
The threat appraisal and coping response constructs of PMT were particularly well suited
to inquiries on factors influencing individual behavior where there is a threat. The researcher
examined factors influencing attitude towards blockchain using variables for coping, threat
perception, autonomy, and technology appraisal. The theory of planned behavior (TPB)
constructs include attitude, perceived behavioral control, and subjective norms (Ajzen, 2011).
This study did not fully utilize the constructs of TPB for parsimony. Other theories are
applicable, as well. Venkatesh, Morris, Davis, and Davis (2003) integrated attributes from eight
technology adoption theories (TAM: Marangunić, & Granić, 2015) into a unified model known
as the unified theory of acceptance and use of technology (UTAUT). The UTAUT model has
shown explanatory power in assessing performance expectancy, social influence, effort
expectancy and various facilitation conditions regarding behavioral intention towards technology
as well as the role of age, gender, and experience in moderating adoption (Venkatesh et al.,
2003). Anonymity also depends on autonomy (McBride, 2014) hence, autonomy is boosted
when one’s identity is replaced with cryptographic keys, such as those used as identifiers and
signers in blockchain transactions, although that requires substantial personal involvement and
skill (Yli-Huumo et al., 2016). Studies in cloud technology indicate user preference for
convenience and control over technology choices (Menard et al., 2014; Oliveira et al., 2014).
Exploring individual behavior towards a secure technology using a factor model
improves overall knowledge of security-risk behavior and technology adoption when the threat-
response pairs (PMT) are used as a template for behavior towards privacy threats (Menard et al.,
11
2014). This study’s finding added to the body of knowledge on behavioral psychology and
adoption of secure peer-to-peer cloud technologies.
Nature of the Study
The use of empirical statistical methods to analyze survey data derived from real-world
organizations is a common methodology used in information systems and behavioral psychology
research (Sommestad et al., 2015). It often follows a conceptualization process involving a
theory, theoretical gaps, or a combination of theoretical models (Anderson et al., 2017; Shepherd
& Suddaby, 2017). This quantitative, non-experimental, cross-sectional research study sought to
identify key factors using data collection and analysis of observed effects if any, and
relationships between outcome variables where applicable. With factor analysis, mathematical
methods are used to simplify underlying relationships using observed patterns of correlation
among variables (Child, 1976). Research methods have their strengths and weakness. Hence, it is
often difficult to choose one method of analysis over another (Çokluk & Koçak, 2016). In
general, studies using open-ended questions and non-numeric data are qualitative, while
quantitative research follows a deductive approach, numeric scales, and close-ended questions.
In this study, the researcher empirically evaluated factors influencing individual behavioral intent
towards blockchain applications in the context of privacy, autonomy, technology, and threat
response.
This research follows findings by Menard, Gatlin, and Warkentin (2014), which assessed
individual preference towards cloud backup when there is a threat of data loss. Menard et al.
evaluated individual response to the fear of data loss using a factorial survey of college students
in the United States and found that threat severity, automaticity, and concurrency all had a
significant effect on intent to adopt cloud backup (Menard et al., 2014). Automaticity and
12
concurrency had the most substantial effect on behavioral intent, although that could be
attributed to the fact that the participants were students whose preferences may be aligned by
their common challenges, such as the need to complete a project on time or study for an
examination. In addtion, a participant sample featuring a narrow age and experience gap may
impact the generalizability of the result. Also, the fact that college students may have a higher
exposure to cloud technology than the general population may contribute to the results. Other
weaknesses in the Menard et al. study included a lack of control for the differences between
cloud technologies and cloud security, as well as insufficient contrast between dissimilar cloud
technologies.
The researcher combined components of PMT and TPB to explore human behavior in the
context of threat response. Researchers have also combined PMT and TPB to improve the clarity
of analysis on the response towards security threats (Ifinedo, 2012). For example, a survey of
124 information systems professionals and managers in Canada using a combination of TPB and
PMT, found that attitude toward compliance, self-efficacy, subjective norms, response efficacy
and perceived vulnerability were significant indicators of compliance intentions while response
cost and perceived severity were not significant (Ifinedo, 2012). The lesser significance of
response cost and perceived severity (Ifinedo, 2012) was also associated with an individuals’
perceptions of the enabling role of technology in providing facilitating attributes (Chatterjee et
al., 2015). This study supported this finding. Researchers also found that unethical use of
information technology such as non-compliance with security directives is a complex
phenomenon characterized by peculiar non-linear relationships guided by beliefs, economic,
social and technological considerations (Chatterjee et al., 2015).

13
Using technology adoption models (TAM) convenience and ease of use was found to be
significant determinants of technology adoption (Venkatesh et al., 2003). According to Alsaleh,
Alomar, and Alarifi (2017), threat appraisal is also very influential in technology choices. These
studies support earlier research findings based on PMT, showing that response efficacy, self-
efficacy, and social influence affect intention to adopt secure practices (Johnston & Warkentin,
2010). Hence there is an established relationship between fear response and technology adoption
(Alsaleh, Alomar & Alarifi, 2017; Menard et al., 2014; Venkatesh et al., 2003). Also, attitude
towards security compliance strongly correlates with intent to comply with directives (Bulgurcu,
Cavusoglu & Benbasat, 2010). The user’s attitude and self-control provide the underlying
mechanism for threat appraisal, even with neutralization (Siponen, Mahmood, & Pahnila, 2014).
Hence it was necessary to evaluate privacy concerns in the context of a reliably secure and easy-
to-use cloud technology alternative such as blockchain. Given the prevalence of data breaches
and the public disclosure of unauthorized confidential personal records, individuals are likely to
seek solutions with a stronger likelihood of maintaining privacy and anonymity such as
blockchain (Kendall et al., 2005).
The researcher assessed factors affecting intent towards blockchain technology using a
survey. Nominal behavioral intent was assessed using a multi-item scale (Ifinedo, 2012; Woon &
Kakanhalli, 2007). For the other constructs, the scales for autonomy were derived from a study
by Weinsten et al. (2012). The researcher adapted privacy scales from research by Smith,
Milberg, and Burke (1996). The technology facilitation constructs originated from a study by
Chatterjee et al. (2015). The scales for perceived severity, perceived vulnerability, and self-
efficacy were derived from a study by Ifinedo (2012) as well as from a study by Woon and
Kakanhalli (2007). The researcher used a 5-point Likert scale anchored from “strongly agree”
14
with a score of 5 to “strongly disagree” with a score of 1 to measure these items. The researcher
implemented guidelines for minimizing common method variance (CMV), order effect, and
social desirability bias. In analyzing the general factors, the researcher used a cross-sectional
design which is common in social studies research (Bruch & Feinberg, 2017). A cross-sectional
study is a measure of attributes recorded at a point in time using inputs and outputs at the
individual level without retrospection (Trochim & Donnelly, 2008). This design is applicable
because it captures an individual’s attitude towards emerging technology at a point in time.
Although participants were ungrouped, they were expected to have a knowledge of blockchain
and to participate in the “Blockchain Enthusiasts” forum on Facebook.
This research is in response to calls for research on technology adoption using multiple
theories on emerging technology (Oliveira et al., 2014). The researcher adapted methods from
previous research based on exploratory factor analysis (Chatterjee et al., 2015). The researcher
summarized survey data to reveal patterns and relationships that can be used to regroup variables
into limited clusters based on variance. The process of regrouping or factoring variables reveals
unique relationships and provides clarity on factors that influence individual attitude towards
blockchain applications. The common factor model also refers to causal and linear effects on
measured variables as effects indicator models. The rationale for using exploratory factor
analysis is explained in greater detail in the methodology section of this study. Understanding
common factors that influence the use of blockchain may improve knowledge of end-user
behavior towards privacy and autonomy and how it influences technology choices.
Research Questions
The generalized question for this study is: “What factors influence intent to adopt a peer-
to-peer cloud technology such as blockchain when there is a threat to privacy?” Individuals
15
concerned about recent reports of data breaches at Facebook, Grindr, Yahoo, Equifax, Amazon,
and other cloud providers may be concerned about their privacy and providing personal data to
third parties (Chickowski, 2016). Unfortunately, sensitivities to threats and its relationship to
specific technology choices have not received much research attention. Hence, this quantitative
exploration evaluates factors affecting user adoption of blockchain technology when the risk to
privacy is significant. A quantitative study is necessary because correlations between variables
are measured (Osborne, 2015). Using exploratory factor analysis (EFA), the researcher evaluated
intent towards blockchain-based data protection in the context of the following general
questions: privacy questions, technology questions, anonymity questions, self-efficacy questions,
perceived severity questions and perceived vulnerability questions (Osborne, 2015).
RQ1. To what extent does privacy concerns influence intent to place threatened data in a
blockchain application?
RQ2. To what extent does concern for technological factors influence intent to place
personal data in a blockchain application?
RQ3. To what extent does self-efficacy influence intent to place personal data in a
RQ4. To what extent does perceived severity influence intent to place personal data in a
RQ5. To what extent does perceived vulnerability influence intent to place personal data
in a blockchain application?
RQ6. To what extent does autonomy influence intent to place personal data in a
16
RQ7. To what extent does latent behavioral intent influence intent towards blockchain
application?
The researcher tested these research questions using the following eight hypotheses to
determine if these subsets of questions accounted for a large percentage of the variance on the
intention to use a blockchain application.
Hypotheses
H01. k=0 factors are needed to characterize intent towards blockchain applications.
H02. k=1 factor is needed to characterize intent towards blockchain applications.
Significance of the Study
Individuals often contend with the reality that personal records stored by various
organizations occasionally get stolen, released, or shared inappropriately. Unfortunately, for
many individuals, loss of privacy is a major concern and can lead to significant economic or
social harm (Young & Yung, 2017). The consequences of misappropriated personal data, such as
immigration information or sensitive health information, could be socially or economically
disastrous. For example, when an immigrant without valid residency authorization discloses their
location or place of work, they may be exposed to forcible deportation or loss of employment.
Individuals who have HIV may prefer to keep their health data private to avoid unpleasant social
17
interactions or loss of health insurance. When organizations or other actors distribute sensitive
personal information without an individual’s consent, those events can lead to significant
personal harm (Parlapiano, 2018). As reports of data compromises continues unabated,
researchers in information systems have focused on various factors and processes required to
improve organizational resilience to data breaches and minimize wanton actions of non-
malicious actors, malicious activity, and ethical lapses (Liang & Xue, 2010; McAlynn, 2017;
Posey et al., 2015; Scott, 2015).
The healthcare sector has attracted a significant amount of attention from ransomware
hackers because it caters towards vulnerable clientele with sensitive data, and there is a tendency
towards operational silos and inconsistent security policies (Green, Albanese, Cafri, & Aarons,
2014). Unfortunately, healthcare administration requires centralized storage of sensitive data
about patients, which creates a rich trove of sensitive data for criminals. In the second quarter of
2017, ransomware criminals successfully attacked healthcare organizations in over 142 countries
(Hammill, 2017). Unsurprisingly, successful compromise of many healthcare organizations
created a bounty of stolen records that is widely available for sale on the Dark Web (Zetter,
2016). Hence, individuals sensitive to organizational insecurity are likely to avoid contact with
certain organizations. Therefore, it is important for organizations to understand the importance of
safeguarding sensitive data such as PCD (Feng et al., 2014; Tsai et al., 2016). The researcher
posits that fear of privacy and anonymity concerns may influence personal technology choices
towards blockchain applications. The emergence of powerful personal phones featuring
applications with encrypted peer-to-peer autonomous technology may hasten the arrival of
secure cloud computing. Data gathered from this research is useful to practitioners and
researchers interested in blockchain technology adoption.

18
Definitions of Key Terms
Autonomy. Autonomy refers to the ability to function as autonomous persons capable of
deliberation regarding personal goals and having the mental capacity to self-direct. Autonomous
individuals have considered opinions and choices. McBride (2014) stated that threats to
individual autonomy undermine the social contract binding people together in the information
age and that it is a threat to human dignity. McBride conceptualized the autonomy, community,
transparency, identity, value, and emotion (ACTIVE) model to describe the autonomy of the
individual and the ethical ramifications of privacy and value to the customer or individual.
Bitcoin. Bitcoin is a digital currency based on blockchain technology. Bitcoin was
developed in 2009 by a programmer or a group of programmers known as Satoshi Nakamoto
(Nakamoto, 2009). While Bitcoin is the first cryptocurrency, there are many other
cryptocurrencies in common use. These digital currencies often utilize peer-to-peer, encrypted,
and validated transactional systems. Bitcoin and other cryptocurrencies have grown
exponentially in value, with a significant and rapidly increasing market value (Sontakke &
Ghaisas, 2017; Zyskind et al., 2015).
Blockchain. Bitcoin relies heavily on the blockchain, a public “ledger” of every
transaction that has ever taken place on that distributed network. With blockchain, there are no
third-party, centralized, or trusted authority. What is acceptable or what is not acceptable,
depends on the consensus of multiple distributed parties. User identities are often anonymous
with the unfortunate side-effect that online cyber-criminals often request illicit payment in
Bitcoin. Blockchain is known as a distributed ledger technology or a decentralized transaction-
based data management technology initially developed for the Bitcoin cryptocurrency. This
technology came into use in 2008 and has become popular because of attributes such as security,
19
anonymity, robust data integrity, and decentralized transactions. It is immutable, transparent, and
redefines trust through trustworthy and transparent transactions (Yli-Huumo et al., 2016).
Distributed ledger systems such as blockchain are anonymous, trust-free, peer-to-peer, self-
verifying, encrypted, and share data among all participating nodes (Kshetri, 2017).
Cryptocurrency. A cryptocurrency is a digital currency based on blockchain technology.
An example of this type of currency is Bitcoin, which was developed in 2009 by a programmer
or programmers known as Satoshi Nakamoto (Nakamoto, 2009). There are many
cryptocurrencies in use, and they are primarily used as a peer-to-peer, encrypted and validated
worldwide digital currency, with a significant and rapidly increasing market value (Sontakke &
Ghaisas, 2017; Zyskind et al., 2015).
Digital Wallets. Digital wallets are the electronic applications used to safeguard
blockchain data, and private/public keys used as unique identifiers of digital assets. These
wallets are essential assets in public key infrastructure because an acquired private key can be
used to unlock and take ownership of all assets secured by that key (Neeraj, Iqbal, Misra, &
Rodrigues, 2015).
Internet of things (IoT). Internet of things refers to a myriad of technologies that are
used to perform communications on devices and appliances in common use. They mini or
embedded computers on household or commercial devices used to communicate through the
internet and local networks to other devices. IoT devices are present in transaction-based systems
in many industries and applications. Researchers are focused on exploring creative ways to
enhance their security and utility using blockchain (Beck et al., 2016).
Medrec. A notable application of the smart contract using Ethereum is the Medrec, a
blockchain based electronic health record platform developed at Massachusetts Institute of

20
Technology (MIT: Azaria, Ekblaw, Vieira, & Lippman, 2016). Medrec utilizes the smart
contract facilities in the Ethereum blockchain to create a system that prioritizes patient agency
through a transparent and accessible view of medical history which replaces centralized
intermediaries with a distributed access and validation system using the blockchain (Azaria et al.,
2016).
Nodes. Blockchain technology relies on a community of public or private nodes
participating in a peer-to-peer network which features greater individual participation in the
security, access, and transfer of protected information (Schaub, Bazin, Hasan, & Brunie, 2016).
Phishing. Phishing is the standard method used by criminals to infiltrate an organization
using social engineering. Phishing is the collective term for various methods used to compel an
insider to unwittingly download and activate malicious code hidden on a website or email links.
The attacker uses social engineering, which relies on misinformation fake urgency or authority to
convince an insider to click on a malicious link or open a file that is used to launch malware. In
such cases, the attacker may disguise their identity in such a way that the user is led to believe
that they are required to engage in a particular action. Phishing is widespread and has increased
exponentially over the past few years (Wright & Marett, 2014).
Public Key Infrastructure (PKI). Blockchain’s distinguishing features are that
anonymous encrypted transactions occur between two parties without intermediaries. Private and
public keys, as well as cryptographic signatures, secure PKI transactions. Private keys are used
to cryptographically secure and identify the originators or owners of a transaction while public
keys are used to decrypt contents provided by an originator (Neeraj, Iqbal, Misra, & Rodrigues,
2015). Public key encryption is an underlying technology which has been a topic of considerable
interest among technologists.

21
Personal Privacy. Personal privacy is a belief that information has personal and public
boundaries. As a result, individuals expect to have control over the processing and transferring of
personal information, interactions involving their personal information, and the availability of
such data (Dienlin & Trepte, 2015). Hence privacy concerns are multidimensional with incidents
that are not always dramatic and may not always receive widespread press coverage. In many
cases, unsuspecting actions fuel privacy threats such as social engineering, benign or non-
suspicious requests for access, surveys, and usual online association with friends and family.
Person-to-Person (P2P). Person-to-Person refers to a type of technology or cloud
application that connect individuals one-to-one without intermediaries or organizational control.
The first popular P2P application was Napster. Napster was used to share music among friends
and peers. Napster relied on a P2P platform, but it eventually collapsed because of violations of
copyright and becoming a target for regulators and litigation. Truer P2P platforms such as Tor
and Bitcoin are more resistant to disruption because individual participants are autonomous and
there is no centralized authority to disrupt (Emekter, Tu & Jirasakuldech, 2015, Guzman &
Jones, 2014).
Ransomware. A type of malware that digitally encrypts vital operational data in a
computer system and then demands a ransom payment, often in Bitcoins, for the decryption key
(Allen, 2017). Ransomware will be challenging to propagate on a decentralized blockchain
network.
Smart Contract. A smart contract turns a transaction between two or more people into a
running contract. Such contracts are intermediaries that facilitate the performance of a contract
between two parties without a trusted third party. With Ethereum, a specially designed virtual
22
machine is used to run smart contracts on the blockchain, which often requires payment for
transactions that change the blockchain (Anoica & Levard, 2018).
Social Engineering. Social engineering refers to the use of deceptive techniques to
induce individuals into performing specific actions or disclosing confidential or personal
information often used for fraudulent purposes (Wright & Marett, 2014).
Tor. Tor stands for The Onion Router (Tor), an open-source web program designed to
protect an individual’s privacy and security by obfuscating internet traffic origins and foiling
surveillance or tracking. Originally developed for the U.S. Navy to protect government
communications, Tor is widely used to preserve online anonymity and is the preferred browser
for individuals with privacy sensitivity, including online criminals. Tor operates by encrypting
and bouncing communications randomly through multiple relay networks across the globe often
used by Web browsers, Internet relay chat (IRC) and instant messaging (Syverson, Tsudik, Reed,
& Landwehr, 2001).
Summary
Improving the security, management, and distribution of private data is an important
objective in research (Anderson et al., 2017). In this empirical study grounded in theory, the
researcher explored the threat to private data and coping behavior using protection motivation
theory (Rogers, 1975) and aspects of the TPB. The researcher utilized the exploratory factor
analysis (EFA) to uncover patterns through data exploration and prediction testing (Child, 1976).
Exploratory factor analysis involves a methodical discovery of the common factors and their
variables, which is necessary to uncover latent relationships within variables (Chatterjee et al.,
2015). Although physical and technological assets are essential in safeguarding vital data (Posey,
Roberts, Lowry, Bennett, & Courtney, 2013) the attitude and behavior of the end-user is also
23
essential in understanding the challenges and opportunities in information systems security
(Bulgurcu et al., 2010; Siponen et al., 2014). Insecure insider behavior can threaten any
organization when individuals neutralize or ignore safeguards by assuming that responsibility
towards security is someone else’s task (Siponen et al., 2014).
Data breach events provide customers and end-users an incentive to contemplate other
options. In Gartner’s survey of enterprise cloud backup customers, they found that a majority of
users are uncomfortable with existing choices and are eager to explore alternatives (Russell,
Rinnen, & Rhame, 2017). When individuals are unhappy with data protection, they also seek a
secure option as is the case in the financial service industry where blockchain-based
cryptocurrencies are already transforming financial services (Yli-Huumo et al., 2016). The
miniaturization and personalization of computer technology is accelerating the adoption of
mobile devices, wearable computing, and internet-of-things (IoT: Parise, Guinan, & Kafka,
2016). With the advent of mobile computing, individuals are more familiar with personalized
technology and personalized applications which propel the boom in messaging applications and
social networks, but few studies have explored end-user attitude towards secure cloud
technology in response to organizational privacy failures.
Although much of the research on distributed ledger systems such as blockchain has been
focused on Bitcoin (Zhong et al., 2014) a trend that indicates the appeal of personalized and
anonymous transactions. The need for autonomy may popularize new types of cloud
applications. Hence, it is vital to understand the factors that motivate the trend towards
autonomy, anonymity, and privacy from a technical perspective. Much of the current research on
the blockchain is focused on enhancing the utility, flexibility, and security of platform with little
attention to the individual behavior associated with blockchain technology adoption (Giancaspro,
24
2017; Xia et al., 2017). This research is an attempt to fill that gap in the social aspects of
blockchain adoption.
25
Chapter 2: Literature Review
The security of cloud technology is often dependent on robust and secure platform
technology, although the platform is also susceptible to malice, negligence, or willful misconduct
by responsible parties (Oliveira et a., 2014). Cloud technologies are attractive as a hedge against
data loss with convenience and automaticity playing an important role (Menard et al., 2014).
Data protection is a necessary aspect of cloud technology adoption; the unique features of the
underlying platform rarely attract equal research attention. Often not explored is the availability
of secure options such as encrypted peer-to-peer cloud technology in the context of behavioral
psychology and cloud technology adoption. Blockchain technology, in this case, is an application
that features anonymity, encryption, verification, and reliability without reliance on third parties
or organizations. The blockchain is a type of distributed ledger technology where data is
continuously encrypted and distributed across many participating nodes without personally
identifiable information. Bitcoin is the primary focus of much research on distributed ledger
systems (Zhong, Clark, Hou, Zang, & Fitzgerald, 2014).
The problem the researcher addressed is the prevalence of data breaches and its impact on
individual technology choices. Studies have shown that there is a significant connection between
behavior and intent to adopt technological initiatives (Ifinedo, 2014; King & Thatcher, 2014) but
there are inconsistent findings on the influence of insecurity on protective response (Acquisti et
al., 2015; Kraus et al., 2017; Van Schaik et al., 2018). As a result, individual response to privacy
threats may not always mirror expected behavior, a phenomenon known as the privacy paradox
(Dienlin & Trepte, 2015). In exploring the relationship between threats to privacy and the
individual intent towards non-organizational alternatives such as blockchain, this study follows
earlier research which shows that individuals will take advantage of secure alternatives and will
26
seek their self-interest when necessary (Kelley et al., 1989; Oliveira et al., 2014; Menard et al.,
2014). The researcher posits that an individual who believes that a blockchain application will be
trusted, autonomous, and have transactional integrity will react positively to a blockchain based
solution for insecurity. The researcher focused on factors that affect an individual’s intent
towards blockchain applications. With the emergence of technology such as blockchain, the
researcher sought unique patterns in behavior that underlie the decision to avoid traditional
methods and seek blockchain-based solutions. Blockchain can become a template for privacy-
enhancing applications and security (Cisco, 2016).
Theoretical/Conceptual Framework
In introducing the protection motivation theory (PMT), Rogers (1975) emphasized the
importance of assessing the validity of fear response in the context of a clearly defined threat and
coping responses. This observation was supported by a review conducted by Sommestad et al.
(2015) which found that many studies in information technology did not utilize substantive
threats or sufficient coping responses in their analysis potentially leading to inconsistent results.
The complexity of research scenarios may also account for inconsistent results obtained from
studies that evaluate protective instincts (Chatterjee et al., 2015). In a survey of 124 information
systems professionals using relevant hypothesis and data analysis, researchers found that attitude
toward compliance, self-efficacy, subjective norms, response efficacy and perceived
vulnerability were significant indicators of compliance intentions, but response cost and
perceived severity were found to be less significant (Ifinedo, 2012). The reduced impact of
response cost and perceived severity (Ifinedo, 2012) is associated with an individuals’
perceptions of the enabling role of technology in providing facilitating attributes and has been
shown to affect behavioral control towards the use of technology (Chatterjee et al., 2015).
27
Researchers also found that unethical use of information technology such as non-
compliance with security directives is a complex phenomenon characterized by non-linear
relationships which include beliefs, economic, social and technological considerations
(Chatterjee et al., 2015). Also, researchers have explored various variables that influence
technology and cloud adoption such as convenience, usefulness and threat protection but found
contrasting results on the level of significance between convenience variables and threat
appraisal variables (Chatterjee et al., 2015; Menard et al. 2014). In a study, researchers using 152
participants from a large University in the US and a vignette-based factorial study assessed
individual perceptions on the availability and convenience of a cloud backup solution and how
that plays a role in user’s preference for cloud backup. They found that the threat of data loss and
the convenience of cloud-based backup solutions affect a user’s intention to adopt the cloud as a
requisite backup utility (Menard et al., 2014). The study methods involved manipulating survey
responses using realistic vignettes to relate the independent variables, to gain experimental
control orthogonally. With EFA, all variables are independent until latent relationships prove
otherwise. The independent variable, behavioral intent, was measured on a multi-item scale
using constructs drawn from PMT to evaluate threat appraisal and coping responses. Menard et
al. found that users who experience the convenience of using a cloud-based backup, especially
when they perceive that threat of data loss is possible and potentially catastrophic, are more
willing to adopt cloud backup solutions (Menard et al., 2014).
Inconsistencies in the effect of PMT variables in related research is possibly due to
variations in the level of perceived technology efficacy, exclusion of significant variables,
differences in threat perception and individual preference (Chatterjee et al., 2015; Lai, 2017).
Authors have hinted that future studies will further improve the clarity of important questions by
28
incorporating palpable threats and specific threat responses (Sommestad et al., 2015). In the
information technology research context, a threat response pair is evident when the response to
the threat of identity theft is to change and maintain strong passwords. When there is a threat of
data loss, the response is to perform backups more frequently. Similarly, when there is a threat of
malware, an acceptable response is to block network ports, deploy intrusion prevention tools, and
scan with anti-virus and anti-malware tools. The threat-response pair analogy with PMT is a
common model used by researchers to show a connection between threats and the associated
response in individual and organizational contexts (Menard et al. 2014; Johnston & Warkentin,
2010).
Adapting the threat response pair associated with PMT to analyze threats to privacy and
the need to protect personal data through technology based on blockchain technology is a
reasonable approach. Blockchain technology enables peer-to-peer data exchange without third-
party control, which provides individualized management of privacy without reliance on third
parties (Khan et al., 2016; Young & Yung, 2017). Under the threat of loss of privacy, previous
research shows that individuals will take advantage of secure alternatives and will seek their self-
interest (Kelley et al., 1989; Oliveira et al., 2014). In response to calls for studies on technology
adoption using specific technologies and multiple theoretical foundations (Oliveira et al., 2014;
Sommestad et al., 2015) the findings from this study adds to the literature on information
technology, behavioral psychology and technology adoption (Wang et al., 2016; Zyskind et al.,
2015).
Research and Documentation
Sources for this literature review included peer-reviewed scholarly journals, books,
dissertations retrieved through ProQuest, EBSCOhost, Google Scholar, and Roadrunner, with a
29
publication date no later than the past five years. The researcher performed searches using the
following terms; web data, cloud data, blockchain, blockchain and privacy, privacy, ransomware,
protection motivation theory, and technology adoption. Various combinations of these search
terms were also used on NCU’s Roadrunner to refine searches. Other sources of documents
include trade journals, news sites, and professional organizations. Roadrunner search for
scholarly full-text documents on cloud data published between 2013 and 2018 returned 602,689
articles, but when the search term included “blockchain,” the yield went down to 476 records
comprising 398 academic journals, 71 conference materials, six reviews, and two trade
publications. An NCU Roadrunner search on cloud data and healthcare yielded 49,385 records,
but when that search included the term “blockchain” it yielded 132 records. The literature review
below begins with an explanation of the chosen research methodology, followed by the
importance of threat appraisal and coping responses.
Technology Adoption in Reaction to Privacy Threats
The emergence of the internet accelerated local and global commerce, but it has also
created unexpected challenges to privacy and data security (Assadulah, & Onyefolahan, 2015).
The emergence of portable computing and interconnected networks have made it easier to walk
around with a computer in the pocket that can download authorized and unauthorized software,
access legitimate and illegitimate data, or be used to facilitate attacks on online entities using
various methods including viruses and malware (Andres & Asongu, 2013). Individuals have
different capabilities with computing technology; however, the enabling role of technology in
providing facilitating attributes for data exploitation is known to be associated with increased
behavioral control towards the use of technology (Chatterjee et al., 2015). Technology use and
individual behavior is an essential area in information systems research (Sommestad et al.,

30
2015). Using technology adoption models (TAM), researchers have shown that convenience and
ease of use are determinants of technology adoption (Menard et al., 2014). Researchers have also
shown that threat appraisal is influential in technology adoption choices (Alsaleh et al., 2017;
Menard et al. 2014). Johnston and Warkentin (2010) found that response efficacy, self-efficacy,
and social influence affects individual adoption of secure technology practices. Other studies
corroborate these findings by suggesting that an individual’s self-control and motivation is the
underlying mechanism for threat appraisal as well as indifference or neutralization (Menard et
al., 2017, Siponen et al., 2014).
Venkatesh et al. (2003) integrated attributes from eight technology adoption theories
(TAM: Marangunić, & Granić, 2015) into a unified model known as the unified theory of
acceptance and use of technology (UTAUT). The UTAUT model shows reliable explanatory
power in assessing performance expectancy, social influence, effort expectancy and various
facilitation conditions regarding behavioral intention towards technology adoption, as well as the
vital role of age, gender, and experience in moderating attitude towards technology adoption
(Venkatesh, Morris, Davis, & Davis, 2003). Unfortunately, few studies have explored individual
intent regarding secure technology in the context of autonomy and peer-to-peer cloud technology
(Menard et al., 2014). Researchers agree that the paucity of research in cloud technology
adoption is due to the technology’s infancy (Oliveira et al., 2014); this is even more applicable to
blockchain technology because it is less mature (Woodside et al., 2017).
Using transaction cost economics theory (TCE), researchers analyzed individual behavior
towards technology and found that opportunity and individual self-interest also affect attitude
towards technology (Chickowski, 2016; Kelley et al., 1989; Rindfleisch & Heide, 1997). Self-
interest was found to play a significant role in behavioral models incorporating TPB constructs.
31
TPB is a theoretical foundation used to analyze attitude and intentions and how it correlates with
behavior, perceived behavioral control, and subjective norms (Ajzen, 2011). Researchers found
that attitude is a good indicator of intent, especially in the context of compliance with security
policies or mandates (Ifinedo, 2012). When people are afraid, they exhibit a complex appraisal
and coping behavior, which has been widely modeled using PMT and TPB. Drawing from these
findings, individuals that have a positive response to a variety of threat appraisal and coping
constructs also respond affirmatively to antecedents constructs such as habit, automaticity,
convenience and social norms (Ifinedo, 2014, Menard et al., 2014; Vance, Siponen, & Pahnila,
2012). As a result, the researcher posits that when an individual perceives significant threats to
privacy or sensitive personal records due to data breaches or other unexpected events they will
be receptive towards new technology that provides personal security and autonomy (Zyskind et
al., 2015).
Exploratory Factor Analysis
To understand latent factors influencing individual attitude and perception towards secure
peer-to-peer technology it is important to acknowledge the prevalence of public announcements
regarding data breaches and privacy violations at many organizations and the surging popularity
of blockchain technology or cryptocurrency (Marmonov & Benbunan-Fich, 2018). The question
arising from the exploration of these perceptions is whether there are different subsets of
measures that represent individual attitude towards blockchain or if there are no distinct
constructs. EFA can be used to gain better insight into these relationships by exploring
correlations among various measures, often referred to as common factors using shared variance
(Fabrigar & Wegener, 2017). Originating from the pioneering work of Spearman in the early
1900s, through his study on human ability and the Two-Factor Theory (Fabrigar & Wegener,
32
2017) EFA is now one of the most commonly used quantitative methods applied in the social
sciences to develop theories and mathematical models (Fuller, Simmering, Atinc, Atinc, Babin,
2016).
EFA is often used to summarize the relationships and patterns in research data to isolate
constructs and concepts so that they can be grouped based on shared variance (Fuller et al.,
2016). EFA may also involve the use of simulated data using known answers to test concepts and
factors (Child, 1976). The two primary techniques of factor analysis are EFA and confirmatory
factor analysis (CFA). CFA is used to confirm hypotheses with variables and factors represented
using path analysis and diagrams. On the other hand, EFA is often used to discover patterns or to
develop a theory by exploring the data and testing predictions (Child, 1976). A core purpose of
EFA is the development of a new theory (Stebbins, 2001).
An exploratory design, often a deductive approach is necessary when a researcher intends
to generate new ideas and to create or refine a model (Auspurg & Hinz, 2015; Stebbins, 2001). In
this study, the researcher chose a post-positivist worldview, often known as the scientific method
or traditional form of research (Creswell & Creswell, 2017). Worldviews, also known as
paradigms, are often used to define what is possible or impossible, and the accepted beliefs and
agreements shared by researchers (Rogoff, 2016; Lub, 2015). A paradigm shift is a significant
change in approach to a scientific or social issue (Kuhn, 2012). Paradigms can also refer to the
distinction between research models such as positivist, experimental and traditional or
constructivist, naturalistic, interpretive and post-positivist which are widely shared by many
researchers (Creswell & Creswell, 2017). Paradigms can be used to represent a shared belief or
approach, or a change in a belief, based on a framework intended to guide research. In this
research, the post-positivist method is necessary since the researcher is exploring effects and
33
outcomes. For example, the loss of privacy due to organizational ethics may likely to lead to
individual motivation to assume personal responsibility for private transactions.
In this study, the researcher contributes to knowledge through the advancement and
constant development of existing ideas using theory development. Theory development is key to
the advancement of science. It is a process used to address the “how, where, what, why” of
events and phenomena which allows us to make sense out of chaos (Van Lange, 2013). In
information systems (IS) studies, theory development often occurs through the extension or
reformulation of existing theories, some of which come from criminology and psychology
(Chatterjee & Valacich, 2015; Siponen & Vance, 2010). For example, in an analysis of 143
articles published in Information Systems Research and MIS Quarterly, researchers found that 70
percent of publications used theories adapted from other disciplines (Grover & Lyytinen, 2015).
The use of empirical statistical methods to analyze survey data derived from real-world
organizations is a common method in information systems security research (Sommestad et al.,
2015). The empirical statistical method starts with a conceptualization stage where researchers
evaluate a theory, theoretical gaps, or a combination of theoretical models (Creswell & Creswell,
2017; Shepherd & Suddaby, 2017). Information systems researchers also use case studies;
however, some of the benefits of case studies can be realized using simulations and vignettes
(Jasso, 2006). A pragmatist worldview was not appropriate for this study because it is
traditionally more suitable for a mixed-methods study where a qualitative step often precedes a
confirmatory quantitative step (Çokluk & Koçak, 2016). Pragmatists create opportunities for
triangulation of data and provide a template for multiple base theories (Shepherd & Suddaby,
2017). Unfortunately, a pragmatist approach will require considerably more time to complete the
study because of the rigor consistent with a confirmatory quantitative research stage (Creswell &
34
Creswell, 2017). The use of empirical statistical methods to analyze survey data derived from
employees of real organizations is a standard method used in ISS research studies (Ifinedo, 2014,
Siponen et al., 2014). The empirical analysis follows a conceptualization stage where researchers
evaluate a theory, theoretical gaps, or a combination of theoretical models (Creswell & Creswell,
2017; Shepherd & Suddaby, 2017).
Vignettes and simulation are particularly common in information systems security
research because workers are often hesitant to reveal sensitive company information in surveys
thereby compelling researchers to pose questions in a hypothetical sense, which approximates
responses from real-world scenarios (Stebbins, 2001; Jasso, 2006). Many studies that explore
sensitive behavior use simulations of actual conditions or vignettes (Ifinedo, 2012; Chatterjee et
al., 2015; Menard et al., 2014). With vignettes, it is possible to manipulate some of the variables
during the survey (Menard et al., 2014). A weakness of stimulations or vignettes is that
participants must be familiar with the subject, which is not always guaranteed and often
compromises internal validity (Auspurg & Hinz, 2015).
Exploring variables that influence technology, security and adoption often require using
participants that can understand the questions in the survey (Chatterjee et al., 2015; Menard et al.
2014; Sommestad et al., 2015). When participants are unable to comprehend the technology,
their responses may not be valid. For example, researchers exploring the relative significance of
variables related to convenience, perceived ease of use, perceived usefulness, and threat
protection found significant contrasts with earlier studies (Chatterjee et al., 2015; Menard et al.
2014; Sommestad et al., 2015). This inconsistency may arise from variations in knowledge, trust,
efficacy, errors of exclusion of influential variables (Lai, 2017). Such inconsistency is also
evident in research focused on antecedents of organizational insecurity (Oliveira et al., 2014,

35
Posey et al., 2015) and the behavior of the individuals within the organization (Huigang &
Yajiong, 2009, Zyskind et al., 2015). To further improve the clarity of results, it is necessary to
confirm existing findings and to explore unknown relationships. In this study, the researcher
explored variables that affect individual attitude towards blockchain technologies.
Privacy Threat and Response
NIST publication SP 800-122, defines PII as information about an individual stored or
maintained by an entity which can be used to identify an individual’s race, name, social security
number, location or date of birth. PII includes biometric, financial, educational, and employment
information that pertains to an individual (McCallister, Grance, & Scarfone, 2010). Health
records such as patient identification information, laboratory results and diagnostic information
are known as protected health information (PHI) under Section 1171, Part C Subtitle F of the
Health Insurance Portability and Accountability Act of 1996 (HIPAA; Boyce, 2017). The
acquisition and storage of PII and PHI usually motivate organizational investments in perimeter
defenses, intrusion detection, patching, virus removal, malware removal, security education,
security training, and security awareness (SETA) programs, although commitments vary
(Joskow, 2002). Individual perception of a risk to an individual’s PHI or PII will evoke a
corresponding protective response (van Schaik et al., 2018). The foundational principle of PMT
as proposed by Rogers (1975) relies on three dimensions; the strength of a threatening event, the
chance it might occur and the ability of the individual to mitigate its effect.
Derived from the cognitive-processing theories and expectancy-value theories, PMT was
developed to clarify fear appeals and is a reliable explanatory theory for predicting an
individual’s behavioral intention towards protective responses (Anderson & Agarwal, 2010). The
theory originated from expectancy-value theories and their relation to fear response and
36
protective behavior, especially the influence of risk factors on risk-adaptive behavior. In Rogers
(1975) model, fear response incorporates the effect of fear appeals and attitude change and how
those relate to the perception of a noxious event and a potential course of action. In support of
these assertions, researchers found that individuals concerned about threats to personal data will
seek cloud technology alternatives (Menard et al. 2014). Of course, this assumes an individual in
control of their assets, which is not always the case. In many instances, an individual’s private
data is under the control of an organization, and there is little they can do to enforce ethical use
of their data beyond legal action or agitation. Recent technologies such as blockchain introduce a
cloud technology option based on anonymity and reliability with little dependence on laws and
regulations such as the GDPR (2016). Although PMT was developed to model individual
protective behavior under some threat (Rogers, 1975), it was later extended into the healthcare
domain to incorporate threats from serious ailments such as cancer (Maddux & Rogers, 1983).
Researchers have demonstrated that PMT could explain a variety of intentions related to
behavior in the information security domain (Crossler et al., 2014; Ifinedo, 2012; Teodor et al.,
2015). However, several inconsistencies have shown that the accuracy of the theory often
depends on the type of behavior under analysis. Initially developed to assess how fear appeals
influence voluntary behavioral related to the health threats, PMT is now used in the information
security domain where several studies have investigated variables related to security policy
compliance and other mandatory behaviors (Boss et al., 2015; Chatterjee et al., 2015). Although
PMT was developed to explore cognitive behavior related to specific threats and coping
methods, in information security it is often applied to behaviors that are relatively abstract such
as conformance to information security policies (Ifinedo, 2012).

37
Ifinedo (2012) surveyed security professionals in Canada using constructs derived from
the protection motivation theory and theory of planned behavior and found substantial support
for the influence of most of the PMT variables except response cost. Menard et al. (2014)
surveyed 152 participants drawn from a large southeastern University in the US to assess how
the threat of data loss and the convenience of a cloud-based backup solution affect’s a user’s
intention to adopt the cloud for backup and found support for several PMT constructs although
those were less influential than convenience variables. Menard et al. used a factorial survey with
vignettes to collect data from participants, and orthogonally manipulated the independent
variable for greater experimental control. In their study, the dependent variable was behavioral
intent measured on a reflective scale, in contrast with the binary choices that characterize the
vignette. Menard et al. evaluated the influence of availability and convenience of a cloud backup
on a user’s preference for cloud backup using PMT.
The PMT variables were particularly useful in analyzing the selection of a cloud backup
due to the potential loss of precious data (Menard et al., 2014). The instinct to preserve what we
value is a foundational principle of PMT, and it translates very well to an instinct to preserve
vital records threatened by inadequate backup or inadequate privacy; using threat susceptibility
as the degree to which individuals feel vulnerable to a threatening event (Johnston & Warkentin,
2010). Threat susceptibility is the level of fear an individual may experience when they learn
about a terrible diagnosis or have a sensitive personal matter exposed on the internet. For
example, exposing the workplace of an undocumented immigrant may lead to deportation
proceedings. The fear of deportation or fear of social stigma caused by unwanted public
knowledge of embarrassing health information may compel individuals to adopt blockchain-type
applications for personal use.

38
Menard et al. (2014) found that users who experience the convenience of a cloud-based
backup, especially when they perceive that data loss is potentially catastrophic, are more willing
to adopt a cloud backup solution. Similarly, the researcher theorizes that when users perceive a
threat to their privacy, they are likely to seek solutions that provide greater security and
autonomy, such as blockchain technology. PMT has also been used to analyze individual
behavior related to personal protection, even in the context of complex behaviors required to
secure a computing asset. Crossler and Belanger (2014) developed a unified security practices
instrument based on PMT using literature reviews, pilot tests, focus groups, and field interviews
involving undergraduate students and doctoral students. Crossler and Belanger (2014) found that
inconsistencies in the results obtained from PMT studies may be related to measurement error,
for example, PMT variables are appropriately influential during threat appraisal and coping
appraisal, however, the relevance of these constructs become less meaningful after individuals
conceive an appropriate response and begin to change their behavior.
Also, PMT-based studies often focus on mandatory adherence to security policies and
various challenges organizations face in ensuring end-user compliance with established policies,
even though more consistent results arise from voluntary scenarios (Abraham, 2012; Chen,
Ramamurthy, & Wen, 2012; Pfleeger, Sasse, & Furnham, 2014; Vance, Lowry, & Eggett, 2013).
PMT has been found to have better explanatory power for individual voluntary actions when
applied to various scenarios, but most studies in ISS use PMT to assess behavior in mandatory
circumstances (Teodor et al., 2015). In order to improve PMT-based studies, it is necessary to
evaluate individual attitude towards personal security, when the behavior is voluntary (Teodor et
al., 2015). Blockchain technology benefits from voluntary and autonomous individual action,
and researchers have shown that autonomy improves the tendency to engage in voluntary actions
39
(Nunez & Leon, 2015). PMT is a valid theory for this research study because it is effective for
voluntary rather than mandatory choices (Sommestad et al., 2015). A common conclusion in
information security behavioral studies is that individual attitude is a good indicator of intent
(Vance et al., 2013; Ifinedo, 2012; Ifinedo, 2014). Hence, behavioral intent is often used to
assess the intent towards asset-protection in the context of inclination to conform with
organizational security mandates (Ifinedo, 2014; Nguyen, Yunshi, Ping-Fu, & Sheng-Hung,
2014).
Other theories are commonly used to explore individual behavior, they are (a) the general
deterrence theory, (b) rational choice theory, (c) accountability theory, and (d) justice theories
(Boss et al., 2015). Recently, researchers in ISS have increasingly made the shift towards
behavior models such as PMT (Crossler & Belanger, 2014). Using PMT as the theoretical basis
for a fear response study is a logical choice. In concert with other studies in ISS, the researcher
assessed intent along with autonomy and privacy concerns with constructs derived from PMT
(Boss et al., 2015; Crossler & Bélanger, 2014; Menard et al., 2014).
The coping appraisal constructs of PMT include self-efficacy, response efficacy, and
response cost. Self-efficacy (SE) is also an essential construct in social cognitive theory and TPB
(Bandura, 1991). SE is known as a positive self-evaluation construct used to assess self-
confidence and belief in one’ ability to engage, perform, and discharge a duty satisfactorily (Ozer
& Bandura, 1990). Individuals with a high level of self-efficacy form stronger convictions about
their ability to engage successfully in an action (Harun, 2017). Self-efficacy provides the
underlying motivation to persist in an effort required to cope with a challenge (Bandura, 1991).
Response efficacy construct represents an individual’s perception of the effectiveness of the
coping response, while the response cost construct refers to the perceived cost or benefit
40
obtained from performing the coping response. Response cost is evident when a situation
involves tradeoffs with time, money, and effort. In IS security research, PMT is valuable due to
its explicit threat and response pairs which may have contributed to its extensive application in
IS research
Other theories are often used in ISS studies to evaluate technology adoption intention.
The technology threat avoidance theory (TTAT) seeks to fill a gap in the technology adoption
theories by incorporating threat and emotional response (Huigang & Yajiong, 2009). The TTAT
proposes that threat avoidance and threat adoption are qualitatively different and contends that
threat avoidance theories are a necessary complement to the robust but arguably incomplete
technology adoption theories (Huigang & Yajiong, 2009). The technology threat avoidance
theory (TTAT) is meant to fill a gap in the technology adoption theories by adding threat and
emotional response (Huigang & Yajiong, 2009). The TTAT welds PMT and cybernetic theory
into a model that includes emotional and environmental cues to protection motivation. Emotion
is a valid concern in protection motivation, especially when there is palpable threat such as
cancer. However, many IS studies using PMT do not incorporate substantial personal threats
(Ifindedo, 2012; Sommestad et al., 2015).
Information security researchers often explore adherence to security policies, and the
various challenges organizations face in ensuring end-user compliance with mandates (Ifinedo,
2014; Pfleeger, Sasse, & Furnham, 2014; Vance, Lowry, & Eggett, 2013). These studies analyze
organizational initiatives that influence behavior (Chen et al., 2012) or emphasize the importance
of exploring the secure behavior of individuals (Menard et al., 2014). In both cases, individual
attitude to personal security is often reflected in attitude towards asset protection in the
41
workplace (Nguyen et al., 2014). Hence, intention towards an activity is often a good indicator of
likelihood to perform the activity (Ifinedo, 2014).
Individual Intent
Researchers often rely on the theory of planned behavior (TPB) which originated from
the theory of reasoned action (TRA) to model actual behavior involving attitude and intention to
carry out an objective (Ajzen, 2011; Leonard, Cronan, & Kreie, 2004). Ifinedo (2012) found a
consistent correlation between attitude towards information security compliance and intent to
adopt mandated policies. Ajzen (2011) also found that the degree of favorableness felt about an
event influences attitude towards it. TPB has been widely studied and found to be reasonably
sound in various settings and domains (Armitage & Conner, 2001). Hence, TPB is a dependable
theoretical framework for predicting human intentions and behavior. TPB is not a normative or
judgmental theory; it only explains why an individual engages in behavior such as intent to adopt
new technology. In the context of this study, behavioral intent is an indicator of interest in
blockchain technology. In general, theories used in ISS research fall into three categories: (a)
conceptual principles with no underlying theory or empirical evidence, (b) theoretical models
with no empirical evidence; and (c) empirical work grounded in theory (Siponen et al., 2014). In
this empirical study grounded in theory, the researcher assessed threat appraisal and coping
behavior in relation to intent (Rogers, 1975), using attributes drawn from TPB (Ajzen, 2011;
Kelley et al., 1989).
Individual Relatedness
Relatedness refers to an individual’s perception of the legitimacy of a threatening event
(Zhao, Detlor, & Connelly, 2016). In order to cope appropriately with a threatening event,
individuals have to feel sufficiently vulnerable or perceive the threat to be sufficiently

42
threatening to evoke an incentive to counteract the threat (Crossler et al., 2014). Relatedness, in
term of self-determination theory, refers to an individual’s emotional connection or perceived
vulnerability to threats such as loss of sensitive, confidential data (Ryan & Deci, 2000).
Relatedness expressed as threat vulnerability and threat susceptibility is an important concept in
protection motivation theory (Rogers, 1975). Although protection motivation theory is a good
fear response model, researchers in information systems security and information technology
(IT) who used the PMT theoretical model often produce inconsistent and contradictory results
possibly due to threats in IT varying quite widely (Sommestad et al., 2014). Relatedness, as a
measure of an individual’s perception of privacy risk, is directly related to the level of concern
shown by the individual as well (Assadulah, & Onyefolahan, 2015). To clarify observations and
enhance understanding of underlying relationships, researchers exploring individual behavior
integrate the protection motivation theory with other behavioral theories to clarify results
(Ifinedo, 2012; Menard, Bott & Crossler, 2017).
Using PMT, in this case, is logical because the motivation to engage in a protective
activity is related to self-determination. The self-determination theory (SDT) is used to assess
individual extrinsic and intrinsic motivation or a lack of motivation (Ryan & Deci, 2000). In
intrinsic motivation, an individual acts for the personal pleasure and rewards derived from that
activity (Ryan & Deci, 2000). SDT conceptualizes that intrinsic satisfaction arises from
achieving privacy objective, although extrinsic factors influence the incentive to protect. Ryan
and Deci (2000) introduced SDT by identifying discrete types of extrinsic motivation, featuring
levels of self-determination and autonomy and categorizing extrinsic motivation by the degree to
which an individual’s motivation is under control of an external entity or concern (Zhao, Detlor,
& Connelly, 2016).

43
SDT theorizes that perceptions of competence, autonomy, and relatedness influences
motivation (Ryan & Deci, 2000). In the context of SDT, autonomy refers to an individual’s
perception of their willingness to engage in an activity while competence refers to an
individual’s perception of how he or she can interact with their surroundings in order to produce
the desired outcome or prevent undesirable outcomes. Relatedness refers to an individual’s
perception of connectedness with various circumstances (Zhao, Detlor, & Connelly, 2016). For
example, an individual may perceive a high level of autonomy, competence, and relatedness
when they have the freedom to conduct their daily affairs confident in their ability to achieve
their personal goals without compromising their privacy.
Researchers have also explored how autonomy influences intrinsic motivation,
internalization, attachment, and emotional integration, as well as the conditions in the social
context that support motivational and emotional bases of behavior (Ryan, Deci, Grolnick, & La
Guardia, 2015). Menard et al. (2017) evaluated PMT within the domain of information security
using fear appeals by applying a novel adaptation of SDT with self-determined appeals. Menard
et al. (2017) developed an alternate form of security appeals through language that incorporates
end users’ autonomy, competence, and relatedness with the desire to protect information and
intention to perform a remediation action. Menard et al. also demonstrated that using individual-
focused appeals and appropriate choices, individuals have an elevated intention to engage in a
secure behavior. From a technological perspective, individuals have been shown to seek
technologies that empower their autonomy and minimizes the consequences of mistakes such as
those that may expose criminal action (Woodside, Augustine, & Gilberson, 2017). Hence, it is
not surprising that a proportion of early adopters of blockchain-based Bitcoin cryptocurrency

44
were unsavory characters with a significant sensitivity to privacy who seek proceeds from
malware and ransomware incidents (Woodside et al., 2017).
Threats to Privacy
Personal privacy is an assumption that information has personal and public boundaries.
The definition of privacy as non-intrusion or “being left alone” is based on a non-spatial
approach to privacy (Tavani, 2007). Individuals could view privacy threats as amorphous and
pervasive. Such indignance may leave individuals susceptible to manipulation because of the
uncertainty about individual control and the consequences of privacy-related behaviors, and lack
of understanding of the degree to which privacy concerns is abused by commercial and
governmental interests (Acquisti, Brandimarte, & Loewenstein, 2015). Researchers found that
the abuse opportunity structure of the organization also facilitates abuse of privacy (Kim, Park,
& Baskerville, 2016). When an organization is successful in manipulating user attitudes, then
they are more likely to take advantage of such manipulation. Using survey data obtained from
205 working professionals, Kim, Park, and Baskerville (2016) found that organizational and
individual factors (emotions and morality) affect computer abuse intention. Kim et al. used the
emotion process model as a building block in understanding computer abuse intentions in
organizational settings and found that both cognitive (goal-conduciveness) and emotional (abuse-
positive affect) factors are involved in activating the abuse intent of potential abusers and that an
organizational context also influences this intent.
Privacy has evolved from the spatial to information security in the internet age, although
both bear similarities (Preibusch, Peetz, Acar, & Berendt, 2016). The similarities include an
emphasis on access control and the regulation of privacy events at the individual or group level.
Tavani (2007) distinguished between descriptive and normative theories of privacy and
45
evaluated the differences related to the restrictiveness and limits of privacy theories. While
normative theories are rights-based, stressing the importance of exclusive zones, descriptive
privacy theories incorporate the inherent adaptability of privacy and how privacy can be
diminished or lost (Tavani, 2007). While both approaches to privacy are related, they may be
difficult to unify as a common approach to privacy. Researchers have subsequently integrated
various aspects of privacy concerns and developed several instruments to measure individual
privacy concerns (Buchanan, Paine, Joinson, & Reips, 2007; Smith et al. 1996).
In the internet age, privacy concern is often related to an individual’s expectation of
control over the processing and transferring of personal information as well as interactions
involving their personal information and the availability of data (Dienlin & Trepte, 2015).
Private records are confidential records which may be protected by existing legal statutes
(Dienlin & Trepte, 2015). Health, civic, and financial data are also considered confidential data
in this study. Health data include documented data on individual illnesses, medical prescription,
medical history, sexual orientation, and genetic information. Civic data includes voting records,
citizenship data, tax data, religious, employment, and cultural affiliation data. Financial data
often refers to bank records, transfers, investments, and other financial obligations or assets.
Privacy concerns regarding confidential records are multidimensional and should be analyzed
comprehensively (Dienlin & Trepte, 2015). Confidential data also include any non-public
personal information that when accessed, stolen or acquired by a criminal, may subject the owner
to some harm. While privacy and data breach incidents are not always publicly known and may
not always receive widespread press coverage, they facilitate further criminal activity such as
phishing and ransomware attacks (Richardson, & North, 2017). Other threats to confidential data
may arise from unethical actions originating as benign or non-suspicious requests for surveys
46
and research or through discreet monitoring (Chatterjee et al., 2015). Stolen data may not come
from one source; it may be consolidated from multiple sources. When disparate data are
integrated into a collection, it can be analyzed and mined to reveal intimate details about a
subject, such as their political preference, social preferences or even latent emotion (Acquisti,
Brandimarte, & Loewenstein, 2015).
An unscrupulous actor may also use sensitive private information to manipulate emotions
through creative and targeted messaging designed to inflame passions. According to public
reports, Cambridge Analytica used emotion analysis data to place a manipulative advertisement
on Facebook to influence elections in various countries. Later, unfavorable news coverage forced
Facebook to expel Cambridge Analytica from their platform (Meredith, 2018). Facebook is not
alone in this practice; other organizations use personal records to improve their bottom line and
often engage in analytics to increase the monetary value of such data (Acquisti, Brandimarte, &
Loewenstein, 2015). When data is consolidated and stored in an optimized manner, advanced
analytics can enhance the value of the data and make it attractive to buyers and criminals
(Goldberg, 2013). Unfortunately, excessive data accumulation and storage is an attractive target
for criminals who thrive on the commercial value of such information and how much the owners
are willing to pay to keep it safe. The presence of valuable personal data may also provide
business opportunities for unscrupulous executives and partners who may wantonly monetize or
misuse such data (Goldberg, 2013). For example, excessive data collection allowed Facebook to
provide data subscription services to third parties such as Cambridge Analytica which led to
embarrassing revelations. Facebook was only forced to act due to the reports from The New
York Times and The Guardian newspapers initiated by Christopher Wylie, a whistle-blower,
who previously worked at Cambridge Analytica (Meredith, 2018). According to these reports,
47
data obtained from Facebook was used to perform modeling involving analysis of social
connections and preferences which was then used to create a rich map of political leanings and
individual susceptibility to emotional cues delivered through targeted advertisements. The result
of this analysis was to manipulate intent and social norms in order to alter behavior. In another
report, a Norwegian research team discovered that the Grindr secretly shared subscriber records
that included sensitive records such as the HIV status of individuals with an external marketing
firm for profit (Lomas, 2018).
When organizations misuse personal data and threaten individual privacy, they expose
victims to potential harm including phishing attacks, a stolen identity, unsavory social
consequences, or financial ruin (Ludwig, vanLaer, Ruyter, & Friedman, 2016). Improving the
security, management, and distribution of private data is an important objective in research
(Anderson, Baskerville, & Kaul, 2017). According to Mason (1986), the threat to privacy can be
insidious and may spread over time while also being hard to comprehend. Privacy lost through
incremental exposure, collection of attributes with logical links is useful in developing detailed
personality profiles (Meredith, 2018). As individuals endure persistent threats to private and
personal data, the determinants that influence individual behavior towards adopting technologies
that minimize exposure to insecure organizational practices may help researchers evaluate the
potential ramifications of persistent breaches and misuse of data. Understanding individual
preferences for personal security is necessary because individual behavior is related to attitude
towards security, and also has a significant effect on privacy, insecurity, data loss and cyber-
attacks (Chatterjee et al., 2015).
Privacy scholars acknowledge a privacy-paradox; a phenomenon where online security
concerns do not necessarily equate to secure behavior. Researchers have shown that privacy-
48
paradox is less significant when privacy intentions and privacy attitudes mediate secure behavior
(Dienlin & Trepte, 2015). While individuals may not always utilize the security features in every
product, they are still likely to react negatively to lapses in organizational security when it
impacts them (Dienlin & Trepte, 2015). Similarly, individuals impacted adversely by an event
will engage in an appraisal and coping response that can be modeled with PMT (Rogers, 1975).
Exploring individual attitude towards emerging peer-to-peer cloud technology, when used as a
coping response to data threats, can add to the body of knowledge in ISS on cloud security, peer-
to-peer computing and technology adoption (Schaub, Bazin, Hasan, & Brunie, 2016; Zyskind,
Nathan, & Pentland, 2015). Thus, it is necessary to explore the attitude and perception of
individuals towards privacy in the context of a secure peer-to-peer (P2P) technology such as
blockchain and how it affects individual decisions. The question arising from the exploration of
these perceptions is whether there are different subsets of measures that represent individual
threat response and how this relates to a coping response based on the adoption of P2P
technology or if there are no distinct constructs. EFA can also be used to gain insight into
complex relationships by evaluating correlations among various measures, often referred to as
common factors (Fabrigar & Wegener, 2017).
Individual Autonomy
Peer-to-peer technology assumes some element of self-control which relies on autonomy.
To understand autonomy, it is necessary to evaluate the philosophical theories of ethics, broadly
classified into consequentialist, utilitarian, and deontological school views (Mason, 1986).
McBride (2014) proposed another view known as virtue ethics. In the information systems
domain, virtue ethics is an extension of the privacy, accuracy, property, and accessibility (PAPA)
model (initially proposed by Mason in 1986). Mason used PAPA to illustrate the ethical issues
49
that plague individuals in the modern technology age such as the concern for intellectual capital
especially when there may be loss of confidential information without compensation (McBride,
2014). PAPA also refers to circumstances where individuals are unable to access vital
information or when private information is unexpectedly revealed; as well as when sensitive
personal information is misused or corrupted (McBride, 2014). McBride (2014) observed that
personal privacy threats undermine the social contract binding people together in the information
age and that it is a threat to human dignity. McBride also conceptualized the autonomy,
community, transparency, identity, value, and emotion (ACTIVE) model used to describe the
autonomy of the individual and the ethical ramifications of privacy to the customer or individual.
Smith et al. (1996) developed and validated an instrument which measures the
dimensions of user concerns regarding organizational information privacy practices, using data
gathered from employees in banking, insurance, and credit card processing. Using a 15-item
instrument with four sub-scales which includes concerns about the collection of personal
information, errors in personal information, internal unauthorized secondary use of private
information and improper access to private information; they enumerated the depth of concern
for these privacy concerns and then evaluated the dimension of individual concerns regarding
these scenarios. Using multiple stages of analysis, Smith et al. (1996) validated survey responses
while improving the accuracy and appropriateness of survey content and incorporating a
preliminary assessment for refinement using exploratory methods. Smith et al. (1996) noted the
multi-dimensional nature of the constructs used in their study but did not address the influence of
emotions.
The theoretical basis of the Smith et al. study is based on models of information flow as
well as physical and social work structures derived from the expectancy theory. Smith et al.
50
(1996) also used previously published models on consumer attitudes toward direct marketing
practices, and corporate approaches to information privacy policy-making and revealed several
dimensions of user concerns with privacy including reduced judgment situations and data
corruption. Autonomy can be measured with a validated and reliable scale of dispositional
autonomy known as the Index of Autonomous Function (IAF: Weinstein, Przybylski, & Ryan,
2012). Weinstein et al. found that the subscale of authorship or self-congruence, with an
eigenvalue of 5.18, accounted for 34.54% of the unique variance in trait autonomy while the
subscales “susceptibility to control’ had an eigenvalue of 2.97 representing 19.79% of unique
variance and “interest-taking” had an eigenvalue of 1.81 representing 12.08% of the variance.
When data is stolen or denied, it could be used to cause harm. A ransomware attack in a
hospital can disrupt the delivery of care (Richardson & North, 2017). When executives in
organizations willfully or unwilfully misuse private data, they may cause harm to individuals,
which could potentially lead to loss of livelihood. Embarrassing revelations on social networks
are equally troubling. While preventive methods anchor solutions to past experience (using
proven procedures), attackers continually evolve exploits which diminishes the effectiveness of
deterrence and end-user assurances (Baskerville et al., 2014). Reliable methods use counter
exploitation techniques to mitigate ongoing threats and exploration to search for new
opportunities and capabilities (Baskerville et al., 2014). In a conference paper, Strozer, Collins,
and Cassidy (2014) reported that creative social engineering is the preferred model used by
attackers to commit the majority of cyber-crimes. As a result, an organization must strike a
balance between the nexus of exploitation of private records and reliability, as well as the
validity of operations and exploration (Strozer et al., 2014). A balanced mix of exploitative
control, concern for privacy, and innovation will likely provide the correct balance. While
51
innovation is a significant factor in organizational performance, data analytics, and market
competition, it can co-exist with privacy to improve organizational success (Youndt & Snell,
2004). Organizational innovation also benefits from effective organizational knowledge
management and other leadership initiatives (Donate & Guadamillas, 2011).
Organizational Privacy Practices
As businesses rely on modern techniques such as data consolidation and data analysis in
order to create a competitive advantage in the online marketplace, customers may fall victim to
poor privacy practices. Research has shown that privacy problems are accelerating, and
businesses are exacerbating the issue in their haste for a competitive edge (Al-Saggaf, 2015;
Malheiros, Preibusch, & Sasse, 2013). Large and small businesses are engaged in data
exchanges, making it virtually impossible for individuals to influence the flow of data or stop the
data collection and sharing (Malheiros, Preibusch, & Sasse, 2013). Hence, criminals and
unscrupulous executives may view this treasure trove of data as an opportunity for profit-
making. The Equifax/Harris Consumer Privacy Survey (1996) was completed around the same
period, the 104th Congress of the U.S. was putting the finishing touches on the Consumer Credit
Reporting Reform Act of 1996. This act reformed various provisions of the Federal Fair Credit
Reporting Act of 1970. The Equifax/Harris survey evaluated consumer attitudes regarding
information in credit reports, insurance prescreening, credit scoring, medical data, and online
transactions, which provided additional context for these legislations. The survey findings show
that a well-earned reputation for privacy protection is a competitive edge. The Equifax/Harris
survey also shows that a majority of the respondents (65%) believe that personal information
security is very important to them. Also, the survey noted that personal experience with privacy-
related events as well as media reports of privacy issues affect attitude. The survey also found
52
that more than half of the public were not strongly opposed to performing routine data analytics
for service improvements.
For an overzealous executive, a data warehouse is a convenient profit center which could
be tapped to extract value from analytics gained from real-time events. Unfortunately, the quest
for data analytics as a competitive advantage is prevalent, which compromises effort to maintain
individual privacy (Malheiros, Preibusch, & Sasse, 2013). Preventing fraud, money laundering,
and violations of government bans also impede effort to maintain privacy. To enforce laws, it is
often necessary to accurately identify customers and to use such identification in future
transactions. The collection and misuse of private data is enhanced when individuals are eager to
complete transactions on the web, such as purchasing the perfect mountain bike or hard-to-find
items. Also, individuals may forgo the use of privacy-enhancing features when applying for
employment, credit cards, or access to popular web sites (Dienlin & Trepte, 2015). Researchers
found that users willingly provide their confidential data into a web form even when it was
optional (Malheiros, Preibusch, & Sasse, 2013). Despite these events, many online network users
expressed grave concerns about the fear of having their privacy violated online (European
Commission, 2011). In recent studies, researchers found that the individual’s psychological
needs, such as autonomy and competence, also play important roles in motivating secure actions
and privacy on smartphones (Kraus et al., 2017). Factors such as attitude towards sharing of
private data on social platforms, the fear or dread of such exposures and the perceived
catastrophic potential of privacy loss on the internet also motivate protective behavior (van
Schaik et al., 2018).

53
Ethics of Data Breaches
Unethical actions include the unauthorized collection and distribution of PCD as was
found to occur at some e-commerce establishments (Preibusch, Peetz, Acar, & Berendt, 2016).
Misuse or misappropriation of confidential data occurs when an organization collects personal
information and then distributes it without the consent of all parties. Facebook was found
complicit in the unauthorized sharing of personal subscriber data with various firms, including
those that used the information to manipulate elections across the globe (Gressin, 2017). In
another case, a Norwegian research team found that the Grindr dating service shared private
subscriber records with external parties without authorization, including the HIV status of
individuals (Lomas, 2018). These practices, driven by the economic benefits inherent in
predicting, analyzing, and selling the private information of individuals, is reprehensible (Al-
Saggaf, 2015).
Unfortunately, the economic value of collecting and selling personal records may hinder
efforts to rein in privacy. Also, the persistent collection of private records generates repositories
of sensitive data that can be targeted and stolen. Unauthorized disclosure of confidential
information, while troubling to affected individuals, can also damage the reputation of affected
organizations. When corporations conceal data breach events, they are likely to exacerbate the
privacy threat by funding perpetrators (Cohen, Hoffman, & Adashi, 2017; Wong, 2017). For
example, UBER took many steps to conceal an egregious data breach by making payments to
attackers (Cohen, Hoffman, & Adashi, 2017; Wong, 2017). The Federal Bureau of Investigations
(FBI:2016) also warned that concealing data breaches encourages future attacks and that
assenting to ransoms demands fuel criminal networks.

54
The security of confidential data is an organizational imperative because failures threaten
end-user confidence and may encourage customer flight. While regulations are likely to impact
organizational practices, individual preferences drive the adoption of technologies that improve
personal privacy (Menard et al.). In 2016, the European Union (EU) passed sweeping privacy
regulations that significantly impacted the management of records for European citizens
(General Data Protection Regulation, 2018) and increased individual control over sensitive
records. These regulations force modifications to organizational security, especially when
remedies incorporate lessons learned from recent research (McAlynn, 2017; Posey, Roberts, &
Lowry, 2015). Another area of inquiry is policy compliance, training and infrastructure
investments as well as individual adaptation to security challenges (Ifinedo, 2014, Liang & Xue,
2010; McAlynn, 2017; Posey, Roberts, & Lowry, 2015; Scott, 2015).
Blockchain Technologies
The origins of Bitcoin and blockchain has been shrouded in mystery since 2008, shortly
after a consortium or pseudonym known as Satoshi Nakamoto published a nine-page paper on
Bitcoin, titled "Peer-to-Peer Electronic Cash System" (Nakamoto, 2009; Zohar, 2015). A few
months after the initial publication, Nakamoto released the first blockchain software and began
collaborating with developers worldwide on improvements to Bitcoin's underlying technology
(Beck et al., 2016). This collaboration persisted until 2011 when Nakamoto abruptly vanished
although not before securing 1 million Bitcoins with a relative market value of $20 Billion. In his
report, Nakamoto (2009) stated that Bitcoin has five key concepts, which are (a) digital wallet,
(b) transactions, (c) proof of work, (d) mining, and (e) bitcoins.
Blockchain technology involves the use of personal keys stored in the digital wallet and
chain hashing to validate records as well as to assure the accuracy and validity of records through
55
the participation of peers. Bitcoin cryptocurrency relies heavily on the blockchain, a public
“ledger” of every transaction that has ever taken place on that distributed network. With
blockchain, there is no centralized, or trusted authority. What is true, or what is false, depends on
the consensus of multiple distributed parties. User identities are anonymous; consequently, many
online criminals require payment in Bitcoin. Participating parties can access data in the ledger at
any time. However, it is nearly impossible for a participant to modify the ledger or history of
transactions without extraordinarily powerful computers. Blockchain transactions are contents of
a distributed ledger that is kept uniform across the nodes in the network through consensus
calculations. The networks are nearly identical nodes that are widely distributed but independent.
The network of nodes is used to validate the transactions within blocks in a chain. Blockchain
miners compete and earn digital currency by computing blocks. In most public blockchains, the
earliest miner who computes a hash that is within a certain parameter will receive a
cryptocurrency reward (Woodside, Augustine, & Gilberson, 2017). Since participating nodes
verify each block or entry in the digital ledger before it is updated, transaction reliability is thus
maintained using a community instead of relying on a third party.
Blockchain’s distinguishing feature is that anonymous hashed transactions occur between
two parties without intermediaries and that transactions cannot be altered without the
participation of the member nodes. While blockchains are inherently public, the integrity of each
transaction is cryptographically validated, and the identity of the originators or owners is often
unknown. Public key infrastructure (PKI), also used in blockchains, has attracted considerable
interest among technologists (Yang, Lo, Xia, Wan & Sun, 2016). PKI is integrated within a wide
variety of technology, including network security, internet of things, web, storage, and
transactional security (Bala, Maity & Jena, 2017). PKI is often present when individuals require
56
some assurance of transaction security. In an analysis of messages on the online message forum
StackOverflow, researchers found that web security, mobile security, cryptography, software
security, and system security were the leading topics of concern among technologists (Yang et
al., 2016).
Bitcoin and the underlying blockchain technology have grown quite remarkably and
earned the nickname “the trust machine” (The Economist, 2015). As blockchain applications
gain acceptance, the most common applications are in cryptocurrencies, supply chain
management, internet of things (IOT) and other transaction-based systems (Woodside et al.,
2017). Open source development communities are also coalescing to produce blockchain
applications for individuals and businesses. For example, the Hyperledger Fabric is an
enterprise-grade distributed ledger platform with over 300 developers involved in developing the
technology for “permissioned” nodes (communities that require permission to join) and privacy.
Hyperledger is composed of many tools including Burrow, Fabric, Grid, Indy, Iroha, Sawtooth,
Caliper, Cello, Composer, Explorer, Quilt and Ursa. The popularity of blockchain technologies is
also motivating researchers to explore various applications of blockchain and to enhance its
utility in existing applications (Bala et al., 2017; Beck et al., 2016; Maity et al., 2017). An
attraction of blockchain is that a complex transaction can be completed between two parties
using immutable ledgers or blockchains with complete anonymity and without a third party
(Beck et al., 2016).
The researcher posits that an individual who believes that a blockchain application will
be trusted, autonomous, and have transactional integrity will react positively to a blockchain
based solution to insecurity. This study focuses on factors that may affect a user’s positive or
negative attitude towards blockchain applications. Specifically, factors that affect individual
57
preference for an identity-preserving system, which also allows for the free exchange of
information and transactions. The researcher sought unique patterns that compel individuals to
prefer blockchain technology over traditional technology. Hence, blockchain can become a
template for privacy-enhancing applications and security (Cisco, 2016). Blockchain is also
referred to as a cryptographic economic system (CEC) due to its default encryption and
compelling use case on financial networks (Beck et al., 2016). Blockchain’s CEC is driving the
emergence of distributed autonomous organizations (DAO). DAO refers to entities, individuals,
or devices that can exchange services automatically without compromising privacy (McBride,
2014).
An NCU RoadRunner search of peer-reviewed and scholarly articles featuring the
keyword blockchain, published between 2013 and 2018 returned 4698 results (NCU, 2018).
From the search results, there were 3933 articles from academic journals, 532 from conference
papers, 63 reviews, eight trade publications, and eight magazines (NCU, 2018). However, only
126 articles originated from business technology and opinion journals. The sample shows that a
significant majority of blockchain publications are focused on new technology and
improvements to blockchain technology. The blockchain technology features greater individual
participation in the security, access, and transfer of protected information because personally
identifiable information is rarely required to trust a transaction (Schaub et al., 2016).
Unfortunately, there is little research in ISS focused on individual behavior and motivation
towards the adoption of secure peer-to-peer technology in response to threats to personal data.
Various studies that assess cloud technology choices based on fear response do not differentiate
between the types and capabilities of the underlying cloud technology (Menard et al. 2014). In
this study, the researcher explored factors that influence individual preference for blockchain
58
technology due to its enhanced security and autonomy within a peer-to-peer cloud framework.
Blockchain, in this case, is used in a personal capacity to engage in a reliable self-directed
transaction in the cloud, leveraging improved security, encryption, verification and availability
without reliance on third parties or personally identifiable information (Yli-Huumo et al., 2016).
Blockchain technology, as a foundation of global cryptocurrencies such as Bitcoin, has been
widely adopted by global institutions and is favored by privacy sensitive individuals (Yli-Huumo
et al., 2016). Blockchain technology is also different from prevailing cloud technology because it
allows the individual to control the accuracy and safety of their private data (McGreevy, 2017).
The Blockchain technology applies to many use cases including supply chain management
(O'Leary, 2017), healthcare (Gordon, Wright, & Landman, 2017; Skiba, 2017), and financial
services (Kshetri, 2017).
The first popular P2P application was an application called Napster, which provides
individuals the opportunity to share privately purchased music with friends and peers (Guzman
& Jones, 2014). While Napster was a P2P platform, it eventually collapsed under litigation since
detractors were able to target the element of centralized control - the platform itself. License
holders sued Napster and prevailed (Patel, 2015). A P2P application such as Tor and Bitcoin is
resistant to litigation and control since individual participants are autonomous, distributed and
there is no centralized authority to sue (Emekter, Tu & Jirasakuldech, 2015; Guzman & Jones,
2014).
Bitcoin, the most popular Blockchain application, works as a digital asset with a value,
which, when transferred between parties, represents loss or accumulation which is recorded in a
digital journal. Before transfer, the journal’s contents are verified using a cryptographic hash and
validated against an attestation of the hash. In principle, a blockchain is a series of cryptographic

59
blocks chained together with computational algorithms where a block is composed of a block
header, the hash of the previous block header and the Merkle root (Woodside et al. 2017). To
start a new block, data contained in the data portion of the block is copied into a hash, paired
with another hash, re-hashed and re-paired a few more times resulting in a single hash called the
Merkle root. Since each new block incorporates information from the previous block on the
chain, the blocks are chained together in a forward mechanism that computational fit in only one
way (Woodside et al., 2017). A valid transfer is entered into the journal after the validation
checks are successful. Once the digital journal is updated, it is then rehashed and presented to the
public or private participants with the new hash value, for distribution and availability for future
transactions. While payments and value transfer predominate among blockchain applications,
other use cases are also applicable, such as supply chain management, contracts, approvals, and
other trust sensitive transactions where a journal is reconciled with another. The Ethereum
blockchain provides additional diversity to these use cases, and the increasing interest in smart
contracts may lead to the further evolution of distributed cloud computing, where smart contracts
play a significant role.
Since Ethereum is known to be ‘Turing-complete,’ developers can use other
programming languages such as JavaScript, Python, or C to create reliable programs. This
adaptability places Ethereum on the cutting edge of public blockchain smart contract technology
(Anoica & Levard, 2018). Ethereum can be used to build a decentralized, trustless computing
platform using a virtual machine on top of the blockchain, commonly called the Ethereum virtual
machine (EVM). Ethereum differs from Bitcoin in this respect because Bitcoin only implements
the transfer of digital currency (Anoica & Levard, 2018). A smart contract turns a transaction
between two or more people into a running contract. Such contracts are intermediaries that
60
facilitate the connection between two parties without a trusted third party. With Ethereum, a
specially designed virtual machine is used to run smart contracts on their blockchain which often
requires payment for transactions that change the blockchain.
A notable application of the smart contract using Ethereum is the Medrec, a blockchain
based electronic health record platform developed at MIT (Azaria et al., 2016). Medrec utilizes
the smart contract facilities in the Ethereum blockchain to create a system that prioritizes patient
agency through a transparent and accessible view of medical history which replaces centralize
intermediaries with a distributed access and validation system using the blockchain (Azaria et al.,
2016). Unfortunately, when smart contracts become a repository of sensitive data, they may
become lucrative targets for compromise as well (McGreevy, 2017). The security of smart
contracts and digital wallets used to provide access to blockchain vaults are valid areas of
concern due to their value to attackers (Azaria et al. 2016). Information system security experts
may become increasingly concerned about digital wallets and keys, including the need for
multiple keys or multiple signatures attached to critical digital assets involved in sensitive
transactions (McGreevy, 2017). Network and data vulnerabilities are threats to blockchain
applications as well. For example, a network attack may prolong or disrupt processing queues,
thereby given an attacker sufficient time to initiate a man-in-the-middle attack and divert
transaction proceeds.
Kirkman and Newman (2018) proposed an approach to cloud trust that provides
individuals more control and autonomy on how they want their data managed and processed
without a trusted third party. Using the Ethereum blockchain for storage and smart contracts as
the vehicle, policies are authoritatively stored outside the cloud to improve trust through
decentralization and to provide a data movement policy model. Kirkman and Newman (2018)
61
conceptualized their implementation on the Ethereum blockchain because Ethereum enables the
use of smart contracts. Zykind et al. (2015) proposed using a blockchain to store pointers to
blockchain encrypted data. They assert that blockchain, including Bitcoin, can be leveraged to
support transactional access management by utilizing the memory locations in transactions to
store data. In such a system, the blockchain is primarily used for access control, while data is
encrypted in external storage. Zyskind et al. introduced several protocols for this implementation
but did not discuss the routines in sufficient detail.
Cloud Technology
There are many definitions of cloud computing, but there is no universally agreed
standard definition (Oliveira et al., 2014). The National Institute of Standards and Technology
(NIST) defines cloud computing as a model for providing on-demand, convenient, and accessible
access to a configurable pool of computer resources (Kiraz, 2016). Although many organizations
perceive the cloud as convenient and easily accessible, with a lower barrier to entry and lower
costs, the consolidation of assets in cloud providers can increase their value as a potential target
for hackers as well (Kiraz, 2016). Hence, a persistent concern for cloud users is the security of
cloud assets, and hence, security is often viewed as an obstacle to cloud adoption (Zyskind et al.,
2015). The three main types of cloud computing services are infrastructure-as-a-service (IAAS),
software-as-a-service (SAAS) and platform-as-a-service (Freet, Agrawal, John, & Walker,
2015). Often left out is P2P cloud communications. Using an IAAS provisioning model, a cloud
organization provides distinct physical or virtual servers over the internet.
On the other hand, vendors who provide services using the SAAS model, host and
maintain an application which customers access directly over the internet without an on-premise
footprint. For vendors who provide services using the PAAS model, customers can build and
62
maintain web-based applications on hardware hosted at the cloud vendor (Freet et al., 2015). The
PAAS model provides a platform for running a customer’s custom application suite, however, it
differs from IAAS because the customer is not responsible for the hardware, the hypervisor or
the operating system footprint but is simply billed for fractions of memory and computing used
by the customer’s application (Freet et al., 2015). PAAS applications can run across multiple
computing hardware outside the direct control of the customer. Cloud applications can be
delivered on an individual basis over peer-to-peer network connections.
In cloud technology, multi-tenancy is the norm which brings the potential for data
leakage (Zyskind et al., 2015). Also, the ease of access to the cloud through the internet
facilitates access for online criminals as well. Cloud computing technology has evolved through
many advancements in network optimization, network speed, hardware, virtualization
technology, and service delivery over the Internet (Velazquez, 2014). As a result, the cloud
usually refers to accessing information technology (IT) solutions as a service over the internet or
from a co-located computing hardware within corporate firewalls (Senyo, Addae & Boateng,
2018). The cloud is becoming more popular with a value projected to exceed $1 Trillion by the
year 2020 (Gartner, 2016). This valuation provides a considerable competitive incentive for
established enterprise cloud vendors such as Amazon, Microsoft, Salesforce, Dropbox, and
Google to accelerate further investment in infrastructure. While cloud computing solutions
provide businesses and users convenient access to massive computing power at reduced costs
(Velazquez, 2014), moving traditional functions such as storage, applications, and business
services to the cloud affects agility and priorities as well (Velazquez, 2014). Emerging trends in
computing provide a template to evaluate individual behavior and technology adoption

63
challenges as well as to illuminate aspects of behavioral psychology (Menard et al., 2014;
Schaub et al., 2016; Zyskind et al., 2015).
With P2P cloud services, the user is in total control of the data, and it does not require
intermediaries since there is no shared infrastructure, in contrast with non-P2P applications that
always require a centralized authority that delivers the service. P2P cloud technology may also
feature central control or a moderating application suite; however, the most secure applications
feature full autonomy, total privacy, and non-third-party data storage. P2P data transmission can
be encrypted and secured using a private key, thereby providing security for end-to-end
transactions without intervention by a central authority. Hence, blockchain applications are
increasingly being seen as a modern version of Napster but with built-in security and anonymity
(Yli-Huumo et al., 2016).
Applications based on blockchain are often used to provide a basis for two individuals
who do not trust each other, to conduct a mutually sensitive transaction (McGreevy, 2017).
Using encryption and key validation blockchain provide a secure cloud foundation where
individuals engage in direct exchange of transactions within a public or private network of nodes
using digital identities and digital currency. Blockchain uses public key cryptography to provide
an immutable chain of content, supported by a decentralized network of participating nodes, not
a central authority; where individual nodes work to solve a series of hashing exercises thereby
contributing to the formation and validation of the chain through an operation known as ‘mining’
(Schaub et al., 2016).
Cloud computing research often emphasizes technological applications with insufficient
emphasis on behavioral research. In an analytical review, Senyo, Addae, and Boateng (2018)
found that many studies on cloud computing published over the past seven years were not based
64
on established theoretical foundations and often emphasized experimental simulation methods
over exploratory methods. Therefore, there is a need for more cloud computing research from a
behavioral perspective. As the demands for personalized computing and security push secure
mobile applications towards the apex of software development, the use of P2P applications on
mobile devices is increasing (Parise, Guinan, & Kafka, 2016). As a result, mobile applications
are becoming a compelling template to deploy blockchain technology.
Encryption and Obfuscation
Encryption and obfuscation of data and networks have been widely deployed to mitigate
threats to privacy. Released in 2002, Tor stands for The Onion Router (Tor), an open-source
program designed to protect an individual’s privacy and security by preventing internet traffic
monitoring, surveillance and analysis (Degabriele, & Stam, 2018). Developed for the U.S. Navy
to protect government communications, Tor is widely used to preserve online anonymity and is
the preferred browser for individuals with privacy sensitivity, which unfortunately includes
online criminals. Tor operates by encrypting and bouncing communications randomly through
multiple relay networks across the globe and is often used for applications such as Web
browsers, internet relay chat (IRC) and instant messaging (Syverson, Tsudik, Reed, & Landwehr,
2001). Tor is used to protect the personal privacy and autonomy of network users on the internet
and can also be used to protect P2P transactions; however, Tor has known vulnerabilities as well
(Degabriele, & Stam, 2018). P2P applications improve autonomy by facilitating anonymous
person-to-person encrypted communications and can benefit from Tor for cloud security (Al-
Muhtadi, Qiang, Saleem, AlMusallam, & Rodrigues, 2018).

65
Mobile Technology Considerations
The demand for personalized computing and security has pushed secure mobile
applications towards the apex of software development (Parise, Guinan, & Kafka, 2016). Hence
mobile applications provide a template to analyze individual attitude towards peer-to-peer
computing. By definition, peer-to-peer computing involves a connection between two individuals
or objects within two or more organizations. It features a direct connection over an
interconnecting network between the parties. Emphasis on secure person-to-person
communication without reliance on sensitive identifying information may reduce the opportunity
and cost of data breaches. When individuals communicate securely and anonymously, it
diminishes the value and incentive to steal data. Aggressive centralized data collection creates an
attractive asset for data criminals. Data repositories need to be protected and secured. As
smartphone adoption increases, individuals will increasingly perform computing from their
hand-held mobile in a person-to-person framework which improves transparency and integrity.
Improving knowledge of an individual’s attitude towards secure and personalized technology in
response to threats to privacy is an area of inquiry that is currently attracting research interest
(Crossler & Bélanger, 2014; Menard et al., 2014). Research on the individual attitude to a
blockchain application is in response to calls for additional studies on new technology adoption
and the use of multiple theoretical foundations (Feng et al., 2014; Goldberg, 2013; Sommestad et
al., 2015).
Summary
Individuals often manage adversity by engaging in coping responses. As various types of
malware and ransomware continue to ravage organizations, individuals affected by these
breaches will seek safer alternatives (Ablon, Heaton, Lavery, & Romanosky, 2016). Ablon et al.
66
found that a majority of individuals will use credit monitoring to alleviate identity theft and
privacy concerns, which indicates an active interest in personal security, especially when the fear
is palpable. On the other hand, the inability to visualize the threat or to understand the efficacy of
defense can give way to a feeling of indifference and lack of control (Siponen et al., 2014).
Blockchain applications operate on the concept of a peer-to-peer cloud network with a securely
encrypted public ledger that stores an immutable copy of every transaction in the transaction
block, accessed with a private key. With blockchain technology, integrity and anonymity are
often assured, which provides individuals with some control over privacy. A potential benefit of
blockchain is that ransomware attacks are substantially ineffective if the network is spread out
widely, and each participant has a copy of the data. In a healthcare setting, storing data in a
distributed peer-to-peer web network may give individuals access to their data regardless of
threats to their care providers. With blockchain, data can spread over participating nodes, which
could number in the thousands or millions of hosts.
Researchers found that individuals perceive organizational data breaches or incursion
events as a failure in organizational ethics (McBride, 2014). Hence, the availability of a
technology that features greater individual participation in the security, access, and transfer of
protected information is a positive development (Schaub et al., 2016). According to the social
cognitive theory, when workers are unable to control a situation, they are likely to avoid it
(Bandura, 1991). Hence, a comprehensive analysis of security and threat behavior can benefit
from an understanding of the significance of unknown threats and their relationship to current
threats and coping behavior. The connection between past and future threats become evident
when future threats become current threats (Baskerville et al., 2014). Blockchain technology
involves assurances of anonymity and the integrity of data. The popularity of crypto-currencies
67
indicates potential acceptance of blockchain applications beyond financial services, although
little research on the factors that might influence such behavior.
Improving the security, management, and distribution of private data is a necessary
objective in research (Anderson et al., 2017). In this empirical study grounded in theory, the
threat to an individual’s confidential data is explored using aspects of PMT (Rogers, 1975), the
TPB (Ajzen, 2011) and concepts from the unified theory of acceptance and use of technology
(UTAUT; Venkatesh et al., 2003). The researcher performed exploratory factor analysis (EFA)
to uncover patterns of factors through data exploration and prediction testing (Child, 1976).
Exploratory factor analysis involves a methodical discovery of the common factors and their
variables in order to explore the associations between the variables (Chatterjee et al., 2015).
This inquiry is vital because researchers have found that when individuals are dissatisfied
with the security of personal assets, they often consider more secure alternatives or better options
(Ablon et al., 2016, Menard et al. 2014). Since customers and business clients sometimes entrust
organizations with sensitive data such as PCD; securing such assets is a necessity (Feng et al.,
2014; Tsai et al., 2016). Hence, there is a need to find better ways to maintain privacy since
organizations periodically fall victim to data breaches and the loss of personal records (Ablon et
al., 2016; Goldberg, 2013; Hart, 2016). For example, Symantec reported in its internet security
threat report (ISTR; 2016) that more than 500 million records were compromised in 2015 (Price,
2016).
Cloud technologies with built-in security often improve end-user confidence and reassure
clients and customers that embarrassing leaks of personal records, identity theft, and possible
personal harm is less likely to happen (Sen & Borle, 2015; Price, 2016). The cryptocurrency
revolution currently being driven by the underlying anonymity, reliability, and security of
68
blockchain technology indicates that there is a demand for a secure and anonymous network with
peer-to-peer features. Unfortunately, factors that influence such choices are relatively
unexplored. Assessing the attitude of individuals to blockchain provides a template for this
inquiry because blockchain is the foundation of the Bitcoin currency. Blockchain has gained
worldwide attention and is currently perceived to be a necessary evolution in the security of
connected networks (Yli-Huumo et al., 2016). Some countries have evolved entire public
infrastructure to run on blockchain-type applications with additional initiatives under
development (Sullivan & Burger, 2017).
Researchers focused on new technological foundations may uncover data that will
introduce new ideas necessary to improve technology choices and security from a personal
perspective. ISS scholars suggest that additional studies can improve the clarity of vital
questions, especially when palpable threats and specific technologies are used in the analysis
(Sommestad et al., 2015). Blockchain is a reliably secure type of cloud technology that does not
require centralized control and is designed to be difficult or impossible to corrupt. The efficacy
of secure cloud technology is important because it provides additional assurance to the user
(Menard et al., 2014; Zyskind et al., 2015).

69
Chapter 3: Research Method
As the threats to personal privacy continue to increase, the determinants that influence
individual behavior towards secure autonomous technology can provide practitioners, businesses
and researchers improved visibility into consumer behavior and choice (Kraus, Wechsung &
Möller, 2017; Acquisti, Brandimarte & Loewenstein, 2015). The purpose of this quantitative
non-experimental cross-sectional study is to assess factors influencing individual attitude
towards blockchain applications when individuals perceive threats to their privacy. In this study,
the researcher assessed behavioral intention through a survey administered to participants of a
Facebook group specializing in Blockchain. A quantitative analysis using participants from a
social network provides an opportunity to engage a more diverse pool of participants, thereby
improving the generalizability of observations (Kosinski et al., 2015). The exogenous
(independent) variables are privacy, autonomy, technological facilitation, self-efficacy, perceived
severity, perceived vulnerability, and intent towards adopting a blockchain application. Since this
is exploratory factor analysis, a dependent variable is not defined (Field, 2013). Following
similar studies, the measures in this study utilize a 5-point Likert scale graduated from “strongly
disagree” with a score of 1, “somewhat disagree” with a score of 2, “neither agree nor disagree”
with a score of 3, “somewhat agree” with a score of 4, and “strongly agree” with a score of 5
(Ifinedo, 2014; Oliviera et al., 2014). The clarity and presentation of the survey were refined
using a pilot study.
Research Methodology and Design
Research methods have their strengths and weakness; hence, it is not unusual to
contemplate various methods that are suitable for a research study (Çokluk & Koçak, 2016).
Ultimately researchers have to decide on an appropriate method. Over the past ten years,
70
quantitative research is performed more frequently online (Barnham, 2012). A potential
weakness of adopting a quantitative approach is that a type I or type 2 error may crop up
(Creswell & Creswell, 2017) although a researcher can test for the size of an effect or perform
further confirmatory analysis. Exploratory factor analysis (EFA) was used in this study because
it is effective in behavioral studies involving attitudes, opinions, and normative judgment
(Tabachnick & Fidell, 2014). A quantitative method can be used to determine the size and
strength of relationships as well as to make predictions (Field, 2013). In choosing an exploratory
design rather than a deductive approach, a researcher seeks to generate new ideas or to refine
existing models (Stebbins, 2001). Exploratory factor analysis is often used to analyze latent
constructs necessary to determine a subset of relationship that forms the basis of correlation
among factors (Fabrigar & Wegener, 2017). A qualitative study is more exhaustive and may
yield a deeper perspective into a phenomenon, but it will not provide information on the size of
the effect or the strength of relationships. EFA involves measuring the variable, determining the
correlation matrix, extracting the factors, optionally rotating the factors for interpretability, and
then interpreting results (Tabachnick & Fidell, 2014). After interpretation, it is necessary to
establish the construct validity of the factors.
A post-positivist worldview provides an opportunity to develop ideas that increase social
occurrence using experiences, views, and perspectives of participants (Karatas-Ozkan, Anderson,
Fayolle, Howells & Candor, 2014). With factor analysis, mathematical methods are used to
simplify underlying relationships using observed patterns of correlation among observations or
variables (Child, 1976). Common factor model studies provide greater internal validity through
the use of random assignment as well as external validity through population sampling
(Weinberg, Freese, & McElhattan, 2014). Exploration may uncover salient factors that underpin
71
individual attitude towards new technology. In exploring individual attitude towards misuse or
loss of personal data, it is necessary to incorporate an appropriate coping strategy such as
intention towards blockchain technology (Rogers, 1975). In earlier studies, researchers often
failed to explore relevant constructs related to technology, which may influence attitude towards
personal data security (Chatterjee et al., 2015; Menard et al., 2014).
Following similar studies in IS, the researcher assessed behavioral intention through a
survey. Blockchain is a new and emerging technology for a new class of applications undergoing
rapid development. Blockchain is a novel concept for personal data security in the cloud; hence,
the use of exploratory factor analysis to analyze factors that might influence behavior in response
to threats to data. In keeping with Tang and Liu’s (2015) findings, when users perceive strong
security in the underlying technology, attitude towards applications built on that technology will
be impacted.
Population and Sample
The researcher recruited adult participants of all genders between the ages of 18 and 65
from a blockchain forum with over 13,000 members. On Facebook, a forum post was used to
contact members of the forum “Blockchain Enthusiasts” who were invited to engage in an online
survey hosted at Qualtrics. The researcher sought key factors and relationships between outcome
variables where applicable, using the following general questions: privacy questions, technology
questions, anonymity questions, self-efficacy questions, perceived severity questions, and
perceived vulnerability questions. Similar research on new and emerging technology is often
conducted using techniques such as key informants or with members of professional institutions,
often to assure that participants have some familiarity with the subject matter (Ifinedo, 2014;
Oliviera et al., 2014). This study’s participants were simply members of a forum and must be
72
over 18 years and resident in the United States. These participants were surveyed on their intent
to protect sensitive personal data using a blockchain application when there is a threat to
personal data. Researchers often conduct studies in information systems security (ISS) domain
using specific activity to increase the clarity of result (Anderson & Agarwal, 2010; Boss et al.,
2015).
The researcher had five expert participants for the pilot, and 189 participants for the full
study after following all NCU IRB approved research methods and guidelines for both the pilot
and general study (Yong & Pearce, 2013). Since EFA does not require a statistical hypothesis
like ANOVA or regression analysis; G*Power was of little use in determining appropriate
sample size. Field (2013) did provide some guidance on sample size for EFA when he stated that
“many ‘rules of thumb exist for the ratio of cases of variables; a common one is 10-15
participants per variable” (p. 683). Based on the inability to use power analysis, as well as
Field’s recommendation, it was necessary to expect a minimum of 10 participants for each
variable. Since there are six variables, (privacy, technology, anonymity, threat severity, threat
susceptibility, and self-efficacy), the researcher determined that a minimum sample size of 60
participants was necessary. This determination appears to be accurate since Macas et al. (2016)
found that smaller batch sizes provided sufficient resolution, and Fields (2013) elaborated that
the factor loadings are as important as sample size. Factor loadings greater than 0.6 is acceptably
reliable regardless of sample size (Fields, 2013).
The study participants also provided demographic data regarding age and length of
employment, country of residence, and level of education. The researcher’s preference for
experienced workers is driven in part by the increasing use of computer technology and
electronic systems in business and the need to address privacy concerns at the workplace (Allen,
73
2017; Appari, Johnson & Anthony, 2013). The researcher’s objective was to explore factors
related to individual preference for a secure blockchain as a means towards greater personal
security autonomy.
Materials/Instrumentation
The researcher created a 5-point Likert-type survey which was validated during a pilot-
stage of this study to clarify existing survey questions, but not to develop new constructs
(Tabachnick & Fidell, 2014). The study began with a review of the literature followed by data
analysis performed with SPSSv25 using an orthogonal (Varimax) rotation. EFA was used to
simplify the interrelations between variables in order to discover patterns and factors that
underlie the relationships. With factor analysis, the researcher regroups the variables into a
smaller set of clusters using shared variance (Yong & Pearce, 2013). It is important to ensure that
significant outliers are absent from univariate and multivariate (Beavers et al., 2013). It is also
assumed that a linear relationship exists between factors and variables for meaningful
correlations and that there should be at least three variables (Beavers et al., 2013).
The pilot was performed with seven information security professionals deeply
knowledgeable about Blockchain technology, although only five completed responses were
received. These individuals reviewed the survey for clarity and conciseness and provided
valuable feedback that was used to improve the wording in the survey. The final corrected survey
was sent to over 13000 active and inactive participants of the blockchain enthusiasts forum on
Facebook. Two hundred two responses were received, of which 13 responses were unusable. A
response rate of 202/13000 = 1.6% is not unusual for anonymous online surveys.
A review of literature on information systems research reveals quantitative research
methods are commonly used to assess the effect of antecedents, decedents, moderators, and
74
mediators (Chatterjee et al., 2015; Menard et al., 2014; Sommestad et al., 2015). The researcher
also found that 5 or 7-point Likert-type scales were also commonly used in ISS research studies
(Sommestad et al., 2015). Cronbach alpha is commonly used to validate internal consistency and
obtain an estimate of reliability (Sommestad et al., 2015). As with all studies, validity is an ever-
present concern; conclusion validity is determined by comparing obtained results with findings
from similar studies. To improve internal validity, a previously validated instrument was used for
all constructs. Minor variations introduced in the survey was validated in the pilot study. To
increase generalizability, the survey participants were drawn from a social network with a large
user base. To minimize the incidence of a type II error, which refers to the likelihood of missing
significant events, the researcher used a sufficient sample size and appropriate parameters
(Creswell & Creswell, 2017). With exploratory factor analysis, the researchers also looked for
variables that may be significant only in combination with other variables since that possibility
exists naturally. However, an orthogonal rotation minimized those assumptions (Fabrigar &
Wegener, 2017).
The purpose of the pilot study was to validate the intent of the survey, clarify wording,
and refine the instrument in the context of this study. The final validated survey was published
on Qualtrics after NCU IRB approvals. The researcher used this survey to identify factors
influencing individual preference for peer-to-peer cloud technology such as blockchain when
privacy threats exist. The researcher used a non-experimental quantitative and cross-sectional
design based on EFA to explore individual choices. The detailed survey is in Appendix E.
Exploratory factor analysis is commonly used in studies where a phenomenon is relatively new,
such as blockchain, and when it is necessary to explore factors that influence user attitude to
emerging technology (Chatterjee et al., 2015).

75
The researcher assessed behavioral intention through a survey as a construct with a multi-
item scale. The scales for behavioral intent was adapted from Ifinedo (2012), and Woon and
Kakanhalli (2007). Each item was measured with a five-point Likert-type scale anchored from
“strongly agree” equaling 5 to “strongly disagree” equaling 1. The researcher used a 5-point
Likert-type nominal scale with measures adapted from Smith et al. (1996), to obtain participant
data on privacy, using questions that address concerns about data collection, concerns about
errors in personal data, unauthorized use or misuse of personal data and improper access to
personal data. The researcher was interested in individuals’ perceptions of the enabling role of
technology in providing facilitating attributes for data exploitation which is likely associated
with increased behavioral control towards the use of technology (Chatterjee et al., 2015). In this
study, a 5-point Likert scale was used to assess the independent variable technology facilitation
(TFC) using measures adapted from Chatterjee et al., 2015. For the PMT constructs, the
measures for the independent variable self-efficacy (SEFI) were adapted from Woon and
Kakanhalli (2007). Self-efficacy refers to individual confidence in their ability to achieve
specific technological goals. For the independent variables, perceived severity (PSE), and
perceived vulnerability (PSV), those measures were adapted from Ifinedo (2012). The scales for
autonomy was derived from a subscale for authorship or self-congruence published by Weinstein
et al. (2012). These measures serve as predictors of an individual assessment of the threat to
privacy and susceptibility to such events as well as the individual’s ability to cope with an
alternative technology such as blockchain.

76
Figure 1: Conceptual Model
Following established research norms for exploratory research, the researcher does not
explicitly state the nature of the relationships between the constructs, such as whether they are
linear or non-linear. Hence it is necessary to emphasize that the directional arrows in Figure 1
should not be seen as a causal or dependency prediction but instead as a possible direction of
relationships (Stebbins, 2001). The direction of the arrows does not necessarily mean that one
77
construct determines another; instead, it should be inferred that each construct can be enabled in
the context of the other, and such may be contingent upon other factors (Stebbins, 2001). The use
of an exploratory model provides the freedom to explore both linear and nonlinear relationships,
and possibly gain a nuanced view of individual preference for privacy using blockchain
technology.
Operational Definitions of Variables
The researcher explored various factors that could influence individual attitude and intent
toward peer-to-peer blockchain applications. These factors are generally composed of the threat
to privacy, economic threat arising from those threats, and distrust of organizations as a result of
privacy violations. The exogenous (independent) variables are privacy, autonomy, technological
facilitation, self-efficacy, perceived severity, perceived vulnerability, and intent towards a
potential event. The measures in this study utilize a 5-point Likert scale graduated from “strongly
disagree” (1) to “strongly agree” (5). The clarity and presentation of the survey were refined
using a pilot study.
Privacy construct (PVA).
Personal privacy is a belief that information has personal and public boundaries. As a
result, individuals expect to have control over the processing and transferring of personal
information as well as the interactions involving their personal information and the availability
of such data (Dienlin & Trepte, 2015). The researcher in this study assessed participant response
with a 5-point Likert scale calibrated from strongly disagree (1) to strongly agree (5). See
Appendix E. The survey questions were adapted from Smith et al. (1996) and were used to
measure privacy dimensions; namely concerns about data collection, concerns about errors in
personal data, unauthorized use or misuse of personal data and improper access to personal data.
78
Participant responses were scored using a 5-point Likert scale graduated from “strongly
disagree” (1) to “strongly agree” (5).
Behavioral intention (BHI).
Research evidence suggests that there is a correlation between latent attitude towards
action and intention to act (Ifinedo, 2012). The degree of favorableness about engaging in an
activity is related to the attitude towards that activity (Ajzen, 2011). A theory widely used to
model attitude and intent is TPB (Ajzen, 2011). Armitage and Conner (2001) reviewed 185
separate studies that used TPB as a theoretical framework and found TPB to be reasonably sound
across domains and categories. In this study, the researcher adopted the scales for behavioral
intention from Ifinedo (2012), which originated from the measures developed by Woon and
Kakanhalli (2007). The measures assessed an individual’s latent intention to select a Blockchain
application for personal privacy using a 5-point Likert scale graduated from “strongly disagree”
(1) to “strongly agree” (5). See Appendix E.
Autonomy (AUT).
Autonomy in this study refers to an individual’s ability to make reasoned choices that
affect their person, freely without coercion or external concern. McBride (2014) explained that
threats to autonomy undermine the social contract binding people together in the information age
and that this is a threat to human dignity. McBride conceptualized an autonomy, community,
transparency, identity, value, and emotion (ACTIVE) model to describes the autonomy of the
individual. A 5-point Likert scale was used to numerically assess survey responses. Weinstien,
Przybylski, and Ryan (2012) also developed and validated a scale of dispositional autonomy,
known as the Index of Autonomous Function (IAF) and found that authorship or self-
congruence, with an eigenvalue of 5.18, accounted for 34.54% of the unique variance in trait
79
autonomy. In contrast, the subscales “susceptibility to control’ had an eigenvalue of 2.97,
representing 19.79% of the unique variance while “interest-taking” had an eigenvalue of 1.81,
representing 12.08% of the variance. Predictably autonomy is not dependent on external stimuli.
For parsimony, the researcher assessed autonomy using measures derived from the subscale of
authorship or self-congruence with a 5-point Likert scale graduated from “strongly disagree” (1)
to “strongly agree” (5). Please see Appendix E.
Technology facilitation (TFC).
Individuals’ perceptions of the enabling role of technology in providing facilitating
attributes for data exploitation is associated with increased behavioral control towards the use of
technology (Chatterjee et al., 2015). Hence, a 5-point Likert scale was used to assess the
independent variable for technology facilitation using measures adapted from Chatterjee et al.,
2015. Please see Appendix E.
Self-efficacy (SEF).
Self-efficacy is an important construct in many theoretical foundations (TPB: Ajzen,
2011; PMT: Rogers, 1975). It refers to an individual’s confidence in their ability to perform and
achieve specific technological goals. Self-efficacy emphasizes the individual’s judgment
regarding his or her ability to cope with or conduct a recommended action. In this study, it refers
to skills and measures needed to protect an individual’s personal information (Bandura, 1991).
The measures for the independent variable, self-efficacy (SEFI), was adapted from Woon and
Kakanhalli (2007) and measured using a 5-point Likert scale graduated from “strongly disagree”
(1) to “strongly agree” (5).

80
Perceived severity (PSE).
For the independent variables, perceived severity (PSEV), the measures for perceived
severity (PSEV) was adapted from Ifinedo (2012). These measures serve as predictors of an
individual’s assessment of the severity of a threat. Perceived severity is an individual’s
assessment of the severity or consequence of a privacy event. In this study, perceived severity
refers to the individual’s perception of the impact of a privacy event. PSE was measured using a
5-point Likert scale graduated from “strongly disagree” (1) to “strongly agree” (5). See
Appendix E.
Perceived vulnerability (PSV).
The measures for the perceived vulnerability (PSV) was adapted from Ifinedo (2012).
These measures serve as predictors of an individual’ assessment of their vulnerability to a
privacy threat. Perceived vulnerability refers to the belief that a viable threat will occur. In this
study, this refers to an individual’s belief that their confidential record will eventually be
exposed to the public. Often without warning or pre-notification. A 5-point Likert scale
graduated from “strongly disagree” (1) to “strongly agree” (5) was used to measure this
independent construct. See Appendix E.
Study Procedures
The focus of this research is to explore behavioral tendencies as it relates to threats,
privacy, autonomy, and technology. In this study, individual behavior is analyzed in the context
of intent towards blockchain application in reaction to threats to privacy and autonomy. In
general, an individual will likely prefer to browse the web and shop when their identity, if
known, may present legal or social challenges. For example, an anonymous application will be
preferable when an individual is shopping for adult toys or posting inflammatory comments
81
online. The researcher analyzed data collected on a self-report survey; however, there is some
concern about measurement error and common-method variance, which could introduce bias into
the estimates of the relationship between the constructs. Common method variance (CMV) is
attributable to the measurement method but not to the constructs the measures represent
(Podsakoff, Mackenzie, Lee & Podsakoff, 2003). CMV is a contributor to systematic
measurement error (Edwards & Bagozzi, 2000). As with all forms of measurement error, when
CMV is sufficiently high, incorrect conclusions may be inferred about relationships between
constructs. To mitigate CMV, the researcher randomizes measures within the survey to prevent
participants from detecting underlying construct patterns that can affect their answers (Straub et
al. 2004).
Attitude to privacy is reflected in the protection of personal assets and the inclination to
conform with organizational security mandates (Nguyen et al., 2014). Furthermore, individual
attitude to a process is a good indicator of intent to perform the referenced activity (Ifinedo,
2014). Following these observations, the researcher explored relevant factors as listed in the
preceding sections around threats to data, privacy, and anonymity without prediction. With
exploratory factor analysis, the purpose is to uncover latent factors, but not to accept or reject a
null hypothesis or hypotheses. To participate effectively in this research, an individual should be
aware of the capabilities of blockchain applications and their anonymity. Previous research
studies have established that PMT as a theoretical framework, produce more consistent results
when the threat perception is substantial, and compliance is not mandatory (Sommestad et al.,
2015). The use of descriptive text by researchers is a common practice in ISS research studies
because many concepts are unfamiliar to the participants (Vance, Lowry & Eggett, 2015). To
ensure some familiarity with blockchain technology participants were contacted through a
82
blockchain forum on Facebook. The survey was hosted on Qualtrics after the researcher
completed all the requirements necessary to receive approval from the NCU IRB. The survey
included an informed consent page, an age validation page (participants must be 18 years or
older) and the requirement that participants must be resident in the United States.
Researchers in earlier studies also highlighted the value of having participants of varied
age and work experience represented in the participant pool (Sommestad et al., 2015; Vance,
Lowry & Eggett, 2015). An unbalanced composition of participants may skew the results in
unexpected ways (Creswell & Creswell, 2017). Teevale, Denny, Percival, and Fleming (2013)
found that age and work experience may affect an individual’s sense of fear. Hence, the
researchers added age and experience questions to the survey. Harman’s single-factor test was
also used to assess common method variance (Podsakoff, MacKenzie, Lee, & Podsakoff, 2003).
Data Collection and Analysis
The researcher conducted a quantitative survey using participants who are members of
the Facebook group named Blockchain Enthusiasts. Using participants from a blockchain group
ensures that selected individuals are familiar with Blockchain technology and cryptocurrency. It
is necessary to have participants who have some knowledge of blockchain technology and its
impact on autonomy and privacy. Also, the researcher added questions to collect various
demographic data. The researcher did not collect personally identifiable data from participants
during this study. The researcher did not make any attempt to contact participants directly and
only identified responses numerically. The survey was retrieved as a snapshot of each
participant’s responses at a specific point in time. All survey data were collected within one
month and a sample size based on recommendations from earlier studies. Recommendations
indicate that a sample size of about 200 participants is sufficient (Tabachnick & Fidell, 2014).
83
No control groups are used in this study. Survey questions consisted of seven predictor variables
(PVA, BHI, AUT, TFC, SEF, PSE, PSV) without a dependent variable; to be consistent with
EFA (Fields, 2013). The variables were measured using a 5-point (multi-level) Likert-scale
based on a pre-validated measure scored from 1 to 5 (Strongly disagree, Somewhat disagree,
Neither agree nor Disagree, Somewhat agree, Strongly agree). See Appendix E.
Assumptions
An exploratory factor analysis using the common factor model assumes that the measures
are reflective of the underlying factors. When common factors have linear effects on measures,
they are considered within the class of models known as the effects-indicator models (Bollen &
Lennox, 1991; Edwards & Bagozzi, 2000). Such models assume that measured variables related
to common factors correlate with each other, to produce a high level of internal consistency (high
Cronbach α) scores (Cortina, 1993). Hence, it follows that an individual’s attitude towards an
object such as blockchain will correlate with their level of intent to use that technology. Also,
when an individual is sensitive to loss of personal data, then there is an elevated intent to find
secure alternatives. A positive attitude towards technology may also correlate with the intention
to adopt new technologies such as blockchain. Content validity ensures that the measures used,
measure the variable as intended (Creswell & Creswell, 2017); hence, predictive scores are also
intended to align with intended measures. The Kaiser-Meyer-Olkin was used to test for sampling
adequacy or the proportion of common variance present in the sample. The reliability of self-
reported surveys may sometimes be questioned, and all biases cannot be eliminated; however,
self-reports have been generally considered reliable and acceptable in empirical research
(Creswell & Creswell, 2017).

84
Limitations
A potential limitation of the study is that data collection relies on self-selected
participants and self-report, which may introduce social desirability bias and fatigue effects
(Spector, 1992). Self-reporting is a subjective method that is prone to measurement error. Self-
reporting error was minimized because participants were not asked identifying information to
assure anonymity and confidentiality. A non-random (convenience sample) sample of self-
selected participants was recruited from a single Facebook forum dedicated to blockchain, which
assumes that members of this forum are aware of blockchain technology. Also, this quantitative
exploration is non-experimental, so a control group cannot be used. The researcher used a web-
based questionnaire, which is likely to introduce response bias because some participants may
submit more than one response, and the questionnaire is not sufficiently varied. To ensure
anonymity, the IP address of participants systems was not be used to limit multiple responses. In
assessing the factors that influence a user’s attitude towards personal security involving the use
of a secure peer-to-peer technology such as blockchain, it is important to note that knowledge
and perception of peer-to-peer technology vary widely as well (Kshetri, 2017).
Delimitations
The delimitations of any study is important in assessing the boundaries and constraints
under which the researcher conducted the study. The researcher assessed factors that affect
individual attitude towards blockchain technology, which is a type of peer-to-peer cloud
computing. Factors such as organizational deterrence policies and other organizational initiatives
were not considered (Menard et al., 2014; Vance, Siponen & Pahnila, 2012). On the other hand,
lapses in organizational security could lead individuals to consider adopting secure peer-to-peer
technology, such as blockchain. Few individuals understand blockchain technologies despite the
85
hype surrounding Bitcoin. Hence, a poorly construed methodological delimitation can pose a risk
to the legitimacy of a study. For example, the use of a non-representative sample or a participant
sample that does not have the required knowledge or experience necessary to understand the
underlying material presented in the survey can create validity problems (Stahl, Timmermans &
Mittlestadt, 2016). While knowledge of Bitcoin or similar cryptocurrencies does not equate to
knowledge of blockchain, finding individuals who have a basic understanding of blockchain may
constrain the participant pool to technology savvy individuals and threaten external validity.
The use of a web survey can only include participants who can use that medium.
However, web surveys are commonly used in ISS studies (Kim, Park & Baskerville, 2016;
Wright, 2013). The survey was hosted on Qualtrics, a commonly used location for online
surveys. Any contact or suggestion that may appear to interfere with the survey was avoided and
the views self-controlled. For example, all participants received the same instructions and the
same consent materials, and the researcher did not attempt to contact participants directly or
indirectly or attempt to influence participants responses.
Ethical Assurances
Ethical violations often occur when individuals engage in fraud, cheating, deceit,
plagiarism, and other types of unethical behavior. In competitive sports, ethical issues arise when
athletes engage in the use of performance-enhancing drugs. Such violations can lead to
significant consequences, including outright bans from competitive sports. There are many
instances of severe unethical conduct among researchers as well (The Belmont Report, 1979).
Early research on ethics was concerned with defining ethical conduct as it relates to appropriate
behavior and controls. Researchers in behavioral economics, management, and social cognitive
psychology are increasingly stressing a more practical viewpoint, such as actual behavior under
86
temptation (Bazeman & Gino, 2012). Researchers also benefit from established ethical
guidelines required to conduct research activities in accordance with certain provisions such as
those published by the U.S. National Institutes of Health (2016). Ethical guidelines are helpful to
researchers who demonstrate an inclination towards ethical conduct (Spradley, 2016). As a
result, the researcher has familiarized himself with these guidelines and understands the meaning
of ethical misconduct and has adhered to the provisions and guidelines required to secure the
approval of Northcentral University Institutional Review Board (IRB) before data collection.
The researcher also values participants welfare and wellbeing because that is important to
this study. Study participants are aware that their contribution to this research effort has
improved knowledge and that the results are meaningful to humanity. The researcher also
assured participants that there are no direct or indirect threats or consequence as a result of this
study. The researcher ensured through statements in the consent-form that participants are aware
that their input, time, and effort is appreciated by the scientific community. Participants were
made aware of all their rights and were informed that they are free to withdraw from this study at
any time without notice or explanation.
All participants in the study received an appropriate notification, as required by the
NCU’s IRB, including an IRB-approved invitation post and informed consent document. All
participants were provided the informed consent document and could not proceed with the
survey until they acknowledged the consent. When participants do not accept the consent-form,
the survey terminated. All participants were adults over the age of 18 years. The survey was
programmed to disallow participants under 18 or those who are not resident in the United States.
Also, no individual was excluded from the study due to sexual orientation, national origin, race,
culture, or country of origin. Participant’s confidentiality is taken seriously, and all the materials
87
derived from the study are fully redacted and secured in an encrypted vault. When necessary,
relevant research data will be made available to researchers who wish to validate or enhance this
study. The researcher also ensured that the data used is a full reflection of the research findings
regardless of the data’s support of the hypothesis and assumptions.
The researcher collected data from adult human participants using a pre-validated web
survey in Qualtrics. While the survey did not pose physical, mental or emotional risks to
participants, the researcher believed it was necessary to ensure that the administration and
collection of the survey responses are consistent with published standards such as the American
Psychological Association (APA) Ethics Code (2003). The APA code of ethics (2003) stresses
the preservation of the accuracy and validity of research results, and protecting the rights and
welfare of research subjects as well as ensuring participants confidentiality and intellectual
rights. As a professional in the information systems industry, the researcher understands that it is
necessary to maintain the confidentiality of participants and their responses, especially those that
might identify particular organizations. While it was necessary to inform participants of the
scope and substance of this research, it was also necessary to assure participants that the resulting
conclusions are not predetermined.
The researcher understands the value of upholding a high ethical standard even when
there is some benefit in not doing so. In a survey of ethical behavior involving teenage
participants, researchers from Deloitte & Touche found that 80% of youths agreed that they were
capable of making sound ethical decisions but also admitted that they knowingly made poor
ethical decisions recently (Stephens, Vance, & Pettegrew, 2012). In the same study, nearly half
of the teens accepted that they could act unethically if they perceive a benefit or believe they will
not face consequence (Stephens et al., 2012; Shalvi, Gino, Barkan, and Ayal, 2015). Similarly,
88
researchers engaged in a study on the antecedents and consequences of ethical behavior found
that self-serving justifications preceding or following individual actions suppress perceptions of
the significance of unethical lapses and may lead to further unethical behavior (Shalvi et al.,
2015). Hence, the researcher understands the limits of ethical self-monitoring and the necessity
to supplement such effort with a tedious adherence to ethical mandates in order to avoid self-
serving perceptions which can lead to poor moral judgment and lessen or impede the perception
of questionable behavior (Shalvi et al., 2015).
Adhering to ethical guidelines is very important because of the history of past abuses on
human research participants in various parts of the world (Bailey, 2014). For example, during the
Second World War, Nazi doctors forced individuals incarcerated within concentration camps to
participate in heinous experiments, ostensibly to improve science (Bailey, 2014). After the war,
the Nuremberg code, introduced in response to the shocking findings from the Nuremberg trials,
established ethical guidelines. The Nuremberg code was later incorporated into the Declaration
of Helsinki (1964) and later integrated with the physicians’ code of ethics, which resulted in the
Declaration of Geneva (Bailey, 2014). These documents also formed that basis of another ethical
initiative arising from the infamous study called the Tuskegee syphilis experiment. In the
Tuskegee study, a research effort conducted over approximately 30 years, African American
individuals were infected with the Syphilis disease and left untreated even as they passed the
disease onto partners and unborn children. In that study, researchers did not inform patients of
the nature of the study or the diagnosis and prevented or denied treatment to participants. As a
result of public outrage, the Belmont Report was produced by the National Commission for the
Protection of Human Subjects of Biomedical and Behavioral Research as an ethical framework
for research using human subjects. The report arose from the National Research Act (Pub. L. 93-
89
348) of 1974, intended to identify the basic ethical principles governing behavioral research
involving human subjects. The Commission considered the distinction between biomedical and
behavioral research as well as the accepted and routine practice of medicine, including the risk-
benefit criteria involved in determining the appropriateness of research and the guidelines for
participation and informed consent. While the Belmont report was a significant effort intended to
correct lapses in ethics, there is still some concern about the influence of unconscious prejudice
in research (Graber, 2016; U.S. Department of Health and Human Services, National Institutes of
Health, 2016).
To improve ethical compliance and conform with provisions of the Belmont report,
Northcentral University requires students to complete IRB required modules offered by the
Collaborative Institutional Training Initiative (CITI). The researcher has a current CITI
certification in compliance with all NCU IRB provisions. Also, the Publication Manual of the
American Psychological Association (APA) provides specific guidelines regarding appropriate
ethical research conduct. In the APA manual, the authors introduced three basic principles that
characterize all research and writing. Those are: protecting the accuracy of scientific data,
ensuring the welfare and well-being of research participants, and safeguarding intellectual
property rights. These three concepts were utilized by the researcher to guide research conduct in
this study. While the risk to participants involved in this study is minimal, care was taken to
ensure that participants are not indirectly or directly affected by the procedures and methods. The
survey was pre-screened during the pilot phase for time requirement as well as confusing or
ambiguous content that may confuse survey participants. Before completing the survey,
participants were required to review the informed consent form and provide age and residency
information as required by the NCU’s IRB. All data collected in this study were collected in its
90
unaltered form and can be made available to scholars who may need to use it in their research
without personally identifiable information. The research data is stored in encrypted and reliable
storage for no less than seven years. The researcher attests to a personal commitment to abhor
plagiarism, self-plagiarism, duplication of existing studies, and falsification of results.
Summary
The purpose of this quantitative non-experimental cross-sectional study is to assess
factors influencing individual attitude towards blockchain applications when they perceive
threats to privacy. An empirical examination of the determinants of blockchain adoption
behavior requires a careful examination of associated factors. Exploratory factor analysis was
used to analyze latent constructs necessary to determine a subset of relationship that forms the
basis of correlation among these factors (Fabrigar & Wegener, 2017). With factor analysis,
mathematical methods are used to simplify underlying relationships using observed patterns of
correlation among variables (Child, 1976). The exogenous (independent) variables are privacy
(PVA), autonomy (AUT), technological facilitation (TFC), self-efficacy (SEF), perceived
severity (PSE), perceived vulnerability (PSV), and intent (BHI) towards a blockchain solution.
The measures in this study utilize a 5-point Likert scale graduated from “strongly disagree” (1)
to “strongly agree” (5). The clarity and presentation of the survey were refined using a pilot
study.
Since blockchain adoption is in its infancy in various industries, understanding its unique
characteristics and the influence of privacy concerns on attitude towards this technology may be
beneficial to researchers. Emerging cloud-based applications built-on blockchain technology
provides researchers an opportunity to evaluate technology choices and security from an
individual’s perspective. When private data falls into the wrong hand, there may be physical
91
consequences for the individual. For example, in 2018, the US Government started asking census
participants to indicate their citizenship. Answering those questions could create anxiety among
individuals with unresolved immigration status who will not want to disclose it to the
government for fear of deportation. Hence, a forced release of private information may result in
physical deportation from a chosen country of residence. The researcher posits that when
individuals are worried about their privacy, it may lead to a positive attitude towards an
application with built-in anonymity, such as those based on blockchain.
Blockchain is a reliably secure type of cloud technology that does not require centralized
control and is designed to be difficult or impossible to corrupt. The efficacy of secure cloud
technology provides benefit to individuals and the assurance that their private data is safe,
convenient, and anonymous (Menard et al., 2014; Zyskind et al., 2015). McBride (2014)
explained that threats to autonomy undermine the social contract binding people together in the
information age and that it is a threat to human dignity. Cloud technologies with built-in security
will likely provide greater end-user confidence and assurance that embarrassing leaks of personal
records, identity theft, and possible personal harm are unlikely (Sen & Borle, 2015; Price, 2016).
Researchers have also shown that when individuals are dissatisfied with the security of their
assets, they may consider more secure alternatives or better options (Ablon et al., 2016).
Knowledge gathered from this study will inform researchers and practitioners on factors and
circumstance that may influence individual attitude towards anonymous applications such as
blockchain, especially when an individual is sensitive to data exposure. The acquisition and
storage of PCD, PII, and PHI provide a treasure trove of data for organizations, but it also creates
an attractive target for criminals and unscrupulous executives. An understanding of the

92
relationship between privacy and individual self-determination will provide useful data to future
theorists and practitioners.

93
Chapter 4: Findings
The purpose of this quantitative non-experimental cross-sectional study was to assess
factors influencing individual attitude towards blockchain applications when they perceived
threats to privacy arising from frequent data breaches. As the threats to personal privacy continue
to increase, the determinants that influence individual behavior towards secure autonomous
technology is likely to provide practitioners, businesses and researchers with improved visibility
into consumer behavior and choice (Acquisti, Brandimarte & Loewenstein, 2015; Kraus,
Wechsung & Möller, 2017). While researchers have demonstrated that individual perception of
insecurity can evoke a protective response (Van Schaik et al., 2018), such insecurity seems to be
an insufficient motivator for protective behavior because salient psychological and privacy
motivators may also play important roles (Kraus et al., 2017). Unfortunately, little research exists
in ISS that is focused on intent to adopt autonomous peer-to-peer cloud technology in response
to various threats to personal data. Although researchers studied individual behavior towards
commercial cloud technology adoption, those studies rarely differentiated between
organizational and personal attitudes or the underlying factors unique to specific technologies
(Chen et al., 2016; Menard et al., 2014; Oliveira et al., 2014).
In extant studies, researchers showed there is a significant connection between behavior
and intent to adopt technological initiatives (Ifinedo, 2014; King & Thatcher, 2014) but various
inconsistencies in findings regarding the influence of insecurity on protective response have not
been fully explained (Acquisti et al., 2015; Kraus et al., 2017; Van Schaik et al., 2018). In some
cases, the response to privacy threats may not mirror expected concerns; a phenomenon known
as the privacy paradox (Dienlin & Trepte, 2015). As a result, an exploration of different subsets
of measures that influence the response, such as the psychological need for privacy, a need for
94
autonomy and the influence of technology and threats on behavior towards emerging technology
such as blockchain is warranted. Although convenience, automaticity and threat response exert
influence on cloud adoption, that analysis did not include technological foundations unique to
cloud technology (Menard et al., 2014; Senyo, Addae, & Boateng, 2018).
The researcher retrieved 240 participant responses to the survey. From those, 202 met the
screening criteria such as questions regarding residency in the United States and age. After
cleaning and removal of incomplete entries, there were only 187 usable responses for n=187. As
a first step, the data was examined in Qualtrics and found to have reversed scoring. It was
necessary to use the recode function in Qualtrics to export the data consistently. After the data
download, it was still necessary to ensure that missing data was consistently managed. Other data
that was automatically collected by Qualtrics but was not required for the survey were removed.
Incomplete responses were removed as well. The downloaded survey had a Likert-type scale that
was coded in Qualtrics as follows: 1 – Strongly Agree, 2 – Somewhat Agree, 3 – Neither Agree
nor Disagree, 4 – Somewhat Disagree and 5 – Strongly Disagree. It was necessary to recode
these variables into new variables following the more common definition: 5 – Strongly Agree, 4
– Somewhat Agree, 3 – Neither Agree nor Disagree, 2 – Somewhat Disagree, and 1 – Strongly
Disagree (Oliviera et al., 2014) without impacting statistical results. These new variables were
compared with the original to ensure they maintain the same values, such as standard deviation,
median, skewness, and kurtosis. Afterward, all statistical observations were performed with the
recoded values.
95
Results
After obtaining NCU IRB approval, a link to the pilot survey was posted on the Facebook
forum Blockchain Enthusiasts requesting participants with expertise in blockchain technology to
respond to the pilot. Five responses were received, and the pilot closed to avoid sampling fatigue
since the same forum would be used to conduct the full study. Common feedback from pilot
participants was that the survey questionnaire had ambiguous wording in a few places.
Respondents also complained about the color choice and the spacing of the questions on the
online questionnaire. Other comments included suggestions to minimize the use of the word
blockchain. Additionally, pilot participants were insistent that knowledge of blockchain was
required for participants to understand the survey material. The survey was modified to conform
to the feedback received, and participation remained constrained to the same Facebook forum.
The scree plot obtained after factor analysis of the final dataset was somewhat ambiguous
although there was a visible inflection that could justify selecting 5 or 6 factors. Kaiser (1960)
suggested retaining all factors with an eigenvalue higher than 1. This criterion often referred to
as Kaiser’s criterion is based on the concept that eigenvalues represent the level of variation
explained by a factor; hence, an eigenvalue of 1 is substantial variation. On the other hand,
Jolliffe (1972) suggested a less stringent criterion by suggesting the retention of all factors with
eigenvalues larger than 0.7. Evidence shows that the Kaiser criterion is accurate when the
number of variables is less than 30 and communalities greater than 0.7 or when the sample size is
over 250 and communalities higher than 0.6 (Stevens, 2002). When these do not apply, the scree
plot is the best approach. The graphing of eigenvalues makes the relative importance of each
factor more apparent (Fields, 2013). Typically, the results show few factors with a high
eigenvalue and many others with low eigenvalues giving the graph a characteristic shape. The
96
point of inflection, where the slope of the line changes dramatically, is often used to determine
the cut-off for the number of factors to retain (Cattell, 2010). The communalities are an
indication of the percentage of common variance. When the value is one, then all common
variance is represented. If the value is zero, then no common variance is represented. After
determining the number of factors to extract, we re-estimate the communalities.
With parallel analysis, each eigenvalue is compared against an eigenvalue for the
corresponding factor using randomly generated data that shares the same characteristics
(Franklin, Gibson, Robertson, Pohlmann, & Fralish, 1995; Horn,1965). Humphreys and
Montanelli (1975) compared the parallel analysis method with the maximum likelihood method
and found that parallel analysis was remarkably more accurate. Using parallel analysis, the
number of factors to retain are those eigenvalues that are larger than their random counterparts
(Horn, 1965). Unfortunately, experts disagree on whether the eigenvalues from the principal
component or the common/principal axis factor eigenvalues should be used. The researcher
extracted and examined the factor eigenvalues to compare with the observed data and found
evidence to retain six factors (O’Connor, 2000). Six factors were extracted using suppression of
coefficients below 0.5 the factor matrix is shown on Appendix I (Factor Extraction).
97
The parallel analysis provided sufficient information to retain six factors since the EFA
values were higher than those obtained with random data using the same number of variables,
sample size, and type of analysis.
Table 1
Parallel Analysis Results
Eigenvalues
Factor EFA Parallel Analysis
1 10.824 0.97
2 3.252 0.83
3 2.294 0.74
4 1.612 0.66
5 1.195 0.58
6 1.136 0.51
Values obtained for these six factors were higher than noise values from parallel analysis
or Monte Carlo simulation. The researcher labeled the extracted factors using a generalized
description appropriate to this context, see Table 2.

98
Table 2
Relating Items to Questions and Labels
Factor EV Description RQ Items
1 10.824 I am very afraid 4&5 PSE2, PSV1, PSV2, PSV3
2 3.252 Blockchain or bust 7 BHI1, BHI2, BHI3, BHI4
3 2.294 I can do anything 3 SEF1, SEF2, SEF3, SEF4
4 1.612 I am the master of my universe 6 AUT1, AUT2, AUT3, AUT4
5 1.195 Give me technology 2 TFC1, TFC2, TFC3, TFC4
6 1.136 Leave me alone 1 PVA2, PVA3, PVA4
RQ = research question, EV = eigenvalue
Analysis with Interpretation. A maximum likelihood factor analysis was performed on
28 items using an orthogonal (Varimax) rotation. The Kaiser-Meyer-Olkin measure of sampling
adequacy had a value of 0.89, which is considered quite good (Fields, 2013). Multicollinearity is
not a significant concern since the Pearson correlation coefficient between all pairs of questions
does not have any values above 0.9, although there are a few variables with values above 0.3
(Fields, 2013). Also, all KMO values for individual items exceed the acceptable limit of 0.50
(Fields, 2013).
99
Table 3
KMO and Bartlett’s Test from Final Study
Kaiser-Meyer-Olkin Measure of Sampling .890
Adequacy.
Bartlett's Test of Approx. Chi-Square 4000.876
Sphericity df 378
Sig. .000
An EFA was run to obtain eigenvalues for each factor. Six factors had eigenvalues above
Kaiser’s criterion of 1 and those explained over 72% of the total variance. See Appendix L
(Initial Eigenvalues). The Kaiser criterion is useful when the number of variables is < 30 and
communalities > 0.7, so it can be used under this circumstance (Stevens, 2002). The Kaiser
criterion recommends retaining all factors with eigenvalues larger than 1. Also, it is advisable to
retain all factors that account for at least 70% of the total variance (Stevens, 2002). Six factors
meet these criteria. In addition, these six factors were found to be valid after comparison using
parallel analysis. Plotting each eigenvalue against the associated factor produced the scree plot as
seen in Figure 2.
100
Figure 2
Scree Plot
There is some ambiguity in determining the appropriate point of inflection since one
factor was dominant, and there appear to be two points of inflection. However, the scree plot
provides evidence for extracting 5 or 6 factors. The researcher selected six factors due to the
sample size and convergence between the Kaiser’s criterion, scree plot, parallel analysis, and
considering the sample size and variable-to-factor ratio (Fields, 2013).
Items with communalities below 0.3 were dropped from the study, see Appendix J
(Communalities). Also, items with low communalities could not be extracted. The rotated factor
plot is shown in Appendix M with the suppression of coefficients below 0.5 to clarify results
(Fields, 2013). An initial factor analysis using oblique rotations demonstrated that the factors
were relatively independent, suggesting that an interpretation of the orthogonally rotated matrix
is reasonable (Menard, 2014). Please see the correlation matrix and SPSS output in Appendix G.
The rotated factor matrix shows the significant coefficients distributed across the six factors as
101
seen in Appendix M (Rotated Factor Matrix with Suppression). The unsuppressed rotated factor
matrix is shown in Appendix K.
Overview of demographic information. Choosing participants from a community of
blockchain enthusiasts improve generalization as it relates to the domain under study. Statistical
tests show that the sample distribution is non-normal; however, with factor analysis, statistical
inference is more meaningful if the variables are multivariate normal (Tabachnick & Fidell,
2014). The pilot sample was quite small, although its purpose was also limited. Reliability
analysis of the pilot data (α = 0.85) exceeded the acceptable level of 0.7 for EFA (Nunnally,
1967). The descriptive statistics from the pilot survey is reproduced in Appendix N.
After incorporating the textual changes derived from anonymous comments during the
pilot, and closing the pilot, the final study was submitted and approved by the NCU IRB and the
approved survey published on Qualtrics. Members of the Facebook forum “Blockchain
Enthusiasts” were again invited to participate in the final survey. Unfortunately, the number of
participants in the pilot did not indicate the expected number of participants, since the pilot was
capped at 5 participants and closed quickly. Participation and activity in a Facebook forum with
a membership of over 13,000 members vary with time and may not provide a gauge to predict
participation and interest. The number of individuals who previewed or attempted the survey was
n=240 before closure. After data cleaning, which involved deleting abandoned and partially
completed responses, the sample size decreased (n=187). A sample size of n=187 is sufficiently
robust for this analysis. The sample characteristics of the final study is presented in Appendix O.
The sample size for this study was n = 187. This number is adequate for factor analysis
when there is moderate to high communalities and three or greater items per factor (Fields,
2013). For inferential purposes, the sample was drawn from members of a blockchain forum on
102
Facebook, which is a marginally representative population of users with some knowledge of
blockchain technology. The Kaiser-Meyer Olkin (KMO), an estimate of the sufficiency of the
sample size or the sampling adequacy for EFA analysis returned a value of 0.889. Since KMO is
greater than 0.50, the sample is sufficient
All survey participants were familiar with blockchain technology as required. Over 37%
of the participants have medium expertise with blockchain technology. Of the remaining, 11%
are self-described experts, 33% have a high level of expertise,17% percent have a low level of
expertise, while 0.5% claim no expertise. Participants ages range from 18 to 65 years and over.
The age distribution of participants was 18 – 34 (56%), 35 – 50 (31%), 51 – 65 (9.1%), over 65
(6%). Age was non-normally distributed with skewness of 1.275 (SE = 0.17) and kurtosis of
1.068 (SE – 0.354). Overall, participants were 119 men (63%) and 68 women (36%). The level
of education and employment status of participants is shown in Table 4. A majority of the
participants are either employed or in school (90%).
Table 4
Participant Employment Status
Cumulative
Frequency Percent Percent
Full time or part time 114 61.0 61.0
Unemployed 8 4.3 65.2
Not working 7 3.7 69.0
Student 53 28.3 97.3
Other 5 2.7 100.0
Total 187 100.0
103
Table 5
Education Demographics of Participants
Cumulative
Frequency Percent Percent
Less than high school 2 1.1 1.1
High school / GED 21 11.2 12.3
Some college, no degree 42 22.5 34.8
Non-degree Professional 8 4.3 39.0
Bachelor's degree 40 21.4 60.4
Master's Degree 50 26.7 87.2
Professional Degree (e.g. MD, DDS, 14 7.5 94.7
DVM)
Doctorate (e.g. PhD, EdD) 10 5.3 100.0
Total 187 100.0
Approximately 50% of participants have a college degree or higher, and over 80% have
some college education. Cronbach’s alpha for the seven subscales in this study was 0.9, with a
Kaiser-Meyer-Olkin (KMO) of 0.89 and a significant Bartlett’s test of sphericity (χ2(378) =
4000, p < .001).
Table 6
Reliability Statistics of Individual Scales
Scale Items Cronbach’s α
PVA 4 0.59
AUT 4 0.88
TFC 4 0.91
PSE 4 0.65
PSV 4 0.89
BHI 4 0.92
104
The descriptive statistics for all items in this study are presented in Appendix P. The PVA
and PSE improved with the deletion of a single component in each scale.
Gender differences. When SPSS data was split by gender, differences were observed in
the number of factors with an eigenvalue higher than 1, for males and females. Five factors were
extracted for males, while six factors were extracted for females. The dominant factor for
females was latent intent, with an eigenvalue of 10.53, which explained 37.67% of the total
variance. For males, technological facilitation was the dominant factor with an eigenvalue of
11.26, which explained 40.23% of the total variance. In comparison, female participants were
influenced by threats to a larger degree than males; hence, male participants were significantly
driven by technology.
Table 7
Factors Identified Using Male Participants Only
Factor 1 Factor 2 Factor 3 Factor 4 Factor 5
Eigenvalue 11.26 3.41 2.15 1.81 1.31
% of variance 40.23 12.19 7.67 6.48 4.68
Construct Technology Latent Intent Self- Threat Autonomy
efficacy
Table 8
Factors Identified Using Female Participants Only
Factor 1 Factor 2 Factor Factor 4 Factor 5 Factor 6

3
Eigenvalue 10.53 3.20 2.90 1.55 1.44 1.13
% of variance 37.62 11.46 10.39 5.56 5.15 4.03

105
Table 9
KMO By Gender
KMO and Bartlett's Testa

Adequacy.
Sphericity df 378
Sig. .000
a. Gender. = Male
KMO and Bartlett's Testa

Adequacy.
Sphericity df 378
Sig. .000
a. Gender. = Female
Validity and Reliability of the Data
Content validity of the selected constructs, the intention scale and manipulations were
verified through a literature review as well as a expert subject-matter review during the pilot. The
constructs used in this study originated from published instruments derived from multiple studies
(Chatterjee et al., 2015; Ifinedo, 2012; Smith et al., 1996; Weinstein et al., 2012; Woon &
Kakanhalli, 2007). The pilot participants were experts in blockchain applications and technology
who are active participants of a Facebook forum on blockchain applications. The pilot survey
had text that encouraged participants to validate the wording and subjective interpretations of the
survey questionnaire and leave comments as necessary. Convergent validity was assessed by
checking whether items from the same construct correlate highly with each other. Discriminant
106
validity was analyzed using the factor loadings to see if items loaded higher on their intended
scale than on other scales (Woon & Kakanhalli, 2007).
The correlation matrix was examined for coefficient and significance levels. The R-
matrix had no coefficients above 0.9, and most variables had values considerably above 0.3,
which indicated that multicollinearity was not a concern (Fields, 2013). The determinant for the
R-matrix was not zero. The researcher evaluated communalities and analyzed factors that
influenced the validity of correlations, such as outliers and non-linear relationships. The average
observed communalities was 0.7 and the number of variables n=28, with a variable to construct a
ratio of 1 to 7, which is adequate. The samples size is within the expected range of 5 -10
participants per variable, as recommended (Stevens, 2002).
SPSS v25 was used for data analysis, but it has some drawbacks, for example, reporting
model fit indices are often poor for maximum likelihood procedures and may reduce matrix
eigenvalues (Tabachnick & Fidell, 2014). Parallel analysis was an additional step used to clarify
the decision to retain selected factors. With parallel analysis, each eigenvalue is compared with
the eigenvalue of a factor derived from randomly generated data using data with similar
characteristics (Fields, 2013). Results obtained from the parallel analysis is often more
dependable than those obtained from scree plots or Kaiser’s criterion (Fields, 2013). It was also
necessary to ensure that the survey is measuring the constructs reliably; hence, a KMO of 0.89
was deemed sufficiently greater than the baseline of 0.50. Reliability analysis was used to ensure
that data for EFA is appropriate and that reverse scored items would not interfere with the
analysis. Bartlett’s test of sphericity shows that the data is sufficiently reliable because it
indicates that there is at least one significant correlation between items (Fields, 2013). The
communalities were sufficiently high although one item had a communality lower than 0.3.
107
Table 10
Bartlett’s Test of Sphericity
X2 df p
4000 378 <.001
Research Questions and Hypotheses
The first research question refers to an individual’s privacy concern. The privacy (PVA)
subscale consisted of 4 items (α = 0.59) a marginally decent number, however, when item PVA1
is deleted the Cronbach α = 0.77 indicating a slight improvement. PVA1, which explores an
individual’s “collection concern” did not load onto any factor. In the internet age, privacy
concern is often related to an individual’s expectation of control over the processing and
transferring of personal information as well as interactions involving their personal information
and the availability of such data (Dienlin & Trepte, 2015). The second (0.57), third (0.71) and
fourth (0.77) items loaded on factor 6 (0.68). Factor 6 with an eigenvalue of 1.13 accounts for
4.0% of the variance on intent towards blockchain applications. The second question (PVA2)
reflects an individual’s expectation of organizational security practices, third question (PVA3)
refers to an individual’s conviction about an organization’s obligation to secure data, and the
fourth question (PVA4) is a measure of an individual’s attitude towards the cost of protecting
confidential data. These items correlate weakly with behavioral intent, technology facilitation,
and perception of threat. These items confirm the minimal influence of organizational security
practice in motivating blockchain intentions.
Research question 2 analyzes the extent that affection for technology influences intent to
adopt blockchain technology using items derived from the literature (Chatterjee et al., 2015). The
technology facilitation (TFC) subscale consisted of 4 items (α = 0.910). Individuals’ perceptions

108
of the enabling role of technology in providing facilitating attributes for data exploitation is
associated with increased behavioral control towards the use of technology (Chatterjee et al.,
2015). These items converged on factor 5 (0.66) and were significant. Factor 5, with an
eigenvalue of 1.195 accounts for 4.2% of the variance on intent towards blockchain applications.
Item TFC2 (0.81) refers to the belief that technology can improve the utility of other
technologies. TFC1 (0.61) and TFC2 (0.81) refers to technology enablement and ease of use.
TFC4 (0.57) assesses ethical consideration affecting the use of technology.
Self-efficacy is an important construct in many theoretical foundations (TPB: Ajzen,
2011; PMT: Rogers, 1975). Research question 3 explored the extent self-efficacy influenced
intent to adopt blockchain applications. Question 3 (SEF) was assessed using a 4-item scale (α =
0.910). Self-efficacy refers to an individual’s confidence in their ability to perform and achieve
specific goals. Self-efficacy emphasizes the individual’s judgment regarding his or her ability to
cope with or conduct a recommended action. The scale for self-efficacy (SEFI) was adapted
from Woon and Kakanhalli (2007), and all items on this scale loaded significantly on factor 3
(0.76). Factor 3, with an eigenvalue of 2.294 accounted for 8% of the variance on intent towards
blockchain applications. Also, self-efficacy correlates significantly with behavioral intent (r =
0.5, p <.01), which suggests that self-efficacy has some relationship with intent towards
blockchain applications.
Research question 4 explored the extent that perceived severity of a threat influences
intent towards blockchain applications. Perceived severity (PSE) scale was assessed using four
items adapted from Ifinedo (2012). The PSE scale (α = 0.65) loaded poorly on all factors. Just
one measure, PSE2 loaded significantly on factor 1. PSE2 assesses an individual’s belief that
their data will be stolen. PSE2 significantly correlated with behavioral intent (r =0.6, p < .01),
109
which indicates that concern for data loss or theft bears some relationship with intent towards
blockchain applications; which is aligned with previous findings (Menard et al., 2014). This item
was measured using a 5-point Likert scale.
Research question 5 assessed an individual’s vulnerability to a data incident. The scale
for perceived vulnerability (PSV) was adapted from Ifinedo (2012). Four items (α = 0.89) were
used as indicators of an individual’ assessment of their vulnerability to a privacy threat.
Perceived vulnerability refers to the belief that a viable threat will occur. In this study, this refers
to an individual’s belief that their confidential record will be exposed to the public, often without
warning or pre-notification. Three items in this-this scale loaded highly on factor 1. Factor 1,
with an eigenvalue of 10.824 accounted for 39% of the variance on intent towards blockchain
applications. One item (PSV4) loaded poorly and was discarded. The other three items (PSV1,
PSV2, PSV3) loaded on factor 1 (along with PSE2) indicating a strong sense of dread. A 5-point
Likert scale was used to measure these items.
Research question 6 explored the influence of autonomy on attitude. Autonomy in this
study, autonomy refers to an individual’s ability to make independent choices that affect their
person, freely without coercion or external concern. McBride (2014) explained that threats to
autonomy undermine the social contract binding people together in the information age and that
this is a threat to human dignity. McBride conceptualized an autonomy, community,
transparency, identity, value, and emotion (ACTIVE) model, in order to describe the autonomy
of the individual. For parsimony, the researcher assessed autonomy using measures derived from
the subscale of authorship or self-congruence (α = 0.86). All four questions loaded appropriately
on factor 4 (0.77). Factor 4, with an eigenvalue of 1.612 accounted for 6% of the variance in
intent towards blockchain applications. The first question, AUT1 (0.74), represents autonomy in
110
the context of important values and feelings. The second question, AUT2 (0.82), represents
autonomy in the context of identity. The third question, AUT3 (0.80) explores autonomy in the
context of the self.
Research question 7 explored latent intent towards blockchain application. The
behavioral intention (BHH) subscale had 4 items (α = 0.92). The degree of favorableness
towards an activity is related to attitude towards that activity (Ajzen, 2011). The researcher
adapted the scales for behavioral intention from extant literature (Ifinedo, 2012). These measures
assessed an individual’s existing intention to select a Blockchain application for personal
privacy. The items in this scale loaded on to factor 2. Factor 2, with an eigenvalue of 3.25
accounted for 12% of the total variance in intent towards blockchain applications. The first
question, BHI1, explores intention towards Blockchain application. The second question, BHI2,
clarifies such intention by asking about a context involving confidential data. The third question,
BHI3, restates intention in the context of privacy. Finally, the fourth question, BHI4, explored
intention in as broad a context as possible.
Hypotheses Testing. The following hypotheses were tested and accepted or rejected, as noted
below:
H01. k=0 factors are needed to characterize intent towards blockchain applications. This
was rejected since more than zero factors were significantly extracted.
H02. k=1 factor is needed to characterize intent towards blockchain applications. This was
rejected since more than one factor was significantly extracted.
was rejected since more than two factors were significantly extracted.
111
was rejected since more than three factors were significantly extracted.
was rejected since more than four factors were significantly extracted.
was rejected since more than five factors were significantly extracted.
was not rejected since six factors were significantly extracted.
was rejected since six factors were significantly extracted.
Evaluation of the Findings
The choice of rotation depends on the circumstance or theoretical consideration that
determines whether factors are independent or related. In most natural environments’ factors are
not independent therefore an oblique rotation is a sensible choice; however, to improve the
resolution of underlying factors, a rotated solution can be helpful (Fields, 2013; Menard et al.
2014). Pedhazur and Schmelkin (1991) suggested that when an oblique rotation shows a
negligible correlation between extracted factors, then an orthogonal rotation is sensible. After
exploratory analysis, six factors with an eigenvalue greater than one were extracted. The first
factor had an eigenvalue of 10.824 (39% of total variance), the second factor had an eigenvalue
of 3.252 (12% of total variance), the third factor had an eigenvalue of 2.294 (8.1% of total
variance), the fourth factor had an eigenvalue of 1,61 (5.7% of total variance), the fifth factor had
an eigenvalue of 1.195 (4.2% of total variance) and the sixth factor had an eigenvalue of 1.136
(4.0% of total variance). These six factors combined, represent 72.5% of the total variance. The
112
next step was to perform rotation and test whether Ho7: k=6 factors is a reasonable hypothesis to
characterize intent towards blockchain applications. Convergence with the scree plot, parallel
analysis, and Kaiser’s criterion indicates that Ho7: k=6 factors were needed to characterize intent
towards blockchain applications. The researcher followed the guidance which stated that when
using the “factor transformation matrix,” when an oblique rotation shows minimally correlated
factor structure, then the orthogonally rotated structure can be used (Fields, 2013).
To extract observed factors, Stevens (2002) recommends that for a sample size of 100,
the loading should be greater than 0.512 and for a sample size of 200, the loading should be
greater than 0.364. The researcher suppressed small coefficients by excluding values below 0.4
improves the clarity of the factor structure in both rotated and non-rotated factor analysis. Also,
while the maximum likelihood method is best suited for normal data, it provides better clarity for
hypothesis testing (Fabrigar & Wegener, 2017). The research questions developed at the
beginning of the study all emerged as significant contributors to intent to adopt blockchain
applications. Of the six factors extracted, first two explained the majority of the variance. The six
factors were broadly described, in order from factor 1 to 6, as “I am very afraid,” “Blockchain or
bust,” “I can do anything,” “I need a cave,” “Give me technology,” and “Organizational security
is bad.”
“I am very afraid.” This is an appropriate description of the first factor extracted. With
an eigenvalue of 10.824, factor one accounted for 39% of the variance on intent towards
blockchain applications. It comprises of items derived from perceived severity of threats and
perceived vulnerability to threats. These items evaluated an individual’s threat perception and
vulnerability. One item in perceive severity (r = 0.6, p <.01), and 4 items in perceived
vulnerability scale (r = 0.6, p < .01) correlate significantly with intent to adopt blockchain
113
applications. This data illustrates the importance of latent intent, technology, and threat in
driving the adoption of blockchain technology and supports the direct link between attitude and
intent as proposed by TPB (Ajzen, 2011). This indicates that the perception of threats is the most
significant contributor to intention towards blockchain applications. This supports early findings
that threat susceptibility (β = 0.099, p < 0.01) and severity (β = 0.114, p < 0.01) are important
indicators of intent to adopt a cloud application (Menard, 2014). The results justify the
application of PMT as the theoretical basis of this inquiry and align with findings which show
that security concerns explain over 44% of the variance regarding the selection of a cloud
computing platform (Rogers, 1975; Oliviera et al., 2014). Also, research findings show that
individual perception of risk to PHI or PII will evoke a corresponding protective response (van
Schaik et al., 2018). This analysis did not evaluate the impact of ease and convenience as
indicators of intent towards cloud technology (Menard et al., 2014).
“Blockchain or bust.” The second factor measured latent intent towards blockchain
applications and may simply assess the impact of the hype surrounding blockchain and Bitcoin.
In a community with a heightened awareness of cryptocurrency, some curiosity about blockchain
will be present. For some, there is a need to use blockchain for something because it is cool.
Factor 2, with an eigenvalue of 3.25 accounted for 12% of the total variance in behavioral intent
towards blockchain applications. The first survey question, BHI1, explored overall intention
towards blockchain while the other questions clarified behavioral intention using various
contexts. From a technological perspective, individuals are known to seek technologies that
empower their autonomy, and that would minimize their mistakes or consequences of their
action (Woodside, Augustine, & Gilberson, 2017). Hence, it is not surprising that a significant
portion of early blockchain adopters includes criminal with sensitivity to privacy, who seek
114
untraceable illicit proceeds from malware and ransomware attacks (Woodside et al., 2017).
Behavioral intent also correlates significantly with technological facilitation (r = 0.5, p < .01),
self-efficacy (r = 0.4, p < .01), an item in perceive severity (r = 0.6, p <.01), and perceived
vulnerability (r = 0.6, p < .01). This data illustrates the importance of latent intent, technology,
and threat in driving the adoption of blockchain technology and supports the direct link between
attitude and intent as proposed by the TPB.
“I can do anything.” The components of factor 3 capture the essence and importance of
self-efficacy in motivating individual action. This “can do” spirit is the reason self-efficacy is a
significant construct in both TPB and PMT (Ajzen, 2011; Rogers, 1975). Factor 3 affirmed
research question 3. The data shows that self-efficacy correlates significantly with behavioral
intent to adopt blockchain applications (r = 0.5, p < .01). As expected, self-efficacy also
correlated significantly with technology facilitation (r = 0.5, p < .01). Self-efficacy (SEFI) scale
adapted from Woon and Kakanhalli (2007) had an eigenvalue of 2.294, which accounted for 8%
of the variance on intent towards blockchain applications. This construct illustrates the
importance of the skills and measures needed to protect an individual’s personal information
(Bandura, 1991). Self-efficacy is the confidence in an individual’s ability to cope effectively and
has been shown to strongly predict protection motivation in a variety of contexts (Herath & Rao,
2009).
“Leave me alone.” This is an appropriate expression for items from factor 4, which
assess individual privacy. These survey questions were adapted from Smith et al. (1996) and
were used to measure privacy dimensions; namely concerns about data collection, concerns
about errors in personal data, unauthorized use or misuse of personal data and improper access to
personal data. Factor 6 with an eigenvalue of 1.13 accounts for 4.0% of the variance on intent
115
towards blockchain applications. The second survey question (PVA2) reflects an individual’s
expectation of organizational security practices, third survey question (PVA3) refers to an
individual’s personal conviction about an organization’s obligation to secure data, while the
fourth survey question (PVA4) measures an individual’s attitude towards the cost of protecting
confidential data. These items correlate weakly with behavioral intent, technology facilitation,
and perception of threat and may warrant future analysis. It is not surprising that attitude towards
blockchain correlates with the intention to control the processing and transfer of personal
information as well as the interactions involving personal information (Dienlin & Trepte, 2015).
“Give me technology.” Individuals’ perceptions of the enabling role of technology in
providing facilitating attributes for data exploitation is associated with increased behavioral
control towards the use of technology (Chatterjee et al., 2015). These items converged on factor
5 (0.66). Factor 5 with an eigenvalue of 1.195 accounts for 4.2% of the variance related to intent
towards blockchain applications. Various items such as survery question TFC2 (0.81) refers to
the belief that technology can improve the utility of other technologies. TFC1 (0.61) and TFC2
(0.81) refers to technology enablement and ease of use. TFC4 (0.57) assesses ethical
consideration affecting the use of technology. The items in factor 5 correlate significantly (r =
0.5, p < .01) with behavioral intent towards blockchain applications. These findings assert that
feeling towards technology influences intent towards blockchain applications. In support,
technology is known to drive changes in social behavior, especially in online dating using mobile
applications (Jung, Bapna, Ramaprasad & Umyarov, 2019). Researchers also recognized
individuals’ perceptions of the enabling role of technology in providing facilitating attributes
(Chatterjee et al., 2015).

116
“I am the master of my universe.” The autonomy of the individual converged on factor
4. Autonomy refers to an individual’s ability to make reasoned choices that affect their person,
freely without coercion or external concern. McBride (2014) explained that threats to autonomy
undermine the social contract binding people together in the information age and that this is a
threat to human dignity. McBride conceptualized an autonomy, community, transparency,
identity, value, and emotion (ACTIVE) model to describe the autonomy of the individual. Factor
4, with an eigenvalue of 1.612 accounted for 6% of the variance found in the items. The items
comprising factor 6 (autonomy) did not correlate significantly with behavioral intent but
correlated with selected items such as perceived severity and perceived vulnerability to threats.
The first survey question, AUT1 (0.74), represents autonomy in the context of values and
feelings. The second survey question AUT2 (0.82), represents autonomy in the context of
identity. The third survey question, AUT3 (0.80) explores autonomy in the context of the self.
Extant research supports the findings that autonomy promotes interest-taking in technologies
such as blockchain; a component of the General Causality Orientation Scale by Deci and Ryan
(1985). The self-determination scale also highlights the importance of autonomy in choice-
making (Sheldon, 1995). Furthermore, autonomy is a necessary component of subjective well-
being (Olesen, Thomsen, & O’Toole, 2015).
Summary
The researcher explored individual behavior towards secure peer-to-peer technology such
as blockchain, in the context of personal autonomy and threats to privacy. Exploratory factor
analysis (EFA) was used to analyze the relationships between various measures and to develop
appropriate theories (Fabrigar & Wegener, 2017). The results show that six factors are
significant in influencing the use of blockchain applications. The data also shows that there are
117
subtle differences between genders on the significance of these factors. Two dominant factors
emerged, attitude to technology and perception of threats. These findings support extant research
on protection motivation and validate the theoretical basis for this analysis, which is anchored on
threat protection. This exploration benefits from the mix of theoretical foundations such as
protection motivation theory (PMT) and the theory of planned behavior (TPB). Researchers
found that the combined model explained 70% of the variance related to behavioral intention
while each model individually represented 45% and 60% of the variance (Ifinedo, 2012). Using
EFA, relevant constructs and measures were drawn from the following general questions:
privacy questions, technology questions, anonymity questions, self-efficacy questions, perceived
severity questions, and perceived vulnerability questions (Osborne, 2015). These questions were
affirmed as important factors that influence an individual’s intent towards blockchain
applications.
118
Chapter 5: Implications, Recommendations, and Conclusions
The problem the researcher addressed is persistent data breaches and its impact on
individual technology choices. When individuals perceive a significant threat to sensitive
personal records, they may explore alternatives such as anonymous and autonomous systems
(Assadulah, & Onyefolahan, 2015; Zhao, Detlor, & Connelly, 2016). Insecurity is a persistent
concern partly due to the onerous task of defending against cyber-attacks (Dutta, Peng,
Choudray, 2013; Munodawafa & Awad, 2018). It was recently reported that 500 million
individual accounts were compromised at Yahoo (Verizon Inc, 2018). Similar events have
engulfed other large organizations such as Facebook, Grindr, Equifax, TJX, and others. These
and many other companies have suffered significant data exposure events affecting hundreds of
millions of individual records (Gressin, 2017).
The purpose of this quantitative non-experimental cross-sectional study was to assess
factors influencing individual attitude towards blockchain applications when they have concerns
about threats to privacy. As the threats to personal privacy increases, individual behavior could
change and the determinants that influence the adoption of secure technology is likely to provide
practitioners, businesses, and researchers with improved visibility into consumer behavior and
choice (Kraus, Wechsung & Möller, 2017; Acquisti, Brandimarte & Loewenstein, 2015). While
researchers have shown that the individual perception of insecurity can evoke a protective
response (Van Schaik et al., 2018), such insight does not accurately predict protective behavior
when salient psychological and privacy factors also play important roles (Kraus et al., 2017).
A post-positivist worldview provides an opportunity to develop ideas that increase social
occurrence using experiences, views, and perspectives of participants (Karatas-Ozkan, Anderson,
Fayolle, Howells & Candor, 2014). With factor analysis, mathematical methods are used to
119
simplify underlying relationships between variables using patterns of correlations and
observations (Child, 1976). Exploration provides opportunities to uncover salient factors that
underpin individual attitude towards new technology. In exploring individual attitude towards
misuse or loss of personal data, it is necessary to incorporate an appropriate coping strategy such
as intention towards anonymity and control using blockchain technology (Rogers, 1975).
Previous researchers often failed to explore the basic constructs underlying attitude towards
personal data security (Chatterjee et al., 2015; Menard et al., 2014). In this study, the researcher
relied on EFA to analyze latent constructs necessary to determine a subset of relationship that
forms the basis of correlation among factors (Fabrigar & Wegener, 2017). While a qualitative
inquiry would have been more exhaustive and may yield a broader perspective into observed
factors, such method will not provide information on the size of the effect or the strength of each
relationship. EFA, in contrast, involves measuring the variable, determining the correlation
matrix, extracting the factors, optionally rotating the factors for interpretability, and then
subjectively evaluating the results (Tabachnick & Fidell, 2014).
Using participants from a Facebook forum on blockchain, individuals were surveyed on
various scales derived from existing research instruments. The results show that all the research
questions were affirmative and that the selected scales measured and validated the influence of
threat perception, threat vulnerability, self-efficacy, autonomy, and technology affection on
intent to adopt blockchain applications. The results also show that some factors, such as threat
appraisal and technology affections, differ across gender. The preceding finding is supported by
research that shows that men are more impulsive with technology than women (Jung et al. 2019).
There are several limitations in this study, including the source of participants for this study, the
number of participants and their distribution across various demographics and populations.
120
Factor analysis usually benefits from a larger sample size; however, in this study, the sample size
was barely adequate. The location and source of participants is also of some concern. While
Facebook is an acceptable medium for research (Kosinski, Matz, Gosling, Popov & Stillwell,
2015), it is difficult to qualify it as a stable source of participants since membership cannot be
attributed to a location. To minimize the global reach, the survey disallowed the participation for
non-residents of the United States. Despite these concerns, Facebook is acknowledged to be a
valuable research tool for social science researchers (Kosinski, Matz, Gosling, Popov &
Stillwell, 2015). In the next paragraph, the researcher will discuss the implications of the results
of this analysis and make recommendations for practice.
Implications
The findings of this research present an assessment of factors that influence intention
towards blockchain applications, especially in an environment with frequent reports of
organizational insecurity, mobile insecurity, and prevalence of data theft. This study’s findings
imply that there is substantial interest in the casual use of blockchain applications to overcome
threats to privacy. Some hint of this finding was evident in the rapid adoption of cryptocurrencies
worldwide. The results show that blockchain applications will likely spread to other business
sectors, although further confirmation of these findings will clarify this message. An
understanding of the factors that influence intent towards blockchain applications will assist
researchers and practitioners in coping with future demand and designing better services.
In this study, a dominant theme is that perception of threats and technology aptitude
motivates intent towards blockchain applications. Labeled as “I am very afraid,” the first factor
extracted accounted for 39% of the variance on intent towards blockchain applications. It
comprised of items derived from perceived severity of threats and perceived vulnerability to
121
threats. Threat perception and severity were identified as major factors by both genders. While
the significance of threats is more pronounced with women, the impact of tangible threats
provided a basis to validate the utility of the PMT model in this study. Using PMT Rogers (1975)
emphasized the importance of assessing the validity of the threat and coping response in the
context of a clearly defined threat and coping mechanism. In the age of the internet and
smartphones, individuals are likely to store private information in their devices and hence are
more likely to worry about such data being compromised. Popular entertainment and political
personalities have been compromised by the release of private texts, or pictures they thought
were safely stored on their phones (Marwick, 2017). In some cases, families and lives have been
broken by a sudden dump of private messages or media (Zimmerle, 2018). Individuals with
knowledge and experience with blockchain understand its benefits such as autonomy,
anonymity, and integrity. Given this awareness, participants chose technology and threats as the
most important factors influencing intent towards blockchain applications. Surprisingly,
autonomy was not viewed as highly, possibly because autonomy rarely guarantees anonymity.
An analysis of messages on the online message forum StackOverflow found that web
security, mobile security, cryptography, software security, and system security were the leading
topics of concern among technologists (Yang et al., 2016). Other findings support the conclusion
that threats motivate security behavior (Crossler et al., 2014; Ifinedo, 2012; Teodor et al., 2015).
In contrast, Menard et al. (2014) found that convenience is more important in the selection of a
cloud platform for backups, but they acknowledged the strong influence of threats. To emphasize
the importance of security and threat mitigation, the PKI infrastructure which is important for
blockchains is applied to a wide variety of technology initiatives including network security,
internet of things, web, storage and transactional security (Bala, Maity & Jena, 2017). Hence,
122
perceptions of insecurity will continue to affect the development of autonomous technologies
such as blockchain.
Self-efficacy and technology affection were also identified as important factors that
influence intent towards blockchain applications. Self-efficacy refers to the “I can do anything”
mindset. Those individuals are more likely to take on the task of protecting themselves because
they believe they can. A category of users who appear to be enamored with the hype of
blockchain were labeled as the “Blockchain or bust” group. Those sentiments correlate strongly
with the intent to use a blockchain application. The implications are that individuals with
confidence in technology are drawn to platforms such as blockchain. These individuals are more
likely to be competent with private and public keys, digital wallets, and smart contracts. In public
blockchain communities, competence is often rewarded. For example, when a miner computes a
hash that is within a certain parameter, they receive a cryptocurrency reward (Woodside,
Augustine, & Gilberson, 2017). Other factors were also found to be important in influencing
intent towards blockchain applications. The analysis shows that the strength of these factors is
not as high as threats, technology, and latent interest, however, they are important within the
parameters of this research. These factors include privacy and autonomy. Individuals with a
heightened sense of privacy and autonomy are also likely to adopt blockchain applications. This
finding implies that excessive collection of private data and its potential loss may cause
defections from existing products towards blockchain applications.
Recommendations for Practice
Blockchain applications have a strong appeal to individuals with concerns about privacy
or who may rely on personal applications for private artifacts and data. These concerns, when
they are perceived as threats, may cause a change in behavior. Researchers have shown that the
123
majority of pregnant women use pregnancy monitoring applications (Hughes et al., 2019; Lupton
& Pedersen, 2016). While many women expect privacy and anonymity with their pregnancy
records, the applications do not honor those expectations (Zimmerle, 2018). When confronted
with the reality that their data is public, some women may perceive a threat to privacy. Hence, it
is important to validate that applications storing sensitive private data utilize blockchain and PKI
infrastructure to assure the anonymity of clients. Anonymized data if stolen, may not be of great
concern to the owner. While anonymized data is still useful for research, its benefits to criminals
are questionable.
Organizations should also evaluate the necessity to store sensitive private data
anonymously. Organizations should consider the use of other methods of identification that does
not involve linking user identity to the data. Several studies have evaluated better ways to
leverage blockchain to store data anonymously within the blockchain while maintaining minimal
third-party control and conforming with legal mandates (Giancaspro, 2017; Kirkmann &
Newman, 2018). The advent of decentralized autonomous organizations portends the future trend
in business transactions platforms used to conduct business. The Ethereum blockchain platform
features smart contracts that can initiate and complete transactions without identity. As
individuals become even more aware of the limitations of organizational security, blockchain-
type autonomous organizations are likely to gain more ground in the industry (Woodside et al.,
2017). Since research shows that individuals view threats as a major motivator towards
blockchain applications and the incidence of organizational threats is ever present, there is little
choice but to invest in technologies that assure anonymity and minimizes the value of stolen
data. Unfortunately, it is necessary to be aware that blockchain can also be used to create new
124
forms of malware that can overcome existing anti-viral programs (Moubarak, J., Chamoun, M.,
& Filiol, E, 2018).
Recommendations for Future Research
As data breaches and online attacks on organizations escalate across the globe, security is
a major concern of individuals and organizations. The common approach is to implement
security policies and adhere to mandates; however, this approach has not yielded expected
results. Organizations struggle to implement proposed mandates even as workers and security
staff persists as a weak link. Within organizations, training regimens and hardening initiatives
have provided temporary assurances of security. This study illustrates the importance individuals
place on their security and the factors that may compel individuals to seek alternative tools.
Organizations that leverage the knowledge gained from research into autonomous technologies
are likely to prosper in a world where personal-use applications are prevalent.
Future research could provide confirmatory steps necessary to establish the strength and
direction of the factors extracted in this study, as well as validate the linear and non-linear
relationship among these constructs, in the presence of mediating and moderating factors. Future
exploratory research can also be performed in other electronic forums and should utilize larger
populations to validate the conclusions of this study. The next step in this research is
confirmatory analysis using these factors, including the full complement of constructs derived
from TPB and PMT. Portions of chapter 2 in this study could be used to assist future researchers
in familiarizing themselves with the literature.
Conclusions
This study was an attempt to analyze the factors that influence an individual’s intent
toward blockchain applications. This analysis was important because blockchain applications
125
come with built-in anonymity and integrity, which can lessen the concerns about data loss. Since
data breaches and insecurity plague many organizations, mobile applications, cloud vendors, and
even hardware vendors; it is necessary to transact business without reliance on identification.
This study illustrates the importance of fear in motivating attitudes towards blockchain and its
potential to motivate the adoption of blockchain applications. It also highlights the disparity
among genders in the importance of threats and technology in making assessments about
personal security. While male participants place technology high on the list of factors, the female
participants place threats highest. When applications such as pregnancy tracking tools are
insecure, users with sensitivity will worry about exposure of personal records, and this may, in
turn, influence the intent towards blockchain applications. When applications are created for
women’s health, the impact of data insecurity should be taken seriously. Hence, wanton
compromises and fear of data breaches with attendant violations of privacy will increasingly
push users towards blockchain-type applications. Such a trend is already evident in the
cryptocurrency industry where blockchain applications dominate. PMT is appropriate as a model
for this study due to its threat appraisal and coping appraisal constructs. The results support the
findings of many studies which show that threats compel changes in security behavior as
affirmed by this study as well.

126
References
Ablon, L., Heaton, P., Lavery, D. C., & Romanosky, S. (2016). Consumer attitudes toward data
breach notifications and loss of personal information. Santa Monica, CA: RAND
Corporation. doi:10.7249/j.ctt1bz3vwh
Abraham, S. (2012). Exploring the effectiveness of information security training and persuasive
messages Available from Dissertations & Theses Europe Full Text: Business. Retrieved
from http://www.riss.kr/pdu/ddodLink.do?id=T13297098
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age
of information. Science, 30(347), 509-514. doi:10.1126/science.aaa1465
Ajzen, I. (2011). The theory of planned behaviour: Reactions and reflections. Psychology &
Health, 26(9), 1113-1127. doi:10.1080/08870446.2011.613995
Allen, J. (2017). Surviving ransomware. American Journal of Family Law, 31(2), 65. Retrieved
from https://www.ncbi.nlm.nih.gov/labs/journals/am-j-fam-law/
Alsaleh, M., Alomar, N., & Alarifi, A. (2017). Smartphone users: Understanding how security
mechanisms are perceived and new persuasive methods. PLoS One, 12(3), e0173284.
doi:10.1371/journal.pone.0173284
Al-Muhtadi, J., Qiang, M., Saleem, K., AlMusallam, M., & Rodrigues, J. (2018). Misty clouds—
A layered cloud platform for online user anonymity in social internet of things. Future
Generation Computer Systems, 92, 812-820. doi:10.1016/j.future.2017.12.040
Al-Saggaf, Y. (2015). Data mining and privacy of social network site’s users: Implications of the
data mining problem. Science and Engineering Ethics, 21(4), 941-966.
doi:10.1007/s11948-014-9564-6
American Psychological Association. (2003). Ethical Principles of Psychologists and Code of

Conduct. Retrieved from http://www.apa.org/ethics/code.html
Anderson, C., Baskerville, R. L., & Kaul, M. (2017). Information security control theory:
Achieving a sustainable reconciliation between sharing and protecting the privacy of
information. Journal of Management Information Systems, 34(4), 1082.
doi:10.1080/07421222.2017.1394063
Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: A multimethod empirical
examination of home computer user security behavioral intentions. MIS Quarterly, 34(3),
613-643. doi:10.2307/25750694
Andres, A., & Asongu, S. (2013). Fighting software piracy: Which governance tools matter in
Africa? Journal of Business Ethics, 118(3), 66-682. doi:10.1007/s10551-013-1620-7
Anoica, A., & Levard, H. (2018). Quantitative description of internal activity on the Ethereum
public blockchain. 2018 9th IFIP International Conference on New Technologies,
127
Mobility and Security (NTMS) New Technologies, Mobility and Security (NTMS), Paris
France. doi:10.1109/NTMS.2018.8328741
Armitage, C. J., & Conner, M. (2001). Efficacy of the theory of planned behaviour: A meta-
analytic review. British Journal of Social Psychology, 40(4), 471-499.
doi:10.1348/014466601164939
Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare.
International Journal of Internet and Enterprise Management, 6(4), 279-314.
doi:10.1504/IJIEM.2010.035624
Assadulah, A. M., & Onyefolahan, I. O. (2015). Factors influencing information privacy concern
in cloud computing environment. International Symposium on Mathematical Sciences
and Computing Research (iSMSC). Symposium conducted by the Institute of Electrical
and Electronics Engineers (IEEE), Ipon Malaysia. doi:10.1109/ISMSC.2015.7594059
Auspurg, K., & Hinz, T. (2015). Factorial survey experiments. Los Angeles CA: SAGE.
Azaria, A., Ekblaw, A., Vieira, T., & Lippman, A. (2016). MedRec: Using Blockchain for
Medical Data Access and Permission Management. Paper presented at 2nd International
Conference on Open and Big Data (OBD), Vienna, Austria. doi:10.1109/OBD.2016.11
Bala, D. Q., Maity, S., & Jena, K. S. (2017). Mutual authentication for IoT smart environment
using certificate-less public key cryptography. Third International Conference on
Sensing, Signal Processing and Security (ICSSS). Institute of Electrical and Electronics
Engineers (IEEE), Chennai, India. doi:10.1109/SSPS.2017.8071559
Bailey, L. (2014) IRB: History and ethical principles. Fort Lauderdale, FL: CITI Program.
Retrieved from https://www.citiprogram.org
Bandura, A. (1991). Social cognitive theory of self-regulation. Organizational Behavior and

Human Decision Processes, 50(2), 248-287. doi:10.1016/0749-5978(91)90022-L
Barnham, C. (2012). Separating methodologies? International Journal of Market Research,

54(6), 736–738. doi:10.2501/IJMR-54-6-736-738
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident centered information security:
Managing a strategic balance between prevention and response. Information and
Management, 51(1), 138-151. doi:10.1016/j.im.2013.11.004
Bazerman, M. H., & Gino, F. (2012). Behavioral ethics: Toward a deeper understanding of moral
judgment and dishonesty. Annual Review of Law and Social Science, 8(1), 85-104.
doi:10.1146/annurev-lawsocsci-102811-173815
Beavers, A. S., Lounsbury, J. W., Richards, J. K., Huck, S. W., Skolits, G. J., & Esquivel, S. L.
(2013). Practical considerations for using exploratory factor analysis in educational
research. Practical Assessment, Research & Evaluation, 18(6), 1-13. Retrieved from
https://pareonline.net/pdf/v18n6.pdf
128
Beck, R., Czepluch, J. S., Lollike, N., & Malone, S. (2016). Blockchain – The gateway to trust-
free cryptographic transactions. Proceedings at AIS Electronic Library: Research
Papers: Vol. 153. Retrieved from http://aisel.aisenet.org/ecis2016_rp/153
Bollen, K., & Lennox, R. (1991). Conventional wisdom on measurement: A structural equation
perspective. Psychological Bulletin, 110(2), 305-314. 10.1037//0033-2909.110.2.305
Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems
users have to fear? Using fear appeals to engender threats and fear that motivate
protective security behaviors. MIS Quarterly, 39(4), 837. Retrieved from http://misq.org
Boyce, B. (2017). Emerging technology and the health insurance portability and accountability
act. Journal of the Academy of Nutrition and Dietetics, 117(4), 517.
doi:10.1016/j.jand.2016.05.013
Bringula, R. P., Moraga, S. D., Catacutan, A. E., Jamis, M. N. & Mangao, D. F. (2018). Factors
influencing online purchase intention of smartphones: A hierarchical regression analysis.
Cogent Business & Management, 5(1) doi:10.1080/23311975.2018.1496612
Bruch, E., & Feinberg, F. (2017). Decision-making processes in social contexts. Annual Review
of Sociology, 43, 207. doi:10.1146/annurev-soc-060116-053622
Buchanan, T., Paine, C., Joinson, A. N., & Reips, U. (2007). Development of measures of online
privacy concern and protection for use on the Internet. Journal of The American Society
For Information Science & Technology, 58(2), 157-165. doi:10.1002/asi.20459
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An
empirical study of rationality-based beliefs and information security awareness. MIS
Quarterly, 34(3), 523-548. Retrieved from http://www.misq.org
Cattell, R. (2010). The scree test for the number of factors. Multivariate Behavioral Research,
1(1966-2), 245-276. doi:10.1207/s15327906mbr0102_10
Chaoqun M., Xiaolin K., Qiujun L., & Zhongding Z. (2019). The privacy protection mechanism
of Hyperledger Fabric and its application in supply chain finance. Cybersecurity, (1), 1.
doi:10.1186/s42400-019-0022-2
Chatterjee, S., Sarker, S., & Valacich, J. S. (2015). The behavioral roots of information systems
security: Exploring key factors related to unethical IT use. Journal of Management
Information Systems, 31(4), 49. doi:10.1080/07421222.2014.1001257
Chen, Y., Ramamurthy, K., & Wen, K. (2012). Organizations' information security policy
compliance: Stick or carrot approach? Journal of Management Information Systems,
29(3), 157-188. doi:10.2753/MIS0742-1222290305
Chen, S., Chiang, D., Liu, C., Chen, T., Lai, F., Wang, H., & Wei, W. (2016). Confidentiality
protection of digital health records in cloud computing. Journal of Medical Systems,
40(5), 1-12. doi:10.1007/s10916-016-0484-7
129
Chickowski, E. (2016). Average cost of data breaches rises past $4 million, Ponemon says.
Retrieved from Dark Reading website http://www.darkreading.com/risk/average-cost-of-
data-breaches-rises-past-$4-million-ponemon-says/d/d-id/1325921
Child, D. (1976). The essentials of factor analysis (Repr. ed.). London: Holt, Rinehart &
Winston.
Cisco.com. (2016, October). An Introduction to the Internet of Things (IoT). Retrieved from
Cisco website
http://www.cisco.com/c/dam/en_us/solutions/trends/iot/introduction_to_IoT_november.p
df.
Citron, D. K. (2019). Sexual privacy. Yale Law Journal, 128(7), 1870-1960. Retrieved from
https://www.yalelawjournal.org
Cohen, I. G., Hoffman, S., & Adashi, E. Y. (2017). Your money or your patient's life?
Ransomware and electronic health records. Annals of Internal Medicine, 167(8), 587-588.
doi:10.7326/M17-1312
Coinbase. (2017). Bitcoin, Ethereum, and Litecoin Price Charts. Available from Coinbase
website https://www.coinbase.com/charts?locale=en-US
Çokluk, Ö, & Koçak, D. (2016). Using horn's parallel analysis method in exploratory factor
analysis for determining the number of factors. Kuram Ve Uygulamada Egitim Bilimleri,
16(2), 537. doi:10.12738/estp.2016.2.0328
Cortina, J. M. (1993). What is coefficient alpha? An examination of theory and applications.

Journal of Applied Psychology, 78, 98-104. doi:10.1037/0021-9010.78.1.98
Creswell, J. W., & Creswell, J. D. (2017). Research design: qualitative, quantitative, and mixed
methods approaches. (5th Ed.). Los Angeles, CA: Sage
Crossler, R., & Bélanger, F. (2014). An extended perspective on individual security behaviors:
Protection motivation theory and a unified security practices (USP) instrument. Database
for Advances in Information Systems, 45(4), 51. doi:10.1145/2691517.2691521/
Experian (2018). Data Breach Industry Forecast. Available from Experian Inc.
http://www.experian.com
Deci, E., & Ryan, R. M. (1985). The general causality orientations scale: Self-determination in
personality. Journal of Research in Personality, 19, 109-134. doi:10.1016/0092-
6566(85)90023-6
Degabriele, J. P., & Stam, M. (2018). Untagging Tor: A Formal Treatment of Onion Encryption.
Paper presented at the Annual International Conference on the Theory and Applications
of Cryptographic Techniques - EUROCRYPT 2018. Tel Aviv, Israel. doi:10.1007/978-3-
319-78372-7_9
130
Dienlin, T., & Trepte, S. (2015). Is the privacy paradox a relic of the past? An in-depth analysis
of privacy attitudes and privacy behaviors. European Journal of Social Psychology, 45,
285-297. doi: 10.1002/ejsp.2049
Donate, M. J., & Guadamillas, F. (2011). Organizational factors to support knowledge

management and innovation. Journal of Knowledge Management, 15(6), 890-914.
doi:10.1108/13673271111179271
Dutta, A., Peng, G. C., & Choudray, A. (2013). Risks in enterprise cloud computing: The
perspective of IT experts. The Journal of Computer Information Systems, 53(4), 39-48.
doi:10.1080/08874417.2013.11645649
Edwards, B., Hofmeyr, S., & Forrest, S. (2016). Hype and heavy tails: A closer look at data
breaches. Journal of Cybersecurity, 2(1), 3-14. doi:10.1093/cybsec/tyw003
Edwards, J. R., & Bagozzi, R. P. (2000). On the nature and direction of relationships between
constructs and measures. Psychological Methods, 5(2), 155-174. 10.1037//1082-
989X.5.2.155
Emekter, R., Tu, Y., & Jirasakuldech, B. (2015). Evaluating credit risk and loan performance in
online Peer-to-Peer (P2P) lending. Applied Economics, 47(1), 54-70. doi:
10.1080/00036846.2014.962222
Equifax/Harris Consumer Privacy (1996). Available from Equifax website

http://www.frogfire.com/frogfire_archive/equifax/consumers/privacy_survey/privacy_sur
vey_1996.html
Fabrigar, L. R., & Wegener, D. T. (2017). Further considerations on conceptualizing and

evaluating the replication of research results. Journal of Experimental Social Psychology,
69, 241-243 doi:10.1016/j.jesp.2016.09.003
Favaretto, M., De Clercq, E., & Elger, B. S. (2019). Big data and discrimination: Perils, promises
and solutions. A systematic review. Journal of Big Data, 6(1), 1-1. doi:10.1186/s40537-
019-0177-4
Federal Bureau of Investigation. (2016). Incidents of Ransomware on the Rise. Retrieved from
http://scholar.aci.info/view/154eecbdee300110002/1555446de9a00014c0b
Fields, A. (2013). Discovering statistics using SPSS. CA: Sage Publications.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems:
Causal relationships of risk factors and vulnerability propagation analysis. Information
Sciences, 256, 57-73. doi:10.1016/j.ins.2013.02.036
Franklin, S. B., Gibson, D. J., Robertson, P. A., Pohlmann, J. T., & Fralish, J. S. (1995). Parallel
analysis: A method for determining significant principal components. Journal of
Vegetation Science, 6, 99-106. Retrieved from https://opensiuc.lib.siu.edu/pb_pubs/9/
131
Freet, D., Agrawal, R., John, S., & Walker, J. (2015). Cloud forensics challenges from a service
model standpoint: IaaS, PaaS and SaaS. Paper presented at MEDES '15 Proceedings of
the 7th International Conference on Management of computational and collective
intelligence in digital ecosystems (Pages 148-155). Caraguatatuba Brazil.
doi:10.1145/2857218.2857253
Fuller, C., Simmering, M., Atinc, G., Atinc, Y., & Babin, B. (2016). Common methods variance
detection in business research. Journal of Business Research, 69(8), 3192-3198. doi:
10.1016/j.jbusres.2015.12.008
Gartner. (2016). Gartner Says by 2020 ‘Cloud Shift’ Will Affect More Than $1 Trillion in IT
Spending. Available from Gartner Inc. website:
http://www.gartner.com/newsroom/id/3384720
Giancaspro, M. (2017). Is a ‘smart contract’ really a smart idea? Insights from a legal
perspective. Computer Law and Security Review, 33, 827-83.
doi:10.1016/j.clsr.2017.05.007
Gino, F., & Staats, B. (2015). Why organizations don’t learn. Harvard Business Review.
Available from Harvard Business Review website https://hbr.org/2015/11/why-
organizations-dont-learn
Goldberg, E. (2013). Preventing a data breach from becoming a disaster. Journal of Business
Continuity & Emergency Planning, 6(4), 295-303. Retrieved from
http://www.henrystewartpublications.com/
Gordon, W., Wright, A. & Landman, A. (2017). Blockchain in health care: Decoding the hype.
Retrieved from https://catalyst.nejm.org/decoding-blockchain-technology-health/
Graber, A. (2016). Lessons from Tuskegee: What law enforcement can learn from the history of
bioethics. Criminal Justice Ethics, 35(2), 123-141. doi:10.1080/0731129X.2016.1204715
Green, A., Albanese, B., Cafri, G., & Aarons, G. (2014). Leadership, organizational climate, and
working alliance in a children’s mental health service system. Community Mental Health
Journal, 50(7), 771-777. doi:10.1007/s10597-013-9668-5
Gressin, S. (2017). The Equifax data breach: What to do. Federal Trade Commission. Retrieved
from Equifax website https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-
what-do
Grover, V., & Lyytinen, K. (2015). New state of play in information systems research: The push
to the edges. MIS Quarterly, 39(2), 271-296 doi:10.25300/MISQ/2015/39.2.01
Guzman, A., & Jones, S. (2014). Napster and the press: Framing music technology. First
Monday, 19, 10-6. doi:10.5210/fm.v19i10.5545
Hammill, A. (2017). The rise and wrath of ransomware and what it means for society (Masters
Thesis). Available from Dissertations & Theses @ Utica College.
132
Harman, H.H. (1976). Modern factor analysis (3rd ed. revised). Chicago, IL: University of
Chicago Press.
Hart, S. (2016). After the data breach: Managing the crisis and mitigating the impact. Journal of
Business Continuity and Emergency Planning, 9(4), 317-327.
Harun, S. (2017). Emotional intelligence and self-esteem as predictors of teacher self-efficacy.

Journal of Educational Research and Reviews, 12(22), 1107-1111. doi:
10.5897/ERR2017.3385
Health Insurance Portability and Accountability Act (HIPAA). (1996). P.L. No. 104-191, 110
Stat. 1938. U.S. Congress.
Herath, T. & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security
policy compliance in organizations. European Journal of Information Systems, 18(2),
106-125. doi:10.1057/ejis.2009.6
Horn, J. L. (1965). A rational and test for the number of factors in factor analysis.
Psychometrika, 30(2), 179-185. doi:10.1007/BF0228944
Hughes, L., Dwivedi, Y., Misra, S., Rana, N., Raghavan, V., & Akella, V. (2019). Blockchain
research, practice and policy: Applications, benefits, limitations, emerging research
themes and research agenda. International Journal of Information Management, 49, 114-
129. doi:10.1016/j.ijinfomgt.2019.02.005
Huigang, L., & Yajiong, X. (2009). Avoidance of information technology threats: A theoretical
perspective. MIS Quarterly, 33(1), 71-90. Retrieved from http://misq.org
Humphreys, L. G., & Montanelli, R. G. Jr. (1975). An investigation of the parallel analysis
criteria on for determining the number of common factors. Multivariate Behavioral
Research, 10, 193–205. doi:10.1207/s15327906mbr1002_5
Ifinedo, P. (2012). Understanding information systems security policy compliance: An

integration of the theory of planned behavior and the protection motivation theory.
Computers & Security, 31(1), 83-95. doi:10.1016/j.cose.2011.10.007
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79. doi:10.1016/j.im.2013.10.001
Information Portal: General Data Protection Regulation (2018) European Union. Retrieved from
https://www.eugdpr.org/
Jasso, G. (2006). Factorial survey methods for studying beliefs and judgments. Sociological
Methods & Research, 34(3), 334-423. doi:10.1177/0049124105283121
133
Jolliffe, I. T. (1972). Discarding variable in a principal component analysis 1: Artificial data.

Journal of the Royal Statistical Society. Series C (Applied Statistics), 21(2), 160-173. doi:
10.2307/2346488
Joly, Y., Feze, I, N., & Simard, J. (2013). Genetic discrimination and life insurance: A
systematic review of the evidence. BMC Medicine, 11(25), 1-1. doi:10.1186/1741-7015-
11-25
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An
empirical study. MIS Quarterly, 34(3), 549-566. Retrieved from http://misq.org
Joskow, P. L. (2002). Transaction cost economics, antitrust rules, and remedies. Journal of Law,
Economics, & Organization, 18(1), 95-116. doi:10.1093/jleo/18.1.95
Jung, J., Bapna, R., Ramaprasad, J., & Umyarov, A. (2019). Love unshackled: Identifying the
effect of mobile app adoption in online dating. MIS Quarterly, 43(1), 47-72.
doi:10.25300/MISQ/2019/14289
Kaiser, H. F. (1960). The application of electronic computers to factor analysis. Education and
Psychological Measurement, 20, 141-151. doi:10.1177/001316446002000116
Karatas-Ozkan, M., Anderson, A. R., Fayolle, A., Howells, J., & Condor, R. (2014).
Understanding entrepreneurship: Challenging dominant perspectives and theorizing
entrepreneurship through new postpositivist epistemologies. Journal of Small Business
Management, 52(4), 589-593. doi:10.1111/jsbm.12124
Kelley, S. W., Skinner, S. J., & Ferrell, O. C. (1989). Opportunistic behavior in marketing
research organizations. Journal of Business Research, 18(4), 327-340. doi:10.1016/0148-
2963(89)90025-8
Kendall, K. E., Kendall, J. E., & Lee, K. C. (2005). Understanding disaster recovery planning
through a theatre metaphor: Rehearsing for a show that might never open.
Communications of the Association for Information Systems, 16, 1.
doi:10.17705/1CAIS.01651
Khan, S. I., Sayed, A., & Hoque, L. (2016). Digital health data: A comprehensive review of
privacy and security risks and some recommendations. Computer Science Journal of
Moldova, 24(2), 273-292. Retrieved from
https://doaj.org/article/188a32c6147244ccb294c3b56a9ee689
Kim, J., Park, E., & Baskerville, R. L. (2016). A model of emotion and computer abuse.
Information and Management, 53, 91-108. doi:10.1016/j.im.2015.09.003
King, B., & Thatcher, A. (2014). Attitudes towards software piracy in South Africa: Knowledge
of intellectual property laws as a moderator. Behavior and Information Technology,
33(3), 209-223. doi: 10.1080/0144929X.2012.688870
134
Kiraz, M. (2016). A comprehensive meta-analysis of cryptographic security mechanisms for

cloud computing. Journal of Ambient Intelligence & Humanized Computing, 7(5), 731.
doi:10.1007/s12652-016-0385-0
Kirkman, S., & Newman, R. (2018). A cloud data movement policy architecture based on smart
contracts and the Ethereum blockchain. IEEE International Conference on Cloud
Engineering (IC2E). Orlando, Florida, USA. doi:10.1109/IC2E.2018.00071
Kosinski, M., Matz, S. C., Gosling, S. D., Popov, V., & Stillwell, D. (2015). Facebook as a
research tool for the social sciences: Opportunities, challenges, ethical considerations,
and practical guidelines. American Psychologist, 70(6), 543-556. doi:10.1037/a0039210
Kraus, L., Wechsung, I., & Möller, S. (2017). Psychological needs as motivators for security and
privacy actions on smartphones. Journal of Information Security and Applications, 34,
34–45. Retrieved from http://www.elsevier.com/locate/jisa
Kshetri, N. (2017). Blockchain's roles in strengthening cybersecurity and protecting privacy.

Telecommunications Policy, 41, 1027-1038. doi:10.1016/j.telpol.2017.09.003
Kuhn, T. S. (2012). The structure of scientific revolutions, 50th Ed. Chicago, IL: University of
Chicago Press.
Lai, P. C. (2017). The literature review of technology adoption models and theories for the
novelty technology. Journal of Information Systems and Technology Management, 14(1),
21. doi:10.4301/S1807-17752017000100002
Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A
threat avoidance perspective. Journal of the Association for Information Systems, 11(7),
394-413. Retrieved from http://aisel.aisnet.org/jais/
Leonard, L. N. K., Cronan, T. P., & Kreie, J. (2004). What influences IT ethical behavior
intentions—planned behavior, reasoned action, perceived importance, or individual
characteristics? Information & Management, 42(1), 143-158.
doi:10.1016/j.im.2003.12.008
Lomas, N. (2018, April 3). Grindr hit with privacy complaint in Europe over sharing user data.
Retrieved from Techcrunch website https://techcrunch.com/2018/04/03/grindr-hit-with-
privacy-complaint-in-europe-over-sharing-user-data/
Lub, V. (2015). Validity in qualitative evaluation. International Journal of Qualitative Methods,

14(5), 1-8. doi:10.1177/1609406915621406
Ludwig, S., van Laer, T., DeRuyter, K., & Friedman, M. (2016). Untangling a web of lies:
Exploring automated detection of deception in computer-mediated communication.
Journal of Management Information Systems, 33(2), 511-541.
doi:10.1080/07421222.2016.1205927
135
Lupton, D., & Pedersen, S. (2016). An Australian survey of women’s use of pregnancy and
parenting apps. Women and Birth, 29(4), 368–375. doi:10.1016/j.wombi.2016.01.008.
Macas, M., Moretti, F., Fonti, A., Giantomassi, A., Comodi, G., Annunziato, M., Capra, A.
(2016). The role of data sample size and dimensionality in neural network based
forecasting of building heating related variables. Energy & Buildings, 111, 299-310.
doi:10.1016/j.enbuild.2015.11.056
Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised
theory of fear appeals and attitude change. Journal of Experimental Social Psychology,
19(5), 469-479. doi:10.1016/0022-1031(83)90023-9
Malheiros, M., Preibusch, S., & Sasse, M. A. (2013). “Fairly truthful”: The impact of perceived
effort, fairness, relevance, and sensitivity on personal data disclosure. Paper presented at
the Trust and Trustworthy Computing, (pp. 250-266), Berlin, Germany. doi:
10.1007/978-3-642-38908-5_19
Marmonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat
awareness on privacy-protective behaviors. Computers in Human Behavior, 83, 32-44.
doi:10.1016/j.chb.2018.01.028
Marangunić, N., & Granić, A. (2015). Technology acceptance model: A literature review from
1986 to 2013. Universal Access in the Information Society, 14(1), 81-95.
doi:10.1007/s10209-014-0348-1
Marwick, A. (2017). Scandal or sex crime? Gendered privacy and the celebrity nude photo leaks.
Ethics & Information Technology, 19(3), 177-191. doi:10.1007/s10676-017-9431-7
Mamonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat awareness
on privacy-protective behaviors. Computers in Human Behavior, 83, 32-44.
doi:10.1016/j.chb.2018.01.028
Mason, R. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5-12.
Retrieved from http://misq.org
McAlynn, D. (2017). WannaCry/NotPetya and how we failed miserably! ISSA Journal, 15(10),
35-46. Retrieved from http://www.issa.org/
McBride, K. N. (2014). ACTIVE ethics: An information systems ethics for the internet age.
Journal of Information, Communication and Ethics in Society, 12(1), 21-44.
doi:10.1108/JICES-06-2013-0017
McCallister, E., Grance, T., & Scarfone, K. (2010). Guide to protecting the confidentiality of
personally identifiable information (PII). Gaithersburg, MD: U.S. Dept. of Commerce,
National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-122
136
McGreevy, G. (2017). Blockchain: Considerations for Infosec. (ISSA Journal No. 25). Retrieved
from Information Systems Security Association International website
https://www.issa.org
Menard, P., Gatlin, R., & Warkentin, M. (2014). Threat protection and convenience: Antecedents
of cloud-based data backup. Journal of Computer Information Systems, 55(1), 83-91.
doi:10.1080/08874417.2014.11645743
Menard, P., Bott, G. J., & Crossler, R. E. (2017). User motivations in protection information
security: Protection motivation theory versus self-determination theory. Journal of
Management Information Systems, 34(4), 1203-1230.
doi:10.1080/07421222.2017.1394083
Meredith, S. (2018). Facebook-Cambridge Analytica: A timeline of the data hijacking scandal.

CNBC. Retrieved from https://www.cnbc.com/2018/04/10/facebook-cambridge-
analytica-a-timeline-of-the-data-hijacking-scandal.html
Moubarak, J., Chamoun, M., & Filiol, E. (2018). Developing a K-ary malware using blockchain.
NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium
Taipei, Taiwan. doi: 10.1109/NOMS.2018.8406331
Nakamoto, S. (2009). Bitcoin: A peer-to-peer electronic cash system. Retrieved from

https://s3.amazonaws.com/academia.edu.documents/32413652/BitCoin_P2P_electronic_
cash_system.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=152375
7055&Signature=0sWtehbhKLp%2FrvzgL7zyErEgG6k%3D&response-content-
disposition=inline%3B%20filename%3DBitcoin_A_Peer-to-
Peer_Electronic_Cash_S.pdf
Neeraj, K., Iqbal, R., Misra, S., & Rodrigues, J. (2015). An intelligent approach for building a
secure decentralized public key infrastructure in VANET. Journal of Computer and
Systems Sciences, 81(6), 1042-1058. doi:10.1016/j.jcss.2014.12.016
Nguyen H. D., Yunshi L., Ping-Fu H., & Sheng-Hung, Y. (2014). An empirical study of the
organizational culture, leadership and firm performance in a Vietnam family business.
International Journal of Organizational Innovation (Online), 6(4), 109. Retrieved from
http://www.ijoi-online.org/
Nunez, J. L., & Leon, J. (2015). Autonomy support in the classroom: A review of self-
determination theory. European Psychologist, 20, 275-283. doi:10.1027/1016-
9040/a000234
Northcentral University – NCU (2018). RoadRunner. Available from https://library.ncu.edu/
O'Connor, B. P. (2000). SPSS and SAS programs for determining the number of components
using parallel analysis and Velicer's MAP test. Behavior Research Methods,
Instrumentation, and Computers, 32(3), 396-402. doi:10.3758/BF03200807
137
O'Leary, D. E. (2017). Configuring blockchain architectures for transaction information in

blockchain consortiums: The case of accounting and supply chain systems. Intelligent
Systems in Accounting, Finance and Management, 24(4), 138-147. doi:10.1002/isaf.1417
Olesen, M. H., Thomsen, D. K., & O’Toole, M. S. (2015). Subjective well-being: Above
neuroticism and extraversion, autonomy motivation matters. Personality and Individual
Differences, 77, 45-49. doi:10.1016/j.paid.2014.12.033
Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud
computing adoption: An analysis of the manufacturing and services sectors. Information
& Management, 51, 497-510. doi:10.1016/j.im.2014.03.006
Osborne, J. W. (2015). What is rotating in exploratory factor analysis? Practical Assessment,

20(2), 1-7. Retrieved from https://doaj.org/article/f4f74af32f084fe1af7925092f9acbc1
Ozer, E. M., & Bandura, A. (1990). Mechanism governing empowerment effects: A self-efficacy
analysis. Journal of Personality and Social Psychology, 58(3), 472-486.
doi:10.1037/0022-3514.58.3.472
Parise, S., Guinan, P. J., & Kafka, R. (2016). Solving the crisis of immediacy: How digital
technology can transform the customer experience. Business Horizons, 59, 411-420.
doi:10.1016/j.bushor.2016.03.004
Patel, N. (2015). Metallica sued Napster 15 years ago today. Retrieved from The Verge website
https://www.theverge.com/2015/4/13/8399099/metallica-sued-napster-15-years-ago-
today
Pedhazur, E. & Schmelkin, L. (1991). Measurement, design and analysis. Hillsdale, NJ: Erlbaum
Pfleeger, S. L., Sasse, M. A., & Furnham, A. (2014). From weakest link to security hero:
Transforming staff security behavior. Journal of Homeland Security and Emergency
Management, 11(4), 489-510. doi:10.1515/jhsem-2014-0035
Parlapiano, A. (2018, April 3). Are you a U.S citizen? How a 2020 census question could affect
states. Retrieved from The New York Times website http://www.nytimes.com
Podsakoff, P. M., MacKenzie, S. B.., Lee, J. Y., & Podsakoff, N. P. (2003) Common method
bias in behavioral research: A critical review of the literature and recommended
remedies. Journal of Applied Psychology, 88(5), 879–903. doi:10.1037/0021-
9010.88.5.879
Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders'
protection of organizational information assets: Development of a systematics-based
taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly,
37(4), 1189. Retrieved from https://www.misq.org/
138
Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The impact of organizational commitment on
insiders' motivation to protect organizational information assets. Journal of Management
Information Systems, 32(4), 179-214. doi:10.1080/07421222.2015.1138374
Preibusch, S., Peetz, T., Acar, G., & Berendt, B. (2016). Shopping for privacy: Purchase details
leaked to PayPal. Electronic Commerce Research and Applications, 15, 52–64.
doi:10.1016/j.elerap.2015.11.004
Price, G. (2016). New data: Half a billion personal records stolen or lost in 2015, Symantec
releases new edition of internet security threat report. Retrieved from Infodocket website
http://www.infodocket.com/2016/04/12/new-data-half-a-billion-personal-records-stolen-
or-lost-in-2015-symantec-releases-new-edition-of-internet-security-threat-report/
Primoff, W., & Kess, S. (2017). The Equifax data breach: What CPA’s and firms need to know
now. CPA Journal, 87(12), 14-17. Retrieved from https://www.cpajournal.com
Richardson, R. & North, M. (2017). Ransomware: Evolution, mitigation and prevention.

International Management Review, 13(1), 10-21. Retrieved from
https://digitalcommons.kennesaw.edu/facpubs/4276
Rindfleisch, A., & Heide, J. B. (1997). Transaction cost analysis: Past, present, and future
applications. Journal of Marketing, 61(4), 30-54. Retrieved from
http://www.jstor.org/stable/1252085
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change.
Journal of Psychology, 91(1), 93-114. doi:10.1080/00223980.1975.9915803
Rogoff, B. (2015). Culture and participation: A paradigm shift. Current Opinion in Psychology,
8, 182-189. doi:10.1016/j.copsyc.2015.12.002
Russell, D., Rinnen, P., & Rhame, R. (2017). Magic quadrant for data center backup and
recovery solutions. Gartner Research Report. Available from Gartner website
https://www.gartner.com/en
Ryan, R., & Deci, E. L. (2000). Intrinsic and extrinsic motivations: Classic definitions and new
directions. Contemporary Educational Psychology, 25(1), 54-67.
doi:10.1006/ceps.1999.1020
Ryan, R., Deci, E. L., Grolnick, W. S., & La Guardia, J. G. (2015). The significance of autonomy
and autonomy support in psychological development and psychopathology. In A.
Cichetti, D., & Cohen, D. J. (Eds.), Developmental Psychopathology: Volume One:
Theory and Method, Second Edition (pp. 61). doi:10.1002/9780470939383.ch20
Schaub, A., Bazin, R., Hasan, O., & Brunie, L. (2016). A trustless privacy-preserving reputation
system., 31st IFIP International Information Security and Privacy Conference (SEC),
Ghent, Belgium. pp.398-411. doi:10.1007/978-3-319-33630-5_27
139
Scott, J. (2015). Deterring malicious behavior in cyberspace. Strategic Studies Quarterly, 9(1),
60. Retrieved from http://www.airuniversity.af.mil/SSQ/
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), 4.
doi:10.1080/07421222.2015.1063315
Senyo, K. P., Addae, E., & Boateng, R. (2018). Cloud computing research: A review of research
themes, frameworks, methods and future research directions. International Journal of
Information Management, 38, 128-139. doi:10.1016/j.ijinfomgt.2017.07.007
Shalvi, S., Gino, F., Barkan, R., & Ayal, S. (2015). Self-serving justifications: Doing wrong and
feeling moral. Current Directions in Psychological Science, 24(2), 125-130.
doi:10.1177/0963721414553264
Sheldon, K. M. (1995). Creativity and self-determination in personality. Creativity Research

Journal, 8(1), 25-36 doi:10.1207/s15326934crj0801_3
Shepherd, D. A., & Suddaby, R. (2017). Theory building: A review and integration. Journal of
Management, 43(1), 59-86. doi:10.1177/0149206316647102
Shoshana, Z. (2015). Big other: surveillance capitalism and the prospects of an information
civilization. Journal of Information Technology, 30(1), 75-89. doi:10.1057/jit.2015.5
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees' adherence to information
security policies: An exploratory field study. Information & Management, 51(2), 217-
224. doi:10.1016/j.im.2013.08.006
Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee
information systems security policy violations. MIS Quarterly, 34(3), 487-502.
doi:10.2307/25750688
Skiba, D. (2017). The potential of blockchain in education and health care. Nursing Education
Perspectives, 38(4), 220. doi:10.1097/01.NEP.0000000000000190
Smith, J. H., Milberg, S., & Burke, S. (1996). Information privacy: Measuring individuals'
concerns about organizational practices. MIS Quarterly, 20(2), 167-196.
doi:10.2307/249477
Solove, D., & Citron, D. K. (2018). Risk and anxiety: A theory of data-breach harms. Texas Law
Review, 96(4), 737-786. doi:10.2139/ssrn.2885638
Sommestad, T., Karlzén, H., & Hallberg, J. (2015). A meta-analysis of studies on protection
motivation theory and information security behaviour. International Journal of
Information Security and Privacy (IJISP), 9(1), 26-46. doi:10.4018/IJISP.2015010102
140
Sontakke, K. A., & Ghaisas, A. (2017). Cryptocurrencies: A developing asset class. International
Journal of Business Insights & Transformation., 10(2), 10-17.
doi:10.1080/1540496X.2016.1193002
Spradley, J. P. (2016). Participant observation. Long Grove, IL: Waveland Press.
Spector, P. E. (1992). A consideration of the validity and meaning of self-report measures of job
conditions. In C. L. Cooper, & I. T. Robertson (Eds.), International Review of Industrial
and Organizational Psychology, 7, 123-151. Retrieved from
https://ci.nii.ac.jp/naid/10012080921
Stahl, B. C., Timmermans, J., & Mittlestadt, B. D. (2016). The ethics of computing: A survey of
the computing-oriented literature. ACM Computing Surveys, 48(4), 55. doi:
10.1145/2871186
Stavova, V., Matyas, V., Just, M., & Ukrop, M. (2017). Factors influencing the purchase of
security software for mobile devices – Case study. Infocommunications Journal, 9(1), 18-
23. Retrieved from https://www.infocommunications.hu/
Stebbins, R. A. (2001). Exploratory research in the social sciences. Thousand Oaks, CA: Sage
Stephens, W., Vance, C., & Pettegrew, L. (2012). Embracing ethics and morality. CPA Journal,
82(1), 16-21. doi:10.1016/j.clsr.2017.03.016
Stevens, J. P. (2002). Applied multivariate statistics for the social sciences (4th ed.). Mahwah
NJ, US: Lawrence Erlbaum Associates Publishers.
Strozer, J. R., Collins, M. L., & Cassidy, T. (2014). Unintentional Insider Threats: A Review of
Phishing and Malware Incidents by Economic Sector. Retrieved from CERT website
http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=296268
Sullivan, C., & Burger, E. (2017). E-residency and blockchain. Computer Law and Security
Review, 33, 470-481. doi:10.1016/j.clsr.2017.03.016
Syverson P., Tsudik G., Reed M., & Landwehr C. (2009) Towards an analysis of Onion Routing
Security. In A. Federrath H. (Eds.), Designing Privacy Enhancing Technologies. Lecture
Notes in Computer Science. Berlin, Heidelberg: Springer. doi:10.1007/3-540-44702-4_6
Tabachnick, B. G., & Fidell, L. S. (2014). Using Multivariate Statistics. Essex, England: Pearson
Education Ltd.
Tang, C., & Liu, J. (2015). Selecting a trusted cloud service provider for your SaaS program.
Computers & Security, 50, 60-73. doi:10.1016/j.cose.2015.02.001
Tavani, H.T. (2007). Philosophical theories of privacy: Implications for an adequate online
privacy policy. Metaphilosophy, 38(1), 1–22, doi:10.1111/j.1467-9973.2006.00474.x
141
Teevale, T., Denny, S., Percival, T., & Fleming, T. (2013). Pacific secondary school students'
access to primary health care in New Zealand. The New Zealand Medical Journal,
126(1375), 58. Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/23824025
Teodor, S., Karlzen, H., & Hallberg, J. (2015). A meta-analysis of studies on protection
motivation theory and information security behavior. International Journal of
Information Security and Privacy, 9(1), 26-46. doi:10.4018/IJISP.2015010102
The Belmont Report. (1979). U.S. Department of Health and Human Services Retrieved from
HHS.gov website https://www.hhs.gov/ohrp/regulations-and-policy/belmont-
report/index.html
The Economist. (2015, October 31). Blockchain: The Next Big Thing. Retrieved from The
Economist website https://www.economist.com/news/leaders/21677198-technology-
behind-bitcoin-could-transform-how-economy-works-trust-machine
Trochim, W. M. K., & Donnelly, J. P. (2008). Research methods knowledge base (3rd ed.).
Mason, OH: Cengage.
Tsai, H. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., & Cotten, S. R. (2016).
Understanding online safety behaviors: A protection motivation theory perspective.
Computers & Security, 59, 138-150. doi:10.1016/j.cose.2016.02.009
U.S. Department of Health and Human Services, National Institutes of Health, Health
Information. (2016). Guiding principles for ethical research: Pursuing potential research
participants protections. Retrieved from NIH website https://www.nih.gov/health-
information/nih-clinical-research-trials-you/guiding-principles-ethical-research
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from
habit and protection motivation theory. Information & Management, 49(3-4), 190. doi:
10.1016/j.im.2012.04.002
Vance, A., Lowry, P. B., & Eggett, D. (2013). Using accountability to reduce access policy
violations in information systems. Journal of Management Information Systems, 29(4),
263-290. doi:10.2753/MIS0742-1222290410
Van Lange, P. A. M. (2013). What we should expect from theories in social psychology: Truth,
abstraction, progress and applicability of standards (TAPAS). Personality and Social
Psychology Review, 7(1), 40-55. doi: 10.1177/1088868312453088
Van Schaik, P., Jansen, J., Onibokun, J., Camp, J., & Kusev, P. (2018). Security and privacy in
online social networking: Risk perceptions and precautionary behavior. Computers in
Human Behavior, 78, 283-297
142
Velazquez, O. (2014). Trust in the cloud: A cognitive-behavioral framework of technology

adoption for cloud computing in organizations (Doctoral Dissertation). Available from
Dissertations & Theses @ Universidad del Turabo
Venkatesh, V., Morris, M., G, Davis, G., B, & Davis, F., D. (2003). User acceptance of
information technology: Toward a unified view. MIS Quarterly, 27(3), 425-478.
Retrieved from http://www.jstor.org/stable/30036540
Verizon Inc. (2018) Data Breach Investigations Report. Retrieved from

https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
Wang, H., Chen, K., & Xu, D. (2016). A maturity model for blockchain adoption. Financial
Innovation, 2(1), 1-5. doi:10.1186/s40854-016-0031-z
Weinberg, J., Freese, J., & McElhattan, D. (2014). Comparing data characteristics and results of
an online factorial survey between a population-based and a crowdsource-recruited
sample. Sociological Science, 1(19), 292-310. doi:10.15195/v1.a19
Weinstein, N., Przybylski, A., & Ryan, R. (2012). The index of autonomous functioning:
Development of a scale of human autonomy. Journal of Research in Personality, 46 397–
413. doi:10.1016/j.jrp.2012.03.007
Wong, J. C. (2017). Uber concealed massive hack that exposed data of 57m users and drivers.
Retrieved from The Guardian Newspaper website
https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack
Woodside, J. M., Augustine, F. K., & Giberson, W. (2017). Blockchain technology adoption
status and strategies. Journal of International Technology and Information Management,
26(2), 4. Available from http://scholarworks.lib.csusb.edu/jitim/vol26/iss2/4
Woon, I. M. Y., & Kakanhalli, A. (2007). Investigation of IS professionals’ intention to practice

secure development of applications. Int. J. Human-Computer Studies, 65, 29-41. doi:
10.1016/j.ijhcs.2006.08.003
World Anti-Doping Agency. (2013). World Anti-Doping Code. Retrieved from

https://www.wada-ama.org/en/what-we-do/the-code
Wright, R., & Marett, K. (2014). The influence of experiential and dispositional factors in
phishing: An empirical investigation of the deceived. Journal of Management
Information Systems, 27(1), 273-303. doi:10.2753/MIS0742-1222270111
Wright, M. F. (2013). The relationship between young adults' beliefs about anonymity and
subsequent cyber aggression. Cyberpsychology, Behavior, and Social Networking,
16(12), 858-862. doi:10.1089/cyber.2013.0009
Xia, Q., Sifah, E. B., Smahi, A., Amofa, S., & Zhang, X. (2017). BBDS: Blockchain-based data
sharing for electronic medical records in cloud environments. Information, 8(2), 44.
doi:10.3390/info8020044
143
Yang, X. L., Lo, D., Xia, X., Wan, Z., & Sun, J. (2016). What security questions do developers
ask㸽 A large-scale study of stack overflow posts. Journal of Computer Science and
Technology, 31(5), 910-924. doi:10.1007/s11390-016-1672-0
Yam, K., & Reynolds, S. (2016). The effects of victim anonymity on unethical behavior. Journal
of Business Ethics, 136(1), 13-22. doi:10.1007/s10551-014-2367-5
Yli-Huumo, J., Ko, D., Choi, S., Park, S., & Smolander, K. (2016). Where is current research on
blockchain technology? A systematic review. PLoS One, 11(10), e0163477.
doi:10.1371/journal.pone.0163477
Youndt, M. A., & Snell, S. A. (2004). Human resource configurations: Intellectual capital and
organizational performance. Journal of Managerial Issues, 16(3), 337-360. Retrieved
from http://www.jstor.org/
Yong, A., & Pearce, S. (2013). A beginner’s guide to factor analysis: Focusing on exploratory
factor analysis. Tutorials in Quantitative Methods for Psychology, 9(2), 79-94.
doi:10.20982/tqmp.09.2.p079
Young, A. L., & Yung, M. (2017). Privacy and security cryptovirology: The birth, neglect, and
explosion of ransomware: Recent attacks exploiting a known vulnerability continue a
downward spiral of ransomware-related incidents. Communications of the ACM, 60(7),
24-26. doi:10.1145/3097347
Zetter, K. (2016). Why hospitals are the perfect targets for ransomware. Retrieved from Wired
website https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-
targets/
Zhao, L., Detlor, B., & Connelly, C.E. (2016). Sharing knowledge in social Q&A sites: The
unintended consequences of extrinsic motivation. Journal of Management Information
Systems, 33(1), 70–100. doi:10.1080/07421222.2016.1172459
Zhong, S., Clark, M., Hou, X., Zang, Y., & Fitzgerald, G. (2014). Development of hospital
disaster resilience: Conceptual framework and potential measurement. Emergency
Medicine Journal, 31(11), 930-938. doi:10.1136/emermed-2012-202282
Zimmerle, J. C. (2018). The Cost of Free Pregnancy Apps: Credibility and Privacy Concerns.
International Journal of Childbirth Education, 33(4), 41–45. Retrieved from
https://icea.org
Zohar, A. (2015). Bitcoin: Under the hood. Communications of the ACM, 58(9), 104-113.
doi:10.1145/2701411
Zyskind, G., Nathan, O., & Pentland, A. (2015). Decentralizing privacy: Using blockchain to
protect personal data. 2015 IEEE Security and Privacy Workshops (SPW),180-184, IEEE
Symposium: San Jose, CA. doi:10.1109/SPW.2015.27
144
Appendix
Appendix A: Informed consent
My name is Chidi Ezuma-Ngwu and I am a student at Northcentral University. I am
conducting a study on personal threats, privacy and blockchain technology. This study is part of
my doctoral degree in business administration and it will be a pleasure if you agree to participate.
If you choose to participate, you will be asked to accept this consent form and provide
answers to a 38-question survey. The survey will take 10 - 15 minutes of your time
You can participate in this study if you are over the age of 18 and you are a resident of
the United States. I hope to have 200 participants.
You cannot participate in this research if you are under 18 years of age. Also, you should
not participate if you are not resident in the United States.
There are minimal risks in this study. Some risks may include stress or survey fatigue. To
reduce these risks, you can skip any question or stop at any time for any reason.
If you continue, there are no benefits to you. Indirect benefits may include developing an
interest in blockchain technology or in behavioral sciences.
The information you provide will be kept confidential to the extent allowed by law. The
researcher will not ask for your name or that of your organization. Information collected will
only be used and viewed by the researcher and the NCU Institutional Review Board (IRB).
The researcher will store information collected in this study in encrypted computer disks
and secure safes, and this data will be protected during transport if necessary. The researcher will
keep the collected survey data in electronic form for 7 years. After that period, the researcher
will delete all electronic data.

145
If you have questions, you can send an email to c.ezuma-ngwu8163@o365.ncu.edu or
call 617-712-8849. You can also contact my Northcentral University research sponsor, Dr. Brian
Allen through email at brianallen@ncu.edu or call him at 919-827-3118.
You can refuse participation in this survey without penalty or stop participating at any
time. Your participation or non-participation does not affect any potential benefit.
Please note that this survey will be best displayed on a laptop or desktop computer.
Some features may be less compatible for use on a mobile device.

146
Appendix B: Forum Posting for General Study
My name is Chidi Ezuma-Ngwu and I am a doctoral degree student at Northcentral
University. I am conducting a study on individual behavior towards privacy, threats and
blockchain applications. As a member of this forum, I hope you will find some time to complete
a survey on the above subject at https://ncu.co1.qualtrics.com/jfe/form/SV_2hS5vdaxpSGWhQ9
There are no rewards or penalties for refusing or not completing the survey. If you have any
questions about the purpose of the study, please contact me at c.ezuma-
ngwu8163@o365.ncu.edu or Prof. Brian Allen at brianallen@ncu.edu. For questions about your
rights regarding this study, please contact the Northcentral Institutional Review Board at
irb@ncu.edu.
147
Appendix C: Forum Posting Used to Recruit Pilot Reviewers
My name is Chidi Ezuma-Ngwu and I am a doctoral degree student at Northcentral
University. I am looking for individuals who are experts with blockchain technology and
cryptocurrency to kindly provide feedback on a research survey. If you are such a person, please
review the survey at this link https://ncu.co1.qualtrics.com/jfe/form/SV_2hS5vdaxpSGWhQ9

148
Appendix D: Email to Forum Administrators for Permission to Post on Forum
I am writing to request permission to conduct a research study through your Facebook
forum group. I am a student at Northcentral University in San Diego, CA. currently in the
process of conducting research on privacy, threats and blockchain applications, as part of my
doctoral degree.
I hope that you and fellow moderators will give me written permission to post the survey
link to this forum. Your input is optional and there are no rewards or penalties for participating
or partially participating. All entries are anonymous and will be kept confidential. If you agree, I
will post a notice on the forum with a link to the survey. The survey will take approximately 10 -
15 minutes to complete. No costs will be incurred by your group or any participant.
Your approval will be appreciated, and I will be happy to answer any questions or
concerns that you may have at any time. If you approve, please kindly send an email to the
researcher at c.ezuma-ngwu8163@o365.ncu.edu acknowledging your consent as well as your
authority as a moderator or administrator of your group.

149
Appendix E: Survey and Constructs
Survey demographic questions
Please answer the following questions yourself by checking the appropriate box.
1) What is your gender? Select One.

a) Female
b) Male
c) Other
2) What is your age?
a) Under 18
b) 18 – 24
c) 25 – 34
d) 35 – 44
e) 45 - 54
f) 55 - 64
3) Employment status
a) Employed full-time
b) Employed part-time
c) Unemployed looking for work
d) Unemployed not looking for work
e) Retired
f) Student
g) Disabled
4) What is your highest educational level (Select One)?
a) Doctoral degree or equivalent
b) Graduate degree
c) Attempted college
d) High school graduate
e) Other
5) How many years of paid employment in a technology field?
a) Over ten years
b) Over 5 years
c) Over 2 years
d) Less than 2 years
e) Not applicable
6) How many years of paid employment in a non-technology field?
a) Over ten years
b) Over 5 years
c) Over 2 years
d) Less than 2 years
e) Not applicable
150
7) Do you live in the United States?

a) Yes
b) No
c) Not Sure
Questionnaire and constructs
This is a listing of constructs used in this study with Likert scale as follows:
Likert scale: Strongly agree (5) – Somewhat agree (4) – Neither Agree nor Disagree (3) –
Somewhat disagree (2) Strongly disagree (1).
Privacy Constructs (PVA)
Construct Item / Question
PVA1 (Collection Concern) It usually bothers me when companies ask me for personal
information.
PVA2 (Errors Concern) Companies should take more steps to make sure that
personal information in their files are accurate.
PVA3 (Unauthorized Use Companies should not use personal information for any
Concern) purpose unless it has been authorized by the individuals
who provided the information.
PVA4 (Improper Access Computer databases that contain personal information
Concern) should be protected from unauthorized access—no matter
how much it costs
Note: Independent variable. Adapted from Smith, Milberg and Burke (1996)
Behavioral Intention Constructs (BHI)

151
BHI1 I would use Blockchain applications when it is available.
BHI2 I intend to use Blockchain applications for critical
applications, e.g. involving confidential or private
information.
BHI3 I intend to use Blockchain applications to secure my
private transactions.
BHI4 I intend to use a blockchain application for personal
transactions whenever possible.
Note: Dependent variable. Adapted from Ifinedo, (2012) and Woon and Kakanhalli, (2007).
Technology Facilitation Constructs (TFC)
TFC1 I believe that technology enables me to use a Blockchain
application to improve my privacy.
TFC2 I believe that technology makes it easy for me to use a
Blockchain application for privacy.
TFC3 I believe that technology helps me to carry out my personal
transactions using Blockchain applications.
TFC4 I believe that ethical considerations in computing are
complex and individuals should use technology to protect
themselves.
Note: Dependent variable. Adapted from Chatterjee et al. (2015).

152
Autonomy Constructs (AUT)
Construct
AUT1 My decisions represent my most important values and
feelings.
AUT2 I strongly identify with the things that I do.
AUT3 My actions are congruent with who I really am
AUT4 I personally stand behind the important decisions I make
Note: Independent variable. Adapted from Weinstein et al. (2012).
Self-Efficacy Constructs (SEF)
SEF1 I would be able to use Blockchain applications and
perform Blockchain private-key management without the
help of others.
SEF2 I have the expertise to implement blockchain to enhance
my privacy and protect confidential information
SEF3 I have the skills to implement preventative measures to
safeguard my digital wallet
SEF4 I believe that it is within my control to protect myself from
privacy threats
Note: Independent variable. Adapted from Ifinedo (2012) and Woon and Kakanhalli (2007).
153
Perceived Severity Constructs (PSE)
PSE1 I believe that it vital to protect my personal information
from compromise.
PSE2 I believe that it is highly probably that my data will be
attacked or stolen.
PSE3 I believe that threats to the security of my personal
information is serious.
PSE4 I believe that leaks of my personal information is very
harmful
Note: Independent variable. Adapted from Ifinedo (2012) and Woon and Kakanhalli (2007).
Perceived Vulnerability Constructs (PSV)
PSV1 I know my personal data is vulnerable at various
organizations.
PSV2 I believe I could fall victim to malicious attack on my
personal data.
PSV3 I believe that I am vulnerable to any leaks of my personal
data.
PSV4 I believe that trying to protect my personal information
will reduce the chance of compromise.
Note: Independent variable. Adapted from Ifinedo (2012) and Woon and Kakanhalli (2007)
154
Appendix F: Citi completion report – student

155
Appendix G: Parallel Analysis Results
Parallel analysis was performed at https://analytics.gonzaga.edu/parallelengine/. The analysis
obtained using (num of variables = 28, sample size = 187, type of analysis = factor) similar
metrics is shown below.
Component Mean Percentile
or Factor Eigenvalue Eigenvalue
1 0.97064 1.084898
2 0.836765 0.929939
3 0.746025 0.830311
4 0.662131 0.725622
5 0.58009 0.65864
6 0.51148 0.57024
7 0.451971 0.504505
8 0.400649 0.448355
9 0.346665 0.393115
10 0.291417 0.339116
11 0.247031 0.291786
12 0.199105 0.242621
13 0.151724 0.196828
14 0.110723 0.152259
15 0.067972 0.105546
16 0.026164 0.063929
156
17 -0.015572 0.027193
18 -0.051892 -0.015189
19 -0.090139 -0.060654
20 -0.125113 -0.096274
21 -0.158393 -0.131091
22 -0.195868 -0.161584
23 -0.229115 -0.201396
24 -0.26263 -0.237804
25 -0.297018 -0.267631
26 -0.334435 -0.310453
27 -0.37248 -0.3435
28 -0.419245 -0.383285
157
Appendix H: SPSS Information
SPSS Syntax
NEW FILE.
DATASET NAME DataSet1 WINDOW=FRONT.
GET
FILE='C:\Users\Dad\OneDrive - Northcentral University\NorthCentralUniv\DIS-
9904A\SPSSWork\Full-Study\04072019\Full_Study_April_7_2019-SPSS-Recoded\Full
Study_04072019_17.33-stripped-all-no-missing-data-cleaner.sav'.
DATASET ACTIVATE DataSet2.
DATASET CLOSE DataSet1.
RELIABILITY
/VARIABLES=Familiarity Gender Age Employment Education Expertise
/SCALE('Descriptives Reliability') ALL
/MODEL=ALPHA
/STATISTICS=SCALE CORR
/SUMMARY=TOTAL MEANS VARIANCE.
NEW FILE.
GET
158
FILE='C:\Users\Dad\OneDrive - Northcentral University\NorthCentralUniv\DIS-
9904A\SPSSWork\Full-Study\04072019\Full_Study_April_7_2019-SPSS-Recoded\Full
Study_04072019_17.33-stripped-all-no-missing-data-cleaner.sav'.
DATASET ACTIVATE DataSet2.
DATASET CLOSE DataSet1.
RELIABILITY
/VARIABLES=Familiarity Gender Age Employment Education Expertise
/SCALE('Descriptives Reliability') ALL
/MODEL=ALPHA
/STATISTICS=SCALE CORR
/SUMMARY=TOTAL MEANS VARIANCE.
FACTOR
/VARIABLES PVA1 PVA2 PVA3 PVA4 TFC1 TFC2 TFC3 TFC4 AUT1 AUT2 AUT3 AUT4
SEF1 SEF2 SEF3 SEF4 PSE1
PSE2 PSE3 PSE4 PSV1 PSV2 PSV3 PSV4 BHI1 BHI2 BHI3 BHI4
/MISSING LISTWISE
/ANALYSIS PVA1 PVA2 PVA3 PVA4 TFC1 TFC2 TFC3 TFC4 AUT1 AUT2 AUT3 AUT4
159
/PRINT UNIVARIATE INITIAL CORRELATION SIG DET KMO INV REPR AIC
EXTRACTION ROTATION
/FORMAT BLANK(.5)
/PLOT EIGEN ROTATION
/CRITERIA MINEIGEN(1) ITERATE(25)
/EXTRACTION ML
/CRITERIA ITERATE(25) DELTA(0)
/ROTATION OBLIMIN.
FACTOR
/VARIABLES PVA1 PVA2 PVA3 PVA4 TFC1 TFC2 TFC3 TFC4 AUT1 AUT2 AUT3 AUT4
/MISSING LISTWISE
/ANALYSIS PVA1 PVA2 PVA3 PVA4 TFC1 TFC2 TFC3 TFC4 AUT1 AUT2 AUT3 AUT4
/PRINT UNIVARIATE INITIAL CORRELATION SIG DET KMO INV REPR AIC
EXTRACTION ROTATION
/FORMAT BLANK(.5)
/PLOT EIGEN ROTATION
/CRITERIA MINEIGEN(1) ITERATE(25)
/EXTRACTION ML
160
/CRITERIA ITERATE(25)
/ROTATION VARIMAX.
Correlation Matrix
P P P P T T T T S S S S P P P P P P P P
V V V V F F F F A A A A E E E E S S S S S S S S B B B B
A A A A C C C C U U U U F F F F E E E E V V V V H HI H H
1 2 3 4 1 2 3 4 T1 T2 T3 T4 1 2 3 4 1 2 3 4 1 2 3 4 I1 2 I3 I4
Corre P 1. .1 .1 .2 .2 .2 .1 .1 .3 .2 .2 .1 .0 .1 .0 .1 .1 .0 - - .1 .0 .1 .1 .0 .0 .0 .0
lation V 00 64 73 08 66 20 38 58 67 58 59 92 9 2 8 5 1 5 .0 .0 57 27 52 21 26 66 9 6
A 0 5 3 4 3 8 1 3 2 0 6
1 2 8
P .1 1. .4 .5 .3 .2 .2 .2 .2 .3 .3 .3 .0 .1 .1 .1 .3 .2 .1 .0 .1 .1 .1 .2 .1 .1 .0 .1
V 64 00 77 19 70 99 73 57 65 23 00 27 7 6 4 4 3 3 7 4 48 49 73 45 86 89 8 4
A 0 7 6 9 4 8 7 4 7 9 0
2
P .1 .4 1. .6 .4 .4 .3 .3 .2 .2 .2 .4 .2 .3 .3 .2 .4 .3 .1 .0 .2 .2 .2 .3 .2 .3 .2 .2
V 73 77 00 55 56 30 99 54 31 40 25 00 4 4 1 7 0 6 1 6 38 51 56 15 68 08 3 5
A 0 6 4 9 6 1 8 2 3 9 6
3
P .2 .5 .6 1. .4 .4 .3 .3 .2 .2 .2 .3 .1 .2 .2 .1 .3 .2 .1 .0 .1 .1 .1 .2 .2 .2 .1 .2
V 08 19 55 00 72 04 97 20 38 54 54 09 4 4 2 5 8 5 3 4 71 98 81 31 46 46 1 1
A 0 9 1 3 6 3 5 4 9 0 3
4
T .2 .3 .4 .4 1. .7 .6 .6 .1 .1 .1 .2 .4 .5 .4 .4 .4 .4 .2 .1 .3 .4 .4 .5 .5 .5 .3 .5
F 66 70 56 72 00 97 98 24 70 84 86 80 4 1 6 2 1 7 2 4 75 24 00 89 30 54 9 3
C 0 8 7 7 1 6 2 4 3 4 3
1
T .2 .2 .4 .4 .7 1. .8 .7 .1 .2 .2 .3 .4 .5 .5 .5 .4 .4 .2 .1 .4 .4 .4 .5 .5 .5 .3 .5
F 20 99 30 04 97 00 15 34 42 48 09 07 5 4 2 2 2 9 0 5 74 60 44 46 36 66 9 5
C 0 7 0 6 8 1 0 6 0 3 6
2
161
T .1 .2 .3 .3 .6 .8 1. .6 .1 .1 .1 .2 .5 .5 .5 .5 .3 .3 .1 .0 .3 .3 .3 .5 .5 .5 .4 .5
F 38 73 99 97 98 15 00 49 37 84 63 25 3 6 9 1 3 9 6 9 90 97 68 38 09 53 0 2
C 0 0 4 4 4 1 7 9 1 9 2
3
T .1 .2 .3 .3 .6 .7 .6 1. .1 .1 .2 .3 .4 .4 .5 .4 .2 .4 .3 .2 .4 .5 .4 .4 .4 .4 .4 .4
F 58 57 54 20 24 34 49 00 62 55 30 23 0 4 4 6 9 6 8 5 65 27 89 97 80 25 0 9
C 0 4 1 0 9 5 4 0 1 9 2
4
A .3 .2 .2 .2 .1 .1 .1 .1 1. .6 .5 .5 .1 .0 .0 .1 .2 .0 .1 .0 .1 .0 .1 .1 .0 .0 .0 .0
U 67 65 31 38 70 42 37 62 00 38 96 53 2 9 3 6 2 8 1 4 72 47 38 68 46 73 5 5
T1 0 2 7 9 3 6 2 9 8 9 4
A .2 .3 .2 .2 .1 .2 .1 .1 .6 1. .6 .6 .1 .1 .1 .2 .3 .1 .1 .1 .1 .0 .1 .1 .0 .1 .0 .0
U 58 23 40 54 84 48 84 55 38 00 60 19 9 5 2 5 4 5 0 1 77 61 37 62 35 03 6 4
T2 0 1 8 1 9 9 9 9 2 4 0
A .2 .3 .2 .2 .1 .2 .1 .2 .5 .6 1. .6 .1 .1 .0 .1 .3 .1 .2 .1 .3 .2 .2 .2 .0 .0 .0 .1
U 59 00 25 54 86 09 63 30 96 60 00 90 0 2 8 6 5 6 8 9 54 15 35 17 65 96 9 0
T3 0 0 7 3 0 4 5 2 8 2 7
A .1 .3 .4 .3 .2 .3 .2 .3 .5 .6 .6 1. .1 .1 .1 .2 .3 .2 .3 .1 .3 .2 .3 .2 .1 .1 .1 .1
U 92 27 00 09 80 07 25 23 53 19 90 00 7 8 6 4 7 8 2 8 80 97 43 81 54 84 3 8
T4 0 4 3 7 8 0 4 0 0 6 1
S .0 .0 .2 .1 .4 .4 .5 .4 .1 .1 .1 .1 1. .7 .7 .6 .2 .2 .0 - .2 .2 .2 .4 .4 .4 .4 .4
E 95 77 46 49 48 57 30 04 22 91 00 74 0 4 6 4 3 7 6 .0 62 00 34 05 97 68 2 4
F1 0 0 8 5 9 6 4 3 8 0
0 4
S .1 .1 .3 .2 .5 .5 .5 .4 .0 .1 .1 .1 .7 1. .8 .7 .3 .5 .1 .0 .3 .3 .4 .5 .6 .6 .5 .6
E 23 66 44 41 17 40 64 41 97 58 27 83 4 0 3 2 6 0 1 8 82 81 26 46 34 21 1 2
F2 0 0 8 4 6 4 7 0 6 1
S .0 .1 .3 .2 .4 .5 .5 .5 .0 .1 .0 .1 .7 .8 1. .6 .3 .4 .1 .1 .4 .3 .4 .4 .5 .5 .4 .5
E 84 49 19 23 67 26 94 40 39 21 83 67 6 3 0 6 0 3 9 0 02 69 19 80 64 52 9 0
F3 8 8 0 5 4 7 1 8 6 9
0
S .1 .1 .2 .1 .4 .5 .5 .4 .1 .2 .1 .2 .6 .7 .6 1. .2 .4 .1 .0 .4 .3 .4 .5 .5 .5 .4 .5
E 53 44 76 56 21 28 14 69 63 59 60 48 4 2 6 0 8 0 2 4 18 24 09 15 47 44 6 5
F4 5 4 5 0 5 7 8 5 7 2
0
162
PS .1 .3 .4 .3 .4 .4 .3 .2 .2 .3 .3 .3 .2 .3 .3 .2 1. .4 .4 .3 .4 .3 .4 .4 .3 .4 .3 .3
E1 18 38 01 83 16 21 31 95 26 49 54 70 3 6 0 8 0 5 3 6 06 84 27 79 88 14 3 8
9 6 4 5 0 7 7 2 5 5
0
PS .0 .2 .3 .2 .4 .4 .3 .4 .0 .1 .1 .2 .2 .5 .4 .4 .4 1. .3 .2 .5 .6 .6 .6 .6 .6 .4 .6
E2 51 37 68 55 72 90 97 64 82 59 65 84 7 0 3 0 5 0 1 2 72 67 68 07 44 27 8 4
6 4 7 7 7 0 0 2 5 3
0
PS - .1 .1 .1 .2 .2 .1 .3 .1 .1 .2 .3 .0 .1 .1 .1 .4 .3 1. .5 .3 .4 .3 .2 .2 .2 .1 .2
E3 .0 74 12 34 24 06 69 80 19 09 82 20 6 1 9 2 3 1 0 9 94 01 81 37 32 39 9 4
32 4 7 1 8 7 0 0 4 4 0
PS - .0 .0 .0 .1 .1 .0 .2 .0 .1 .1 .1 - .0 .1 .0 .3 .2 .5 1. .3 .3 .2 .1 .1 .1 .1 .1
E4 .0 47 63 49 43 50 91 51 48 12 98 80 .0 8 0 4 6 2 9 0 25 04 98 80 74 99 1 5
28 3 0 8 5 2 2 4 0 6 6
4 0
PS .1 .1 .2 .1 .3 .4 .3 .4 .1 .1 .3 .3 .2 .3 .4 .4 .4 .5 .3 .3 1. .7 .8 .5 .4 .5 .3 .5
V 57 48 38 71 75 74 90 65 72 77 54 80 6 8 0 1 0 7 9 2 00 29 15 50 63 03 7 1
1 2 2 2 8 6 2 4 5 0 2 3
PS .0 .1 .2 .1 .4 .4 .3 .5 .0 .0 .2 .2 .2 .3 .3 .3 .3 .6 .4 .3 .7 1. .8 .5 .4 .4 .3 .4
V 27 49 51 98 24 60 97 27 47 61 15 97 0 8 6 2 8 6 0 0 29 00 19 58 68 80 4 7
2 0 1 9 4 4 7 1 4 0 2 6
PS .1 .1 .2 .1 .4 .4 .3 .4 .1 .1 .2 .3 .2 .4 .4 .4 .4 .6 .3 .2 .8 .8 1. .6 .5 .5 .4 .5
V 52 73 56 81 00 44 68 89 38 37 35 43 3 2 1 0 2 6 8 9 15 19 00 46 14 48 0 6
3 4 6 9 9 7 8 1 8 0 9 3
PS .1 .2 .3 .2 .5 .5 .5 .4 .1 .1 .2 .2 .4 .5 .4 .5 .4 .6 .2 .1 .5 .5 .6 1. .6 .6 .4 .6
V 21 45 15 31 89 46 38 97 68 62 17 81 0 4 8 1 7 0 3 8 50 58 46 00 68 61 2 2
4 5 6 0 5 9 7 7 0 0 9 8
B .0 .1 .2 .2 .5 .5 .5 .4 .0 .0 .0 .1 .4 .6 .5 .5 .3 .6 .2 .1 .4 .4 .5 .6 1. .8 .6 .8
HI 26 86 68 46 30 36 09 80 46 35 65 54 9 3 6 4 8 4 3 7 63 68 14 68 00 69 5 7
1 7 4 4 7 8 4 2 4 0 1 2
B .0 .1 .3 .2 .5 .5 .5 .4 .0 .1 .0 .1 .4 .6 .5 .5 .4 .6 .2 .1 .5 .4 .5 .6 .8 1. .6 .8
HI 66 89 08 46 54 66 53 25 73 03 96 84 6 2 5 4 1 2 3 9 03 80 48 61 69 00 5 8
2 8 1 2 4 4 7 9 9 0 0 4
B .0 .0 .2 .1 .3 .3 .4 .4 .0 .0 .0 .1 .4 .5 .4 .4 .3 .4 .1 .1 .3 .3 .4 .4 .6 .6 1. .6
HI 90 89 39 10 94 93 09 09 59 64 92 36 2 1 9 6 3 8 9 1 72 42 09 29 51 50 0 3
3 8 6 6 7 5 5 4 6 0 3
0
163
B .0 .1 .2 .2 .5 .5 .5 .4 .0 .0 .1 .1 .4 .6 .5 .5 .3 .6 .2 .1 .5 .4 .5 .6 .8 .8 .6 1.
HI 66 40 56 13 33 56 22 92 54 40 07 81 4 2 0 5 8 4 4 5 13 76 63 28 72 84 3 0
4 0 1 9 2 5 3 0 6 3 0
0
Sig. P .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .2 .3 .3 .0 .3 .0 .0 .3 .1 .1 .1
(1- V 12 09 02 00 01 29 15 00 00 00 04 9 4 2 1 5 4 3 5 16 58 19 49 64 83 1 8
tailed A 8 7 6 8 4 5 1 0 0 6
) 1
P .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .2 .0 .0 .0 .0 .0 .0 .1 .0
V 12 00 00 00 00 00 00 00 00 00 00 4 1 2 2 0 0 0 6 21 21 09 00 05 05 1 2
A 8 2 1 4 0 1 9 2 2 8
P .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0
V 09 00 00 00 00 00 00 01 00 01 00 0 0 0 0 0 0 6 9 01 00 00 00 00 00 0 0
A 0 0 0 0 0 0 4 5 0 0
3
P .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .2 .0 .0 .0 .0 .0 .0 .0 .0
V 02 00 00 00 00 00 00 01 00 00 00 2 0 0 1 0 0 3 5 10 03 07 01 00 00 6 0
A 1 0 1 6 0 0 4 5 7 2
4
T .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
F 00 00 00 00 00 00 00 10 06 06 00 0 0 0 0 0 0 0 2 00 00 00 00 00 00 0 0
C 0 0 0 0 0 0 1 6 0 0
1
T .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
F 01 00 00 00 00 00 00 26 00 02 00 0 0 0 0 0 0 0 2 00 00 00 00 00 00 0 0
C 0 0 0 0 0 0 2 0 0 0
2
T .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0
F 29 00 00 00 00 00 00 31 06 13 01 0 0 0 0 0 0 1 0 00 00 00 00 00 00 0 0
C 0 0 0 0 0 0 1 8 0 0
3
T .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
F 15 00 00 00 00 00 00 13 17 01 00 0 0 0 0 0 0 0 0 00 00 00 00 00 00 0 0
C 0 0 0 0 0 0 0 0 0 0
4
A .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .2 .0 .0 .1 .0 .2 .0 .2 .0 .0 .2 .1 .2 .2
U 00 00 01 01 10 26 31 13 00 00 00 4 9 9 1 0 3 5 5 09 60 30 11 64 61 1 3
T1 9 3 8 3 1 1 3 6 0 2
164
A .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .2 .0 .0 .3 .0 .1 .2
U 00 00 00 00 06 00 06 17 00 00 00 0 1 5 0 0 1 6 6 08 02 30 13 18 80 9 9
T2 4 5 0 0 0 5 9 4 3 3
A .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .1 .0
U 00 00 01 00 06 02 13 01 00 00 00 8 4 2 1 0 1 0 0 00 02 01 01 88 95 0 7
T3 8 2 8 4 0 2 0 3 4 3
A .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
U 04 00 00 00 00 00 01 00 00 00 00 0 0 1 0 0 0 0 0 00 00 00 00 18 06 3 0
T4 9 6 1 0 0 0 0 7 1 7
S .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .3 .0 .0 .0 .0 .0 .0 .0 .0
E 98 48 00 21 00 00 00 00 49 04 88 09 0 0 0 0 0 9 2 00 03 01 00 00 00 0 0
F1 0 0 0 0 0 1 3 0 0
S .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0
E 47 12 00 00 00 00 00 00 93 15 42 06 0 0 0 0 0 5 4 00 00 00 00 00 00 0 0
F2 0 0 0 0 0 6 0 0 0
S .1 .0 .0 .0 .0 .0 .0 .0 .2 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
E 26 21 00 01 00 00 00 00 98 50 28 11 0 0 0 0 0 0 7 00 00 00 00 00 00 0 0
F3 0 0 0 0 0 4 0 0 0
S .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .2 .0 .0 .0 .0 .0 .0 .0 .0
E 18 24 00 16 00 00 00 00 13 00 14 00 0 0 0 0 0 4 7 00 00 00 00 00 00 0 0
F4 0 0 0 0 0 0 2 0 0
PS .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
E1 54 00 00 00 00 00 00 00 01 00 00 00 0 0 0 0 0 0 0 00 00 00 00 00 00 0 0
0 0 0 0 0 0 0 0 0
PS .2 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
E2 45 01 00 00 00 00 00 00 31 15 12 00 0 0 0 0 0 0 0 00 00 00 00 00 00 0 0
0 0 0 0 0 0 1 0 0
PS .3 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
E3 31 09 64 34 01 02 11 00 53 69 00 00 9 5 0 4 0 0 0 00 00 00 01 01 00 0 0
1 6 4 0 0 0 0 4 0
PS .3 .2 .1 .2 .0 .0 .1 .0 .2 .0 .0 .0 .3 .1 .0 .2 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
E4 50 62 95 55 26 20 08 00 56 64 03 07 2 4 7 7 0 0 0 00 00 00 07 09 03 5 1
3 0 0 2 0 1 0 7 7
PS .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
V 16 21 01 10 00 00 00 00 09 08 00 00 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
1 0 0 0 0 0 0 0 0 0 0
PS .3 .0 .0 .0 .0 .0 .0 .0 .2 .2 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
V 58 21 00 03 00 00 00 00 60 02 02 00 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
2 3 0 0 0 0 0 0 0 0 0
165
PS .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
V 19 09 00 07 00 00 00 00 30 30 01 00 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
3 1 0 0 0 0 0 0 0 0 0
PS .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
V 49 00 00 01 00 00 00 00 11 13 01 00 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
4 0 0 0 0 0 0 1 7 0 0
B .3 .0 .0 .0 .0 .0 .0 .0 .2 .3 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
HI 64 05 00 00 00 00 00 00 64 18 88 18 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
1 0 0 0 0 0 0 1 9 0 0
B .1 .0 .0 .0 .0 .0 .0 .0 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
HI 83 05 00 00 00 00 00 00 61 80 95 06 0 0 0 0 0 0 0 0 00 00 00 00 00 0 0
2 0 0 0 0 0 0 0 3 0 0
B .1 .1 .0 .0 .0 .0 .0 .0 .2 .1 .1 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
HI 10 12 00 67 00 00 00 00 10 93 04 31 0 0 0 0 0 0 0 5 00 00 00 00 00 00 0
3 0 0 0 0 0 0 4 7 0
B .1 .0 .0 .0 .0 .0 .0 .0 .2 .2 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0 .0
HI 86 28 00 02 00 00 00 00 32 93 73 07 0 0 0 0 0 0 0 1 00 00 00 00 00 00 0
4 0 0 0 0 0 0 0 7 0
a.
Deter
minan
t=
1.313
E-10
166
Appendix I: Factor Extraction
Factor Extraction
Factor Factor Factor Factor Factor Factor

1 2 3 4 5 6 Uniqueness
PVA2 0.57 0.60
PVA3 0.71 0.50
PVA4 0.77 0.40
TFC1 0.61 0.30
TFC2 0.81 0.24
TFC3 0.66 0.31
TFC4 0.57 0.38
AUT1 0.74 0.42
AUT2 0.82 0.31
AUT3 0.80 0.31
AUT4 0.71 0.37
SEF1 0.79 0.26
SEF2 0.78 0.23
SEF3 0.85 0.23
SEF4 0.63 0.37
PSE2 0.57 0.37
PSV1 0.78 0.27
PSV2 0.83 0.22
PSV3 0.86 0.14
BHI1 0.80 0.13
BHI2 0.80 0.14
BHI3 0.55 0.52
BHI4 0.82 0.17
Varimax rotation.
167
Appendix J: Communalities
Variable Initial Extraction

PVA1 .273 .137
PVA2 .393 .421
PVA3 .574 .625
PVA4 .570 .679
TFC1 .742 .720
TFC2 .843 .937
TFC3 .745 .742
TFC4 .737 .623
AUT1 .544 .562
AUT2 .665 .693
AUT3 .656 .695
AUT4 .630 .649
SEF1 .704 .734
SEF2 .825 .831
SEF3 .820 .868
SEF4 .642 .621
PSE1 .539 .409
PSE2 .664 .633
PSE3 .538 .239
PSE4 .439 .155
PSV1 .741 .747
PSV2 .765 .791
PSV3 .828 .868
PSV4 .687 .599
BHI1 .848 .869
BHI2 .865 .879
BHI3 .536 .489
BHI4 .868 .887
Extraction Method: Maximum Likelihood.
168
Appendix K: Rotated Factor Matrix Using Varimax
1 2 3 4 5 6
PVA1 .045 -.015 .051 .306 .155 .117
PVA2 .082 .072 .010 .275 .112 .566
PVA3 .133 .095 .177 .181 .159 .713
PVA4 .064 .088 .051 .181 .187 .773
TFC1 .204 .309 .240 .113 .613 .368
TFC2 .243 .267 .273 .149 .811 .229
TFC3 .159 .259 .392 .091 .657 .239
TFC4 .373 .164 .302 .118 .566 .176
AUT1 .045 .036 .023 .737 -.011 .119
AUT2 .031 .000 .101 .815 .067 .115
AUT3 .222 .007 .015 .797 .016 .100
AUT4 .291 .037 .064 .714 .064 .212
SEF1 -.009 .240 .789 .114 .198 .042
SEF2 .172 .365 .782 .056 .169 .156
SEF3 .198 .217 .851 .002 .195 .138
SEF4 .177 .328 .629 .178 .232 .016
PSE1 .337 .249 .134 .293 .124 .338
PSE2 .570 .442 .203 .040 .139 .224
PSE3 .439 .095 .019 .167 .048 .086
PSE4 .365 .078 -.034 .113 .038 .019
PSV1 .778 .207 .191 .181 .174 .011
PSV2 .833 .164 .149 -.006 .187 .113
PSV3 .864 .245 .195 .077 .107 .072
PSV4 .468 .453 .283 .110 .239 .157
BHI1 .279 .796 .328 -.032 .173 .136
BHI2 .300 .802 .295 .019 .202 .133
BHI3 .220 .554 .345 .022 .111 .051
BHI4 .321 .815 .265 .001 .211 .075
Extraction Method: Maximum Likelihood. Method: Varimax with Kaiser
Normalization
169
Appendix L: Initial Eigenvalues
Factor Total % of Variance Cumulative %

1 10.824 38.657 38.657
2 3.252 11.616 50.273
3 2.294 8.193 58.466
4 1.612 5.756 64.222
5 1.195 4.268 68.490
6 1.136 4.058 72.548
7 .924 3.300 75.848
8 .799 2.853 78.702
9 .625 2.232 80.933
10 .570 2.034 82.968
11 .493 1.759 84.727
12 .444 1.586 86.313
13 .427 1.526 87.839
14 .395 1.411 89.251
15 .387 1.382 90.632
16 .372 1.327 91.960
17 .315 1.125 93.084
18 .274 .980 94.064
19 .263 .938 95.003
20 .255 .909 95.912
21 .232 .830 96.741
22 .204 .730 97.471
23 .191 .684 98.155
24 .137 .488 98.643
25 .116 .413 99.056
26 .103 .369 99.425
27 .097 .346 99.772
28 .064 .228 100.000
170
Appendix M: Rotated Factor Matrix With Suppression
1 2 3 4 5 6 Uniqueness
PVA2 0.57 0.60
PVA3 0.71 0.50
PVA4 0.77 0.40
TFC1 0.61 0.30
TFC2 0.81 0.24
TFC3 0.66 0.31
TFC4 0.57 0.38
AUT1 0.74 0.42
AUT2 0.82 0.31
AUT3 0.80 0.31
AUT4 0.71 0.37
SEF1 0.79 0.26
SEF2 0.78 0.23
SEF3 0.85 0.23
SEF4 0.63 0.37
PSE2 0.57 0.37
PSV1 0.78 0.27
PSV2 0.83 0.22
PSV3 0.86 0.14
BHI1 0.80 0.13
BHI2 0.80 0.14
BHI3 0.55 0.52
BHI4 0.82 0.17
Extraction Method: Maximum Likelihood. - Rotation: Varimax with Kaiser Normalization.
171
Appendix N: Descriptive Statistics from Pilot Study
Std.
Var N Missing Mean Median Mode Min Max
Deviation
PVA1 5 0 1.40 1.00 1 .548 1 2
PVA2 5 0 1.40 1.00 1 .894 1 3
PVA3 5 0 1.00 1.00 1 .000 1 1
PVA4 5 0 1.40 1.00 1 .548 1 2
TFC1 5 0 1.20 1.00 1 .447 1 2
TFC2 5 0 1.40 1.00 1 .548 1 2
TFC3 5 0 1.60 1.00 1 .894 1 3
TFC4 5 0 1.60 2.00 2 .548 1 2
AUT1 4 0 1.25 1.00 1 .500 1 2
AUT2 5 0 1.00 1.00 1 .000 1 1
AUT3 5 0 1.20 1.00 1 .447 1 2
AUT4 5 0 1.60 2.00 2 .548 1 2
SEF1 5 0 2.20 2.00 1a 1.643 1 5
SEF2 5 0 2.40 2.00 1 1.673 1 5
SEF3 5 0 2.00 1.00 1 1.732 1 5
SEF4 5 0 2.80 3.00 1 1.789 1 5
PSE1 5 0 1.20 1.00 1 .447 1 2
PSE2 5 0 1.40 1.00 1 .894 1 3
PSE3 5 0 1.20 1.00 1 .447 1 2
PSE4 5 0 1.40 1.00 1 .548 1 2

172
PSV1 5 0 1.00 1.00 1 .000 1 1
PSV2 5 0 1.00 1.00 1 .000 1 1
PSV3 5 0 1.00 1.00 1 .000 1 1
PSV4 5 0 1.40 1.00 1 .894 1 3
BHI1 5 0 1.40 1.00 1 .894 1 3
BHI2 5 0 1.60 1.00 1 .894 1 3
BHI3 5 0 1.60 1.00 1 .894 1 3
BHI4 5 0 1.60 1.00 1 .894 1 3
a Note: Values with an indicated multiple mode exist. The smallest value is shown.
173
Appendix O: Sample Characteristics of Final Study
Std.
Kurtosis Skewness Mean Median Min Max
Deviation
PVA1 -0.45 -0.87 3.9 4.00 1.12 1 5
PVA2 -1.83 -0.45 4.60 5.00 0.49 4 5
PVA3 15.69 -3.44 4.83 5.00 0.44 2 5
PVA4 0.98 -1.72 4.82 5.00 0.38 4 5
TFC1 -1.51 -0.71 4.66 5.00 0.47 4 5
TFC2 3.25 -1.41 4.61 5.00 0.54 2 5
TFC3 9.40 -2.37 4.57 5.00 0.65 1 5
TFC4 2.13 -1.03 4.53 5.00 0.55 2 5
AUT1 -2.03 0.04 4.49 4.00 0.50 4 5
AUT2 1.87 0.90 4.50 5.00 0.55 2 5
AUT3 2.87 -1.06 4.42 4.00 0.60 2 5
AUT4 2.131 -1.03 4.53 5.00 0.55 2 5
SEF1 7.04 -2.08 4.49 5.00 0.70 1 5
SEF2 5.781 -1.94 4.43 5.00 0.73 1 5
SEF3 6.00 -2.11 4.40 5.00 0.81 1 5
SEF4 6.00 -2.11 4.40 5.00 0.81 1 5
PSE1 16.29 -4.24 4.95 5.00 0.21 4 5
PSE2 23.46 -4.02 4.78 5.00 0.53 1 5
PSE3 6.81 -2.90 4.91 5.00 0.28 4 5
PSE4 10.19 -3.46 4.93 5.00 0.25 4 5

174
PSV1 16.83 -3.57 4.74 5.00 0.60 1 5
PSV2 15.46 -3.40 4.67 5.00 0.67 1 5
PSV3 14.84 -3.29 4.71 5.00 0.61 1 5
PSV4 20.84 -4.29 4.85 5.00 0.49 2 5
BHI1 2.63 -2.14 4.86 5.00 0.34 4 5
BHI2 3.20 -2.26 4.87 5.00 0.33 4 5
BHI3 27.92 -4.48 4.81 5.00 0.52 1 5
BHI4 3.20 -2.26 4.87 5.00 0.335 4 5

175
Appendix P: Descriptive Statistics of Final Study
Mean Std. Deviation N
PVA1 3.83 1.042 187
PVA2 4.48 .659 187
PVA3 4.74 .566 187
PVA4 4.74 .473 187
TFC1 4.43 .782 187
TFC2 4.36 .827 187
TFC3 4.34 .843 187
TFC4 4.28 .874 187
AUT1 4.44 .587 187
AUT2 4.41 .692 187
AUT3 4.31 .711 187
AUT4 4.35 .806 187
SEF1 4.24 .938 187
SEF2 4.00 1.131 187
SEF3 3.99 1.145 187
SEF4 4.03 1.109 187
PSE1 4.87 .351 187
PSE2 4.40 .858 187
PSE3 4.80 .530 187
PSE4 4.83 .418 187

176
PSV1 4.36 .896 187
PSV2 4.34 .886 187
PSV3 4.34 .904 187
PSV4 4.56 .783 187
BHI1 4.51 .758 187
BHI2 4.42 .926 187
BHI3 4.59 .645 187
BHI4 4.48 .857 187
Reproduced with permission of copyright owner. Further reproduction prohibited without permission.

Out

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Out

Uploaded by

Copyright:

Available Formats

([SORULQJ,QGLYLGXDO,QWHQW7RZDUGV%ORFNFKDLQ7HFKQRORJ\LQ5HVSRQVHWR7KUHDWVWR3HUVRQDO

Approved by the Doctoral Committee:

DBA 08/06/2019 | 21:41:45 MST

PhD 08/07/2019 | 08:09:01 MST

Committee Member: Robert

08/07/2019 | 07:59:29 MST

perceived severity of threats, perceived vulnerability to threats, technology facilitation,

collected responses using a pre-validated questionnaire on Qualtrics with appropriate disclosures

provide information for further confirmatory analysis and practice.

Jesus Christ, and the assurance that anything is possible.

Chapter 1: Introduction ................................................................................................................... 1

Appendix ..................................................................................................................................... 144

Table 1 Parallel Analysis Results ................................................................................................. 97

Figure 1: Conceptual Model ......................................................................................................... 76

and autonomy. Blockchain emphasizes anonymity; in contrast, other technologies require

persistent security challenges arising from sophisticated cyber-attackers which often

organizations around the world (Verizon Inc., 2018).

As corporate, organizational, and social network data breaches continue to escalate,

Unauthorized exposure of sensitive private information (Zimmerle, 2018) could compel

individuals to seek the comfort of an anonymity-preserving technology such as blockchain. The

information to supply extraordinary perspective into an individual’s behavior and preferences

PCD refers to any non-public personal information an individual may consider

De Clercq, & Elger, 2019).

organization (Gressin, 2017; Primoff & Kess, 2017). Unfortunately, individuals

protecting their assets (Stavova et al. 2017).

lost, it is technologically and physically more difficult to exploit it on blockchain applications

a significant public interest in Bitcoin (Hughes et al., 2019).

digital communities (Hughes et al., 2019). A foundation on integrity makes Blockchain

(Syverson, Tsudik, Reed, & Landwehr, 2009).

Many research publications in information security have relied on protection motivation

individual perception of a risk to privacy will evoke a corresponding protective response

individual to mitigate its effect).

privacy concerns, anonymity concerns, technological concerns, susceptibility to threats, the

severity of threatening events, and self-efficacy.

Statement of the Problem

individual technology choices. When individuals perceive a significant threat to sensitive

specific privacy-enhancing technologies such as blockchain. The trend towards blockchain is

adoption behavior and the potential consequences of insufficient organizational privacy

Purpose of the Study

The purpose of this quantitative non-experimental cross-sectional study is to assess

technology and anonymity, on intention towards blockchain technology.

Fidell, 2014; Stevens, 2002).

influence individual intention towards blockchain applications in response to threats to privacy.

The blockchain is a type of distributed ledger technology where data is continuously

identify participants using PCD (Kshetri, 2017; O'Leary, 2017).

Blockchain has gained worldwide attention and is currently perceived to be an

commonly used by researchers in information security increasingly involved protection

shown explanatory power in assessing performance expectancy, social influence, effort

Exploring individual behavior towards a secure technology using a factor model

adoption of secure peer-to-peer cloud technologies.

Nature of the Study

organizations is a common methodology used in information systems and behavioral psychology

research (Sommestad et al., 2015). It often follows a conceptualization process involving a

perceptions of the enabling role of technology in providing facilitating attributes (Chatterjee et

information technology such as non-compliance with security directives is a complex

phenomenon characterized by peculiar non-linear relationships guided by beliefs, economic,

social and technological considerations (Chatterjee et al., 2015).

significant determinants of technology adoption (Venkatesh et al., 2003). According to Alsaleh,

blockchain (Kendall et al., 2005).

because it captures an individual’s attitude towards emerging technology at a point in time.

and to participate in the “Blockchain Enthusiasts” forum on Facebook.

privacy is significant. A quantitative study is necessary because correlations between variables

questions: privacy questions, technology questions, anonymity questions, self-efficacy questions,