Abstract 300 words or less: This study explores the impact of digital literacy on personal information security among Vietnamese Internet users.. Their willingness to contribute their t
INTRODUCTION
Rationale and significance of the research
The digital age is a double-edged sword While advancements in information and communication technologies (ICT) have revolutionized how we connect, access information, and conduct business (Tomczyk and Eger, 2020), they also introduce new complexities and challenges (Le Coze and Antonsen, 2023, Rahman et al., 2021) On the one hand, the internet fosters a globalized environment, facilitating communication and data exchange across borders (Pratomo et al., 2024) This interconnectedness, while driving economic growth and collaboration, also expands the attack surface for malicious actors (Pratomo et al., 2024) Criminals can exploit weaknesses in systems worldwide, potentially compromising the personal information of individuals regardless of location (Pratomo et al., 2024)
Further complicating the picture is the evolving threat landscape (Halim et al., 2023,
Le Coze and Antonsen, 2023, Goel et al., 2017) Data breaches and cyberattacks are a growing concern, highlighting the fragility of information security (Halim et al., 2023,
Le Coze and Antonsen, 2023, Goel et al., 2017) These attacks come in various forms, including social engineering scams that prey on human vulnerabilities to trick users into revealing sensitive information (Metalidou et al., 2014, Goel et al., 2017) The rise of big data analytics presents another layer of complexity As vast amounts of personal data are collected, stored, and analyzed, new privacy concerns emerge (Zhang, 2018) The potential for misuse of this data underscores the need for robust security measures and heightened user awareness (Zhang, 2018)
The concept of privacy itself is undergoing a transformation in the digital age Traditionally, privacy focused on the "right to be left alone" (Pratomo et al., 2024) However, with the pervasiveness of online platforms and data collection, the concept has shifted towards the "right to be forgotten" (Pratomo et al., 2024) Regulations like the General Data Protection Regulation (GDPR) reflect this shift, empowering individuals to control their data and limit its unauthorized use (Pratomo et al., 2024) Research emphasizes the human element as a critical factor in information security (Metalidou et al., 2014, Goel et al., 2017) Human error, such as falling victim to phishing scams, or a lack of awareness regarding online threats, can significantly compromise security (Metalidou et al., 2014, Goel et al., 2017) Lim et al (2014) aptly highlight that people are both the cause of and the solution to information security incidents (Metalidou et al., 2014) Therefore, fostering digital literacy and promoting user awareness are crucial aspects of building a robust security posture (Metalidou et al., 2014, Rahman et al., 2021)
In Vietnam, the landscape of information security presents unique challenges and opportunities, particularly concerning personal information security amid the increasing digitization of society The susceptibility of personal sensitive information to leakage through various channels poses a pressing concern, with potential ramifications for individuals' privacy and security
The escalation of security incidents, as evidenced by the doubling of personal information leaks in 2023 compared to 2022, underscores the urgency of addressing information security vulnerabilities (ANTV, 2023) Notably, sectors such as retail, manufacturing, education, and finance have been disproportionately targeted, with a significant increase in unauthorized access and data breaches (ANTV, 2023).These threats to information security encompass potential attacks, destruction, or modification of information assets (Musekura and Ekh, 2004) A survey found that a significant percentage of respondents, primarily corporations and government agencies, detected computer security incidents within the last 12 months, with top attack types including viruses, theft of laptops/mobile devices, insider abuse, and unauthorized access (Gorden et al., 2006)
Moreover, while security controls often rely on human intervention, addressing human behaviors is crucial Studies have applied theories such as Protection Motivation Theory (PMT) to understand individuals' motivations for complying with security policies and employing security measures (Parsons et al., 2010) Additionally, the emphasis on security requirements and their determination underscores the importance of shaping controls and drivers of information security (Humphreys et al., 1998)
To mitigate these risks effectively, it is imperative to understand the interplay between digital literacy and personal information security By examining the impact of digital literacy on individuals' ability to navigate online threats and adopt secure behaviors, this research aims to provide insights into strategies for enhancing information security awareness and practices in Vietnam By elucidating the relationship between digital literacy and personal information security, this study seeks to inform policy interventions and educational initiatives aimed at safeguarding individuals' privacy and mitigating cybersecurity risks in the digital age.
Research objectives
In today's digitally interconnected world, personal information security has become a paramount concern With the internet being an integral part of daily life for millions worldwide, including Vietnam, it is imperative to understand the relationship between digital literacy and personal information security This research aims to explore these intricacies within the Vietnamese context, providing crucial insights and proposing actionable solutions to enhance personal information security among internet users
The aims of this investigation are thoughtfully designed to tackle the complex nature of the problem:
First, Identifying Factors Influencing Personal Information Security: This objective explores the underlying factors shaping personal information security by examining user behaviors The research aims to uncover pivotal insights crucial for targeted interventions
Second, Examining the Relationship between Digital Literacy and Information Control Behavior: Focusing on digital literacy, this objective seeks to elucidate the correlation between users' proficiency in navigating digital environments and their behavior concerning personal information control
Third, Determining the Impact of Individual Components of Digital Literacy: This objective aims to dissect digital literacy into its constituent components – technical familiarity, awareness of institutional surveillance, and policy understanding
Fourth, Assessing Internet Experience's Influence: Recognizing experience's role in shaping online behaviors, this objective investigates how Internet experience directly affects information control behavior and mediates effects from digital literacy components
Fifth, Exploring Demographic Characteristics Role: delves into individual demographic characteristics' impact on forming information control behavior in the digital realm
Finally, Proposing Solutions for Improvement: Building upon preceding objectives, research endeavors formulate practical solutions aimed at bolstering information security among Vietnamese internet users.
Research Questions
Security breaches commonly stem from individual actions (Saridakis et al., 2016) Extending Park's (2013) work, our study analyzes the impact of digital literacy (DL) categories and subsets on familiarity with technical aspects, surveillance practices, and policy understanding, which influence Information Control Behavior (ICB) Tailored to the Vietnamese context and accounting for technological advancements, the study also examines the effects of Internet Experience (IE) and demographics on ICB Moreover, the interplay between DL and IE on security control behavior is explored.
1 What are the underlying factors influencing personal information security among internet users in Vietnam?
2 What is the impact of individual components of digital literacy – technical familiarity, awareness of institutional surveillance, and policy understanding – on information control behavior?
3 How does internet experience directly affect information control behavior among Vietnamese internet users? How does the interaction between knowledge and internet experiences impact privacy control behavior?
4 How do individual demographic characteristics, such as age, gender, and education, intersect with information control behavior in the digital realm?
LITERATURE REVIEWS
Definition and Factors driving digital literacy
Digital literacy (DL) has evolved significantly since their inception in the late 20th century Initially conceived as the ability to understand and utilize information on computers, particularly via the Internet, DL has undergone a profound transformation, encompassing a wide array of skills and competencies essential for navigating the complex digital landscape of the 21st century Scholars such as Gilster (1997) defined digital literacy in terms of navigating online content, setting the stage for further exploration into its multifaceted nature
As the 21st century dawned, Bawden (2001) expanded the definition of DL, framing it not just as reading and understanding online information, but also encompassing skills like information retrieval, evaluation, and management from various sources This expansion marked a shift from mere technical proficiency to a more comprehensive understanding of DL, which includes cognitive and social skills necessary for navigating complex digital landscapes Eshet (referenced in a separate study) further broadened the concept, characterizing DL as the holistic ability of individuals to perform tasks and solve problems in digital environments Eshet's model identifies five key skills within DL: photo-visual literacy, reproduction literacy, branching literacy, information literacy, and socio-emotional literacy These concepts collectively emphasize the multifaceted nature of DL, highlighting the importance of critical thinking, information management, and emotional intelligence in the digital realm
Eshet-Alkali and Amichal-Hamburger (2004) expanded the scope of DL by emphasizing a skillset for navigating digital environments, including creating content and following online social norms This focus on using, not just understanding, technology is echoed in later models by Park (2006) and the Korean Education and Research Information Service, who meticulously categorized DL into technical, information, and social/cultural aspects
The ever-expanding digital landscape necessitates the development of DL as a multifaceted concept encompassing the knowledge, abilities, and attitudes required to navigate the online world effectively Various scholars (Afif et al., 2023; Samani et al.,
2020; Noh, 2017; Hussein et al., 2020) have contributed to the understanding of DL, emphasizing its role in communication, expression, social participation, and personal information security While the precise definition of DL remains contested, it is widely recognized as empowering individuals to engage with digital technologies for various purposes, including communication, expression, and social participation
Digital literacy (DL) is a complex concept with multiple interpretations, often encompassing terms like internet literacy, multimedia literacy, and information literacy At its core, DL requires individuals to effectively access, understand, analyze, and utilize information in a digital environment This includes the ability to discern the credibility and relevance of information, as well as the capacity to use it appropriately and ethically.
(2021) emphasizes the distinction between DL and computer literacy, highlighting that the former focuses on understanding and using information, not just the technology itself Building on this notion, Kwon defines DL as the capacity to act as both a consumer and producer of knowledge, emphasizing critical thinking and responsible online behavior
Digital literacy encompasses not only technical proficiency but also cognitive and social-emotional skills Key aspects include information search and creation (Park et al., 2017), critical evaluation, responsible online behavior, and effective digital participation (Bawden, 2001; Ferrari et al., 2012; Meyers et al.) Recent research (Volkan et al., 2022; Spires et al., 2019; Purnama et al., 2021) highlights the multifaceted nature of digital literacy, emphasizing the need for self-control and responsible online engagement.
2013) Given the increasing use of technology across all facets of life, the development of digital literacy skills becomes essential Educational institutions and other organizations play a crucial role in equipping individuals with these skills Additionally, studies by Gửldağ (2021) suggest that positive attitudes and beliefs about technology can foster the development of digital literacy skills, while negative perceptions may hinder this progress
Digital literacy, encompassing knowledge, abilities, and attitudes, empowers individuals to navigate the digital world effectively A positive mindset towards technology, coupled with educational programs and acknowledgement of age-related differences in digital proficiency, are crucial in cultivating a digitally literate society.
Definition and motive of information security
Personal information security is paramount in the digital age due to the widespread sharing of personal data online, exposing individuals to security risks Information control behavior is the practice of managing personal information to protect oneself from unauthorized access, with the primary motivations being security concerns and the desire for privacy Notably, information security differs from other related concepts such as data protection, which focuses on protecting data within an organization, and cybersecurity, which encompasses all aspects of protecting electronic information systems.
According to Merriam-Webster Dictionary, security in general is the quality or state of being secure, that is, to be free from harm According to Oxford Students Dictionary Advanced, in a more operational sense, security is also taken steps to ensure the security of the country, people, things of value, etc Schneier (2003) consider that security is about preventing adverse consequences from the intentional and unwarranted actions of others Therefore, the objective of security is to build protection against the enemies of those who would do damage, intentional or otherwise According to Whitman and Mattord (2005), information security is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure (Surwade and Patil, 2019)
The concept of "Information Security" is understood differently by individuals, leading to various perspectives such as technical, behavioral, managerial, philosophical, and organizational There are several definitions in the literature: Peltier defines information security as the appropriate use of data and the implementation of controls to ensure that information is not used or altered incorrectly Zafar and Clark (2009) defined it as the process of ensuring that information remains confidential, unaltered, and accessible when needed Additionally, Anderson’s definition from 2003 describes
Information Security as a sense of full assurance that information risks and controls are balanced — a more philosophical approach aimed at creating confidence in managing information risk management and control Each definition addresses different aspects reflecting diverse approaches among researchers and experts on this issue
Information security aims to protect information assets, emphasizing the preservation of confidentiality, integrity, and availability (CIA triad) Confidentiality restricts information access to authorized individuals Integrity ensures accuracy and completeness throughout its lifecycle Availability guarantees authorized users' access when needed.
“The security of these three characteristics of information is as important today as it has always been, but the confidentiality, integrity and availability triangle (CIA) model no longer adequately addresses the constantly changing environment of the computer industry” (Von Solms and Van Niekerk, 2013) While the CIA triad remains a cornerstone, some argue it's insufficient in the ever-evolving digital landscape Accordingly, Whitman and Mattord (2009) add accuracy, authenticity, utility and possession to the list of information characteristics that needs to be protected
Today's age of rapid technological advancement, the majority of human data is housed within electronic systems and across the vast expanse of the Internet While internet platforms offer unparalleled convenience, they also harbor numerous potential risks that can compromise the security of personal information To address these concerns, many platforms have established dedicated Privacy sections
Internet privacy encompasses the control over the spread and accessibility of personal information online Critical concerns revolve around unauthorized access, storage, or tracking of emails and online activities by external parties Additionally, there are worries about websites collecting, storing, and potentially sharing personally identifiable information of their users.
One of the earliest proposals for classifying personal information was made by Comber, who defined three categories based on the dissemination controls applied: essential information, user-controlled information, and non-user-controlled information Essential information refers to data that is necessary for basic functionality, while user-controlled information can be accessed by the user but is not shared with third parties without their consent Non-user-controlled information, on the other hand, can be accessed and shared by third parties without the user's knowledge or consent.
1 Unclassified: All data maintained by a public agency not otherwise classified as restricted or confidential
2 Restricted: Data that are not prohibited from full and free disclosure by statute (confidential), but whose unauthorized use could constitute an unwarranted invasion of personal privacy
3 Confidential: Data that are prohibited from free and full disclosure by statutory regulation (law)
A more detailed information classification system and sensitivity scales have been proposed by the British Computer Society:
1 Public: Any personal information that is generally available in a listed form, such as various directories , biographic publications, etc
2 Published: Information that is available but has not been collected , such as court records or hospital admission records This category differs from “public” information in that if the individual involved does not draw attention to its existence , this information is not generally known
3 Confidential : Information that is not generally available, although it is available and known to the individuals concerned
4 Secret: Information that is not generally available , including the individuals concerned Information in this category would be collected only under statutory authority or when authorized by the individual involved (Turn, 1976)
According to an official definition, information security is the protection of information and the systems and hardware that use, store and transmit that information From a technical viewpoint, information security is to protect the availability, accuracy, authenticity, confidentiality, integrity, utility and possession of information (Whitman and Mattord, 2009)
There are many kinds of threats to information security A threat to information security can be defined as anything indicating the possibility of information being attacked, destroyed or modified (Musekura and Ekh 2004) The 2006 Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) survey on computer crime and security (Gorden et al 2006) found that 72% of respondents (primarily corporations and government agencies) had detected computer security incidents within the last 12 months The top four types of attack were viruses, laptop/mobile theft, insider abuse of net access and unauthorised access to information, which accounted for more than 74% of financial losses The information security situation seems to be facing many diverse challenges and threats This is a challenging area and needs to be seriously addressed and addressed to ensure effective system and information protection (Whitman and Mattord, 2009)
In the study that included motivation, the authors used behavioral intention measurement items rather than previously validated motivation scales Motivation has been adapted for information systems in various forms but very few studies have examined motivation in the context of Information Security as adapted from self- determination theory (SDT) An application of SDT to Infomation Security through the design and use of a self-determined appeal may also fill the relevance gap apparent in many behavioral Information Security studies A self-determined appeal is designed to bolster the critical drivers of self-determination to elicit a more internalized motivation in an individual (Menard et al., 2017)
Delving deeper into the topic, it is essential to understand the motives that drive individuals and organizations to adopt information control behavior Factors such as the desire for privacy, protection of intellectual property, compliance with regulations, and maintaining a competitive edge in the marketplace all play a significant role in shaping information control behavior By comprehensively examining these motives, it becomes evident that information control behavior is not merely a reactive measure but a proactive approach to mitigating potential risks and vulnerabilities Information security is not only a technical issue but also a human factor issue People's behavior and decisions regarding information security are influenced by many different aspects including individual differences, personality traits, cognitive abilities, biases, risk perception and surroundings Social engineering attacks are a major threat that exploit human vulnerabilities to obtain sensitive information To improve information security, organizations need to address human factors through awareness, education, training and improved use of security measures, highlighting the importance of security personal information and the challenges posed by human behavior Social engineering attacks are specifically mentioned as a threat to personal information Optimism bias refers to the fact that most people do not believe that they are personally at risk, and instead, they tend to believe that negative outcomes are far more likely to occur out to others (Gray & Ropeik, 2002) This bias was demonstrated in a study in which participants were asked to rate the likelihood of various risks occurring to themselves, their family members, and the general public (Sjoberg, 2000) For all risks, the average ratings of the individual and his or her family are lower than those of the general public (Sjoberg, 2000) This bias is especially prevalent in the field of information security, as evidence shows that most users tend to believe that hackers will not value the information on their computers and, therefore, users it is difficult to see yourself as a potential target (McIlwraith, 2006) This beliefpay little attention to the fact that industrial spies or hackers can target any individual in order to gain access to the overall system (which can then allow deeper access to many important field of computer networks) (McIlwraith, 2006) From there, personal information security is threatened (Parsons et al., 2010)
Impact of digital literacy on information security from previous research
In today's world, digital literacy plays an increasingly important role, allowing us to take full advantage of the benefits of technology However, digital skills do not just stop at the ability to use electronic devices but also include understanding and practicing safe behaviors in the online environment (Hussein and Hussein, 2020) This article will analyze the connection between digital skills, behavior, and information security, thereby helping readers understand the importance of improving digital skills to ensure safety in the digital world
Digital skills are defined as the ability to interact with digital technology, including accessing, understanding, evaluating and using information critically and responsibly in digital environments (Afif et al., 2023) Digital skills include many different elements, such as: Ability to use digital tools and applications, ability to evaluate the authenticity of information sources, ability to protect personal information, safe online communication skills, skills to handle difficult situations online risk situations (Rhee et al., 2009, Luthfia et al., 2021, Afif et al., 2023, Hussein and Hussein, 2020)
According to research by Sofie Vandoninck and colleagues (Vandoninck et al., 2013), people with higher digital skills tend to proactively respond to online problems, such as deleting messages and blocking senders when being bullied online This shows that digital skills have a positive impact on users' behavior in the online environment, helping them proactively avoid risks
Online behaviors influence personal information security Reckless sharing of sensitive data on social media, engaging with strangers online, opening suspicious links or files, and using weak passwords all elevate the risk of cyberattacks and information theft These practices compromise user security by providing opportunities for malicious actors to exploit vulnerabilities.
On the contrary, safe behaviors in the online environment will help minimize the risk of information disclosure and keep personal data secure These behaviors include: Installing anti-virus software and updating it regularly, Using strong passwords and changing them periodically, Thoroughly checking links and attachments before opening, and Limiting access Access personal information on social networks (Stutzman et al., 2013, BENZER and KARAL, 2023)
From the relationship between digital skills and behavior in the cyber environment, behavior and information security, we can infer a close connection between digital skills and information security (Benzer and Karal, 2023, Podhradsky et al., 2014) Users with higher digital skills often have safer behaviors online (Vandoninck et al.,
2013) They know how to discern potential threats, such as malicious websites or phishing emails (Elrayah and Jamil, 2023, Benzer and Karal, 2023) In addition, digital skills also help users update their knowledge about cybersecurity, thereby making appropriate choices to protect personal information (Burns and Roberts, 2013, Park,
Although digital skills play an important role in ensuring information security, reality shows that many internet users still lack the necessary skills (Elrayah and Jamil, 2023, Van Laar et al., 2017) This leads to an increase in cyber-attacks, personal data theft and the spread of false information.
Lessons from previous empirical studies and research gaps
Previous research has emphasized the significance of digital literacy in safeguarding personal information online (Stutzman et al., 2012; Vandoninck et al., 2012) However, there has been a lack of specific studies focusing on the impact of digital proficiency on personal information security in Vietnam This presents an opportunity for new research to explore the behavior and understanding of internet users in Vietnam within a rapidly changing network environment and growing risks to information security Additionally, investigating this topic could provide valuable insights into addressing emerging challenges related to data privacy and cybersecurity
This study introduces a novel approach by measuring the digital proficiency of Vietnamese subjects using a culturally customized assessment tool that takes into consideration local context and practices While previous studies have highlighted both positive and negative aspects of digital literacy for personal information security, there are still gaps in its implementation and effectiveness (Stutzman et al., 2012)
By addressing these knowledge gaps, this research aims to enhance understanding of the role that digital literacy plays in protecting personal information in Vietnam Subsequently, it seeks to propose more effective strategies and measures to improve network safety for domestic internet users while considering their unique needs as well as technological trends shaping the landscape." By conducting this research, we can gain a better understanding of the relationship between digital literacy and personal information security in Vietnam This understanding can then inform the development of targeted interventions and policies to enhance digital literacy skills and protect personal information online in Vietnam.
METHODS AND DATA
Analytical framework
In Figure 1, the technical familiarity, surveillance practice, and policy understanding of Digital literacy, internet experiences and socio–demographics are representing the independent variable, while Information control behavior represent the dependent variable, and interaction between components of DL and internet experiences impact positive on information control behavior
Figure 1: Concept model of the study
H1a: Technical familiarity has a positive impact on Information control behavior H1b: Awareness of institutional surveillance has a positive impact on Information control behavior
H1c: Policy understanding has a positive impact on Information control behavior H2: Internet experience has a positive impact on Information control behavior
H2a: the interaction between technical familiarity and internet experiences impact positive on information control behavior
H2b: the interaction between surveillance practice and internet experiences impact positive on information control behavior
H2c: the interaction between policy understanding and internet experiences impact positive on information control behavior
H3: Individual demographic characteristics that affect Information control behavior.
Research design
For a comprehensive understanding of the digital literacy-personal information security nexus, this research employs a mixed-methods design, encompassing both quantitative and qualitative data collection via surveys, interviews, and archival study This multifaceted approach ensures thorough analysis and interpretation, revealing the complexities and nuances of the relationship in question.
Quantitative data is collected through the administration of a structured questionnaire divided into four parts: o Demographics: This section collects basic demographic information such as age, gender, and education level o Distribution of Individual Knowledge Measures: This part assesses participants' knowledge related to digital literacy and personal information security through a series of questions o Distribution of Individual Skill Measures: Participants' skills in managing personal information security in digital environments are evaluated here o Internet Experience: This part explores participants' experience with the internet including frequency of use, types of activities performed, and familiarity with digital tools/platforms
The questionnaire consists 41 questions focusing on specific aspects related to the research topic - gathering data on participants’ demographics, knowledge, skills, and internet experience: o Demographics: This section collects basic demographic information such as age, gender, education level o Digital Literacy Knowledge: independent variable Technical familiarity was rated with five items on a 6-point scale (1 = not at all, 6 = very familiar) Eight true-false knowledge items were used for surveillance awareness and seven true-false items were measured for policy understanding, later coded 1 for correct answers with 0 assigned to all other responses o Information Control Behavior: dependent variable Following this, preexisting survey items were elaborated into (a) social and (b) technical dimensions Respondents were asked to report the extent to which they were involved in each of the information control behaviors on a 6-point scale, ranging from never to very often o Internet Experience: measured internet experience in daily routines through two aspects: 1) length of internet use (hours) and 2) number of years of experience We used a single 6-point scale (1 = one location, 6 = more than six locations) to capture the variety of internet access locations used by respondents
TF.1 HTML (HyperText Markup Language)
TF.3 ISP (Internet Service Provider)
TF.5 BCC (Blind Carbon Copy)
Companies today can place an online advertisement that targets you based on information collected on your web-browsing behavior
A company can tell you that you have opened an email even if you do not respond
When you go to a website, it can collect information about you even if you do not register
Popular search engine sites, such as Google, track the sites you come from and go to
E-commerce sites, such as Amazon or Netflix, may exchange your personal information with law enforcement and credit bureau
SP.6 What a computer user clicks while online surfing can be recorded as a trail
SP.7 Most online merchants monitor and record your browsing on their sites
When a website has a privacy policy, it means the site will not share your information with other websites or companies
PU.1 Government policy restricts how long websites can keep the information they gather about you
PU.2 It is legal for an online store to charge different people different prices at the same time of day
PU.3 A website is legally allowed to share information about you with affiliates without telling you the names of the affiliates
PU.4 By law, e-commerce sites, such as Amazon, are required to give you the opportunity to see the information they gather about you
PU.5 Privacy laws require website policies to have easy-to-understand rules and the same format
PU.6 Vietnam government agencies can collect information about you online without your knowledge and consent
PU.7 When I give personal information to an online banking site such as citibank.com, privacy laws say the site has no right to share that information, even with companies it owns
ICB.1 Stopped visiting particular websites because you fear they might deposit unwanted programs on your computers
ICB.2 Given false or inaccurate email addresses or fake names to websites because of privacy concerns
ICB.3 Decided not to make an online purchase because you were unsure of how information would be used
ICB.4 Chose not to register on a website because it asked you for personal information to get into the site
ICB.5 Complained to a consumer or government agency about marketing practices of particular websites
ICB.6 Asked a website to remove your name and address from any lists used for marketing purposes
ICB.7 Asked not to share your personal information with other companies
ICB.8 Use an email address that is not your main address, in order to avoid giving a website real information about yourself
ICB.9 Cleared your web browser history
ICB.10 Used filters to block or manage unwanted email
ICB.11 Erased some or all of the cookies on your computer
ICB.12 Used software that hides your computer’s identity from websites you visit ICB.13 Stopped visiting particular websites because you fear they might deposit unwanted programs on your computers
ICB.14 Given false or inaccurate email addresses or fake names to websites because of privacy concerns
ICB.15 Decided not to make an online purchase because you were unsure of how information would be used
ICB.1 Chose not to register on a website because it asked you for personal information to get into the site
ICB.2 Complained to a consumer or government agency about marketing practices of particular websites
IE.1 How many years have you used the Internet?
IE.2 How many hours do you use the Internet per day?
IE.3 How many Internet access points do you have simultaneously?
IE.4 What is your type of Internet connection?
To analyze the collected data, two main tools are utilized:
SPSS (Statistical Package for the Social Sciences) enables the computation of descriptive statistics to delineate the demographic profiles of participants and the distribution of survey responses These measures include mean, median, mode, standard deviation, and frequency distributions, providing valuable insights into the collected data.
Smart PLS (Partial Least Squares): Smart PLS is employed to calculate relevant latent variables and examine the relationships between digital literacy, personal information security, and other factors identified in the study Structural equation modeling (SEM) is used to assess the causal relationships and determine the impact of digital literacy on personal information security among individuals in Vietnam.
FINDINGS AND DISCUSSIONS RESULTS
Sample Description
The study collected responses from 219 participants initially through an online quantitative survey conducted via Google Forms After applying selection criteria, 183 valid responses were retained for analysis
Demographically, the majority of respondents, constituting 75.96% of the sample, fell under the age group of under 22 years The next significant age bracket was between
22 and 40 years, making up 21.86% of respondents, while those over 40 years represented the smallest proportion at only 2.18% Among participants under 22 years, a significant portion were students, with 89.62% holding a High school diploma or equivalent, 5.46% holding a Bachelor's degree or equivalent, and only 4.92% possessing a Master's degree or higher In terms of gender distribution, male respondents were predominant at 62.84%, with female respondents comprising 37.16% of the sample
Participants had extensive internet experience, with an average of 10.87 years of use and daily online time of 9.43 hours They accessed an average of 3.77 different websites Cable, DSL, and cellular connections (3G, 4G, 5G) were utilized for internet access.
The reliability of the survey instrument, assessed through Cronbach's Alpha coefficient, was found to be 0.723, indicating a moderate level of internal consistency reliability
Overall, the sample primarily consisted of young individuals, predominantly students, with a significant proportion of male respondents Participants demonstrated substantial experience with the Internet, accessing multiple sites through various connection types The reliability of the survey instrument suggests a reasonable level of consistency in the responses obtained from the sample population
Education High school diploma or equivalent
Master's degree or higher 4.92 Internet experience
Hours of daily Internet use 9.43 4.31 Number of Internet access sites 3.77 1.60
Cronbach's Alpha Cronbach's Alpha Based on
Data Analysis
Table 4.2.1 presents the limited comprehension of users in all three areas Findings reveal that over 42.62% of users possess a basic or better level of understanding, with only 4 individuals (2.19%) demonstrating an excellent grasp Users generally comprehend the collection and use of personal information online (M = 5.86, SD 1.52), but approximately 29.85% misunderstood fundamental data governance activities aspects Only one respondent (0.55%) answered policy-related questions accurately, achieving an average score of 82 (SD = 28) Additionally, most respondents demonstrated a moderate understanding of basic technical terms (M 33, SD=6.31) To clarify, Table 4.2.2 indicates that the understanding of basic technical aspects remains relatively low, with average scores ranging from 2.77 to 2.89, except for BCC understanding, which is moderately average at 3.43 On the other hand, the comprehension level of Surveillance practices is generally high to very high, with average scores ranging from 0.6 to 0.92 However, understanding of website policy and information management is slightly lacking, with an average score of 0.46 (SD=0.5) Legal knowledge across various aspects is generally high, with average scores ranging from 0.67 to 0.86, except for privacy and control, where it's notably lower The Vietnamese government's online personal information policies are widely misunderstood, with an average score of 0.37 (SD=0.47)
Table 4.2.1 Descriptive Statistics of Main Variables Used in Analyses
Table 4.2.2 Descriptive Statistics of Digital literacy:
Companies today can place an online advertisement that targets you based on information collected on your web- browsing behavior
A company can tell you that you have opened an email even if you do not respond
When you go to a website, it can collect information about you even if you do not register
Popular search engine sites, such as Google, track the sites you come from and go to
E-commerce sites, such as Amazon or Netflix, may exchange your personal information with law enforcement and credit bureau
What a computer user clicks while online surfing can be recorded as a trail
Most online merchants monitor and record your browsing on their sites
When a website has a privacy policy, it means the site will
0.45 0.31 0.37 not share your information with other websites or companies 0.46 0.50
Government policy restricts how long websites can keep the information they gather about you
It is legal for an online store to charge different people different prices at the same time of day
A website is legally allowed to share information about you with affiliates without telling you the names of the affiliates
By law, e-commerce sites, such as Amazon, are required to give you the opportunity to see the information they gather about you
Privacy laws require website policies to have easy-to- understand rules and the same format
Vietnam government agencies can collect information about you online without your knowledge and consent
When I give personal information to an online banking site such as citibank.com, privacy laws say the site has no right to share that information, even with companies it owns
Research findings reveal low levels of personal information control among respondents, with technical control measures rarely employed The average score of 12.41 indicates limited adoption of privacy-enhancing technologies Similarly, public participation in controlling personal information remains low (M = 19.46), as evidenced by minimal engagement in actions like cookie erasure, contacting agencies, and opting out of data sharing and purchases These low mean values (ranging from 2.23 to 2.90) suggest a lack of active efforts to protect personal data.
However, the behavior of utilizing secondary email addresses to safeguard personal information stands out as the most prevalent concern, with a mean value of 3.35 (SD 1.50)
Table 4.2.3 Distribution of Individual Skill Measures
Stopped visiting particular websites because you fear they might deposit unwanted programs on your computers 3.25 1.23 Given false or inaccurate email addresses or fake names to websites because of privacy concerns 3.11 1.30
Decided not to make an online purchase because you were unsure of how information would be used 2.44 1.11
Chose not to register on a website because it asked you for personal information to get into the site 3.00 1.27 Complained to a consumer or government agency about marketing practices of particular websites 2.23 1.07 Asked a website to remove your name and address from any lists used for marketing purposes 2.43 1.25
Asked not to share your personal information with other companies 2.90 1.47
Use an email address that is not your main address, in order to avoid giving a website real information about yourself
Cleared your web browser history 3.31 1.29
Used filters to block or manage unwanted email 3.19 1.32 Erased some or all of the cookies on your computer 2.85 1.345 Used software that hides your computer’s identity from websites you visit 3.06 1.403
Based on the findings presented in Table 4.2.4, it becomes evident that among the examined relationships, only three exhibit statistically significant positive correlations with a p-value less than 05, while the rest fail to reach statistical significance as indicated by p-values exceeding 0.05 (Hair et al., 2023) Furthermore, the calculated t- values for the hypotheses H1a, H1b, and H1c all surpass 1.96 (> 1.96), indicating significant relationships for these hypotheses (Hair et al., 2023) These results underscore the nuanced impact of the factors Technical Familiarity, Surveillance Awareness, and Policy Understanding on Information Control Behavior, with effect sizes ranging from 0.02 to less than 0.15, all statistically significant with p-values less than 05 and t-values greater than 1.96 On the other hand, the hypothesis H2, H3 are reject The 2013 study of Park confirmed the positive impact of knowledge, as measured by technical familiarity, on both social and technical aspects of information control Internet experiences, which are indicated by the years of use and daily usage, consistently supported information control, with male users displaying higher levels Interestingly, education was not found to have a significant influence on information control
Table 4.2.4 Summary of Hypotheses Testing
Hypotheses Path T statistics P values f-square Decision
H2a IE x PU ICB 0.013 0.990 0.000 Not Supported
H2b IE x SP ICB 0.79 0.430 0.009 Not Supported
H2c IE x TF ICB 0.141 0.888 0.000 Not Supported
Education ICB 0.095 0.924 0.000 Not Supported Gender ICB 0.075 0.940 0.000 Not Supported
IMPLICATIONS AND CONCLUSIONS
Questionnaire
* Main Characteristics of Study Participants: (Multiple choice questions)
Please select your age range: o Under 22 o 22-40 o Over 40
Please select your gender: o Male o Female o Other
Please select your highest level of education: o High school diploma or equivalent o Bachelor's degree o Master's degree or higher
Technical familiarity: Rate your knowledge about (1: Not at all - 6: Very familiar) o HTML (HyperText Markup Language) o Preference setting o ISP (Internet Service Provider) o Cache o BCC (Blind Carbon Copy) o Phishing o P3P (Platform for Privacy Preferences Project)
Surveillance practices: (True/False questions) What is your comment on the statement: o Companies today can place an online advertisement that targets you based on information collected on your web-browsing behavior o A company can tell you that you have opened an email even if you do not respond o When you go to a website, it can collect information about you even if you do not register o Popular search engine sites, such as Google, track the sites you come from and go to o E-commerce sites, such as Amazon or Netflix, may exchange your personal information with law enforcement and credit bureau o What a computer user clicks while online surfing can be recorded as a trail o Most online merchants monitor and record your browsing on their sites o When a website has a privacy policy, it means the site will not share your information with other websites or companies
Policy understanding: (True/False questions) What is your comment on the statement o Government policy restricts how long websites can keep the information they gather about you o It is legal for an online store to charge different people different prices at the same time of day o A website is legally allowed to share information about you with affiliates without telling you the names of the affiliates o By law, e-commerce sites, such as Amazon, are required to give you the opportunity to see the information they gather about you o Privacy laws require website policies to have easy-to-understand rules and the same format o Vietnam government agencies can collect information about you online without your knowledge and consent o When I give personal information to an online banking site such as citibank.com, privacy laws say the site has no right to share that information, even with companies it owns
Information Control Behavior: How often do you do (1: Never - 6: Very often)
Social dimension: o Stopped visiting particular websites because you fear they might deposit unwanted programs on your computers o Given false or inaccurate email addresses or fake names to websites because of privacy concerns o Decided not to make an online purchase because you were unsure of how information would be used o Chose not to register on a website because it asked you for personal information to get into the site o Complained to a consumer or government agency about marketing practices of particular websites o Asked a website to remove your name and address from any lists used for marketing purposes o Asked not to share your personal information with other companies o Use an email address that is not your main address, in order to avoid giving a website real information about yourself
Tech dimension: o Cleared your web browser history o Used filters to block or manage unwanted email o Erased some or all of the cookies on your computer o Used software that hides your computer’s identity from websites you visit
How many years have you used the Internet? (Short answer questions)
How many hours do you use the Internet per day? (Short answer questions)
How many Internet access points do you have simultaneously? o 1 o 2 o 3 o 4 o 5 o ≥6
What is your type of Internet connection? o Dial-up o Cable o DSL o 3G, 4G and 5G
[3] Information and communication technologies: ICT
AFIF, N S., BASA, P M & ZAKHARIA, A 2023 Analysis of digital literacy in the use of the internet in students Jurnal Scientia, 12, 2714-2718
ALKALI, Y E & AMICHAI-HAMBURGER, Y 2004 Experiments in digital literacy CyberPsychology & Behavior, 7, 421-429
ALOTAIBI, M., FURNELL, S., & CLARKE, N (2016, December) Information security policies: A review of challenges and influencing factors In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp 352-358) IEEE
BAWDEN, D 2001 Information and digital literacies: a review of concepts Journal of documentation, 57, 218-259
BENZER, A İ & KARAL, Y 2023 Pre-Service Teachers’ Information Security Awareness: An Analysis Based on the Knowl edge—Attit ude—Behavi or Model Educational Academic Research, 10-22
BURNS, S & ROBERTS, L 2013 Applying the theory of planned behaviour to predicting online safety behaviour Crime Prevention and Community Safety, 15, 48-64
ELRAYAH, M & JAMIL, S 2023 Impact of Digital Literacy and Online Privacy Concerns on Cybersecurity Behaviour: The Moderating Role of Cybersecurity Awareness International Journal of Cyber Criminology, 17, 166–187-166–187
ESHET, Y 2004 Digital literacy: A conceptual framework for survival skills in the digital era Journal of educational multimedia and hypermedia, 13, 93-106
FERRARI, A., PUNIE, Y & REDECKER, C Understanding digital competence in the 21st century: An analysis of current frameworks European Conference on Technology Enhanced Learning, 2012 Springer, 79-92
GERBER, M., VON SOLMS, R & OVERBEEK, P 2001 Formalizing information security requirements Information Management & Computer Security, 9, 32-37
GILSTER, P., & GLISTER, P (1997) Digital literacy (p 1) New York: Wiley Computer Pub
GOEL, S., WILLIAMS, K & DINCELLI, E 2017 Got phished? Internet security and human vulnerability Journal of the Association for Information Systems, 18, 2
GệLDAĞ, B 2021 Investigation of the relationship between digital literacy levels and digital data security awareness levels of university students E-International Journal of Educational Research, 12, 82-100
HAIR, J F., PAGE, M., BRUNSVELD, N., MERKLE, A., & CLETON, N (2023) Essentials of Business Research Methods Taylor & Francis
HALIM, Z., DURYA, N P M A., KRAUGUSTEELIANA, K., SUHERLAN, S & ALFISYAHRIN, A L 2023 Ethics-Based Leadership in Managing Information Security and Data Privacy Jurnal Minfo Polgan, 12, 1819-1828
HUANG, D L., RAU, P L P., & SALVENDY, G (2010) Perception of information security Behaviour & Information Technology, 29(3), 221-232
HUSSEIN, M T & HUSSEIN, R M 2020 Involving american schools in enhancing children’s digital literacy and raising awareness of risks associated with internet usage International Journal of Advanced Computer Science and Applications,
LAYBATS, C & TREDINNICK, L 2016 Information security SAGE Publications Sage UK: London, England
LE COZE, J.-C & ANTONSEN, S 2023 Safety in the Digital Age: Sociotechnical Perspectives on Algorithms and Machine Learning, Springer Nature
2021 The role of digital literacy on online opportunity and online risk in Indonesian youth Asian Journal for Public Opinion Research, 9, 142-160
MENARD, P., BOTT, G J & CROSSLER, R E 2017 User motivations in protecting information security: Protection motivation theory versus self- determination theory Journal of Management Information Systems, 34, 1203-
METALIDOU, E., MARINAGI, C., TRIVELLAS, P., EBERHAGEN, N., SKOURLAS, C & GIANNAKOPOULOS, G 2014 The human factor of information security: Unintentional damage perspective Procedia-Social and Behavioral Sciences, 147, 424-428
MEYERS, E M., ERICKSON, I & SMALL, R V 2013 Digital literacy and informal learning environments: an introduction Learning, media and technology, 38, 355-367
Milenkova, V & V Lendzhova (2021) "Digital citizenship and digital literacy in the conditions of social crisis." Computers 10(4): 40
NOH, Y 2017 A study on the effect of digital literacy on information use behavior Journal of librarianship and information science, 49, 26-56
PARK, Y J 2013 Digital literacy and privacy behavior online Communication research, 40, 215-236
PARSONS, K., CALIC, D., PATTINSON, M., BUTAVICIUS, M., MCCORMAC, A
& ZWAANS, T 2017 The human aspects of information security questionnaire (HAIS-Q): two further validation studies Computers & Security, 66, 40-51
PARSONS, K., MCCORMAC, A., BUTAVICIUS, M & FERGUSON, L 2010 Human factors and information security: individual, culture and security environment
PODHRADSKY, A L., LEBLANC, L J & BARTOLACCI, M R 2014 Personal Denial of Service Attacks (PDOS) and Online Misbehavior: The Need for Cyber Ethics and Information Security Education on University Campuses J Cyber Secur Mobil., 3, 339-356
PRATOMO, A B., SANTOSO, J., NUGROHO, A., FILDANSYAH, R & VANDIKA, A Y 2024 Analysis of Data Privacy Policy, Data Processing Ethics, and Technology Ethics Awareness on User Privacy Protection in West Java West Science Social and Humanities Studies, 2, 412-422
RAHMAN, T., AMALIA, A & AZIZ, Z From digital literacy to digital intelligence 4th International Conference on Sustainable Innovation 2020–Social, Humanity, and Education (ICoSIHESS 2020), 2021 Atlantis Press, 154-159
RHEE, H.-S., KIM, C & RYU, Y U 2009 Self-efficacy in information security: Its influence on end users' information security practice behavior Computers & security, 28, 816-826
SAMANI, E., BAGHERIPOUR, R & NOORDIN, N 2020 Effect of a course on educational tools on students’ attitude and digital literacy skills International Journal of Educational Technology and Learning, 8, 38-46
SARIDAKIS, G., BENSON, V., EZINGEARD, J N., & TENNAKOON, H (2016) Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users Technological Forecasting and
SARITEPECI, M., DURAK, H Y., ệZĩDOĞRU, G & USLU, N A 2024 The role of digital literacy and digital data security awareness in online privacy concerns: a multi-group analysis with gender Online Information Review
SATTAROVA FERUZA, Y & KIM, T H 2007 IT security review: Privacy, protection, access control, assurance and system security International journal of multimedia and ubiquitous engineering, 2, 17-32
SON, J.-B., PARK, S.-S & PARK, M 2017 Digital literacy of language learners in two different contexts Jalt Call Journal, 13, 77-96
SPIRES, H A., PAUL, C M & KERKHOFF, S N 2019 Digital literacy for the 21st century Advanced methodologies and technologies in library science, information management, and scholarly inquiry IGI Global
STUTZMAN, F D., GROSS, R & ACQUISTI, A 2013 Silent listeners: The evolution of privacy and disclosure on Facebook Journal of privacy and confidentiality, 4, 2
SURWADE, Y P & PATIL, H J 2019 Information Security E-Journal of Library and Information Science, 458-466
TOMCZYK, L & EGER, L 2020 Online safety as a new component of digital literacy for young people
TURN, R (1976) Classification of personal information for privacy protection purposes Proceedings of the June 7-10, 1976, national computer conference and exposition
VAN LAAR, E., VAN DEURSEN, A J., VAN DIJK, J A & DE HAAN, J 2017 The relation between 21st-century skills and digital skills: A systematic literature review Computers in human behavior, 72, 577-588.