Personal information security : legislation, awareness and attitude.
Ecommerce refers to the buying and selling of products and services electronically via the Internet and other computer networks (Electronic Commerce 2011). The critical components of ecommerce are a well designed website and a merchant account for payment by the customer (Ecommerce critical components 2008). Merchants that sell their products and services via the Internet have a competitive edge over those that do not. It is therefore becoming common practice for both small and large business to transact electronically. With the vast opportunities, new risks and vulnerabilities are introduced. Consumers are reluctant to transact electronically because of the fear of unauthorized access and interception of confidential information (Online Banking Concerns 2011). Other fears include the changing of data with malicious intent, denial of use, hacking, deliberate disclosure of confidential information and e-mail associated risks (Safeena, Abdulla & Date 2010). The use of technology such as encryption and decryption has not adequately addressed these problems because fraudsters have found new and sophisticated methods of attaining consumer information illegally. Phishing is one such method. Phishing results in identity theft and financial fraud when the fraudster tricks the online users into giving their confidential information like passwords, identity numbers, credit card number and personal information such as birthdates and maiden names. The fraudster will then use the information to impersonate the victim to transfer funds from the victim‟s account or use the victim‟s information to make purchases (Srivastava 2007). Since 2002, many laws passed in South Africa have attempted to allay fears so that consumers can conduct business electronically with confidence. The following legislation aims to protect consumers: - The Electronic Communications and Transactions Act (Republic of South Africa 2002). - The Consumer Protection Act (Republic of South Africa 2008). - The Protection of Personal Information Bill which is expected to be passed in 2011 (Republic of South Africa 2009). This research aims to examine the extent to which these legislation can address the security concerns of consumers. The researcher is also interested in ascertaining how knowledgeable consumers are on these legislation and what their attitudes are towards their personal information security.