An Empirical Investigation of Factors that Influence Individual Behavior toward Changing Social Networking Security Settings

While the use of social networking sites continues to rise, security continues to be an important issue. This issue often results when many users do not change their social networking security settings. Such behavior leaves vast amounts of data vulnerable to criminal activities. This study utilized the Theory of Planned Behavior to examine factors that impact users’ behaviors regarding changing their social networking security settings. This research found support for six of the eight hypotheses. Results showed that Attitude (H1), Subjective Norm (H2), and Perceived Behavioral Control (H3) predicted Behavioral Intention. Behavioral Intention (H4) positively influenced Behavior. Apathy (H6) negatively predicted Attitude while Perceived Behavioral Control (H7) positively influenced Social Trust. Finally, Perceived Behavioral Control did not predict Behavior (H5) and Social Trust did not impact Behavioral Intention (H8). These findings have future implications for research and practice.


Introduction
Social networking continues to grow at a phenomenal rate today. In fact, the growth rate is quite astounding. For example, Facebook, founded in February 2004, reported over 1.44 billion monthly active users as of May 2015 [21]. Twitter, created in March 2006 [12], reached 500 million accounts in June 2012 [47], and has 302 million monthly active users [53]. LinkedIn, which began in 2002, has over 364 million registered members [38]. While these statistics are impressive, it does not keep new entrants away. Platforms such as Pinterest, Instagram, Tumblr and Vimeo are changing how social networking is done while stalwarts such as MySpace are reinventing themselves in an attempt to remain competitive.
Unfortunately, security remains an issue, and all social networking users face security threats. These risks range from unexpected privacy violations to worms and viruses. In addition, concerns with privacy have been linked to social media fatigue [9]. Fortunately, most social networking sites allow users to adjust security and privacy settings to help avoid these threats. Unfortunately, many users fail to make these adjustments. A recent study notes that many users do post private (risky) information [54]. This study will examine individual alteration of social networking security settings (without regard to the direction or correctness of those alterations) utilizing a theoretical model of human behavior. Figure 1 shows the research model. The structural model above contains latent variables or constructs (circles) and paths (arrows). Paths show relationships between latent variables. Latent variables are ideas that cannot be measured directly [16]. Manifest or Observable variables (not shown above) serve as measures that represent latent constructs. The model has two types of latent variables, namely endogenous and exogenous. Exogenous variables do not have paths or arrows pointing at them. On the other hands, endogenous variables have paths pointing toward them [32].
The next section of this paper discusses the relevant literature. It is followed by the research hypotheses section. The subsequent section examines the methodology used for the study. The results of the study are then presented followed by a discussion of the findings. The paper concludes with sections that discuss limitations and future research, implications for practice and conclusion.

Literature Review
In addressing the literature, we examine multiple research streams that are associated with this study. We first take a broad look at the Theory of Planned Behavior (TPB). From there we take a more focused look at TPB and how it specifically applies to information systems misuse. Finally, we examine the literature related to Apathy and Social Trust.

Theory of Planned Behavior
The Theory of Planned Behavior (TPB) suggests that human behavior can be explained and predicted within specific contexts based upon individual intention to commit behavior, along with individual perceptions of personal control over performing that behavior [1]- [2], [19], [42], [44]. The TPB suggests that behavior is a function of beliefs or information relevant to the specified behavior. Although individuals may have multiple beliefs, only a few salient beliefs can be dealt with at any given time. These beliefs are thus the primary determinants of intentions and actions [4], [19]. These beliefs link the specified behavior with the outcomes generated by performing that behavior, as well as with any potential costs generated by performing the behavior [4], [19].

Intentions
Intentions, which indicate the amount of effort individuals are willing to exert to perform a given behavior [2], "are assumed to capture the motivational factors that influence a behavior" [8]

Attitude
Attitude toward the Behavior (A) captures an individual's positive or negative perceptions of performing the behavioran Attitude is a disposition to respond favorably or unfavorably to an object, person, institution, or event [1]. Attitude is a latent variable formed from behavioral beliefs [4] regarding the expected outcome of the behavior and an evaluation of those outcomes [1]. Individuals with more positive perceptions of changing social networking security settings should also have higher Intentions to change those settings. Importantly, Attitudes are malleable [1]; in other words, they may change over time [1], [19], [36].

Subjective Norms
Subjective Norms (SN) reflects the individual's impression of other's feelings about performing the behavior [1]- [2]. Subjective Norms are essentially peer pressure [19]. If an individual perceives that others who are important to them have a positive view of changing security settings, then an individual should have a higher Intention to change security settings. Subjective Norms are formed from normative beliefs, which essentially reflect the individual's beliefs regarding how important others perceive the behavior [1].

Perceived Behavioral Control
Perceived Behavioral Control (PBC) captures the individual's perception of their capability to perform the behavior based on past experience and anticipated issues, as well as their skills, abilities, opportunity, compulsions, and dependence upon others [1]. PBC is closely related to self-efficacy [1]- [2]. PBC extends Ajzen's original Theory of Reasoned Action to behaviors which are not completely under the individual's control [1]. These behaviors typically require skills, opportunities, or resources to perform [1]. The addition of PBC also allows the model to address more complex behaviors [17]. PBC focuses on perceptions of control, rather than actual control [1]. Perceived Behavioral Control also influences behavior directly [1]. An Individual is more likely to engage in behaviors over which they have control: within the current research, respondents who feel able to change social networking security settings should also report higher Intentions to change those settings. PBC is formed from control beliefs [4].

Behavior
Although the TPB was initially designed to predict behavior [2], it can also be used to target strategies for changing behavior [40], [42]. Since the TPB suggests that behavior is a function of beliefs or information, the introduction of new information about a behavior can change an individual's evaluation of that behavior [1]. Doll and Ajzen noted "The discussion of the Theory of Planned Behavior suggests that information is at the root of intentions and actions. Behavior-relevant information, represented by memory in the form of behavioral, normative, and control beliefs, results in the formation of Attitudes, Subjective Norms, and Perceptions of Behavioral Control; and new information may lead to the formation of new beliefs or may alter previously formed beliefs" [19] p. 756. Thus, the TPB can be used to explain and also to change behavior.
Appendix A-Appendix G show the survey item wordings, abbreviations, means, standard deviations, and the overall construct mean for the Attitude, Perceived Behavioral Control, Subjective Norm, Behavior Intention, and Behavior constructs.

Theory of Planned Behavior and Information Systems Misuse
The current research examines individual utilization of social networking security settings. Fortunately, the TPB has been utilized in a number of security studies in the past [24]. For example, a combination of the TPB and the Theory of General Deterrence has been utilized to examine student intentions to commit software and data misuse [18], [23]- [24]. TPB was found to explain the behavior of computer misuse. A recent study supports the use of TPB in explaining software piracy in China [14]. TPB has also been used to examine the impact of piracy on video game console adoption [30], digital piracy [56], and the sharing of media files [10].
The Theory of Planned Behavior has also been used to examine user intention and actual reading of computer usage policies. One study utilized an expanded version of the TPB, which included Social Trust and Apathy, to investigate intention and actual reading of computer usage policies [25]. Results of that study suggest that Attitudes, Social Trust, and Apathy impact Intention to read computer usage policies. A similar study utilized the TPB, Normative Belief, and Self-efficacy to examine employee attitude toward compliance with organizational information security policy [11]. Findings from that study showed that Attitude, Normative Beliefs, and Self-efficacy significantly influenced intention to comply.
The Theory of Planned Behavior has also been used to examine user self-protection. In one study, TPB was used to predict the adoption of antispyware systems [35]. Specifically, the authors utilized a variety of items to capture Attitude, Subjective Norm, and Perceived Behavioral Control. Of the nine items used, six (representing all three factors) were significant and explained 83% of intention to adopt and 55% of actual adoption of antispyware systems. In another study, the authors examined individual online privacy protection strategies using the TPB [55]. This study found a strong correlation between intent to use online privacy protection strategies and the actual use of such strategies. Further, Attitude and Perceived Behavioral Control were significantly correlated with Intention, as was Self-efficacy. The TPB has also been used to examine willingness to exchange personal information for commercial benefits [33].
Extant literature has also utilized TPB to examine usage of social networking. For example, researchers examined adolescent use of social networking sites based upon an extended version of TPB [6]. They concluded that Attitude and PBC did influence use of social networking sites; however, they also noted the importance of a new factor, labeled Group Norm.
Unfortunately, recent research suggests that the simple addition of information may be insufficient to change behavior: "It is usually argued that, in addition to having the required knowledge, people must also be motivated to perform the behavior in question" [3] p. 102. However, this argument focuses on knowledge, rather than information. In addition, the TPB suggests that information (beliefs) is the ultimate determinant of intentions and behaviors but does not address the accuracy of that information [3]. Motivation may indeed be a factor involved in changing behavior. Extant research suggests that apathy (a lack of motivation) may be a factor in understanding human behavior in terms of information systems security [26].
Recently, a number of studies have compared users' desired security settings to their actual security settings on Facebook. Liu et al. [39] noted that intentions and actual settings only matched 37% of the time, while Madejski et al. [41] found that every respondent had a mismatch between intended and actual settings.
Liu et al. [39] examined the mismatch between intended and actual privacy settings for photographs using a sample of 200 Facebook users. The authors found that 36% of uploaded content was shared with default settings, and thus visible to all Facebook users. In addition, users had assigned their desired security settings to photos only 37% of the time. The study also noted that users who did bother modifying privacy settings for photos frequently selected settings that did not match their actual intentions.
Madejski et al. [41] examined the correctness of social networking security settings by comparing user intentions and actual settings using a Facebook application. The results of this study were quite concerning: all but three respondents felt their settings matched their intentions; however, every participant had a mismatch between their intended security settings and what they actually set within Facebook. The authors noted that most of the respondents were either unable or unwilling to correct their errors. They also noted that understanding security settings depended greatly upon what the individual user intended-the settings should reflect the intention of the user. Each of these studies focused on intentions and behavior-two key portions of the TPB. However, neither study examined the formation of these intentions. The TPB does.
Shin [48] utilized the Theory of Reasoned Action, an earlier version of the TPB, to investigate user acceptance of online social networking. This research examined the formation of Attitudes from perceived security (defined as the ability to protect data against unauthorized access), perceived privacy (defined "as the ability of an individual to manage information about themselves and thereby reveal themselves selectively" [48] p. 430), and trust (defined as "the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party" [48] p. 430. The author concluded that perceived privacy, perceived security, and trust all combine to influence Attitudes, which in turn influence intention. Another recent study conducted by Lewis et al. [37] investigated the importance of peers upon individual privacy decisions within a social network. This study found that users were significantly more likely to utilize a private profile (the focus of their study) if their friends and especially roommates did so, thus supporting the importance of peers in privacy decisions related to online social networks. The TPB captures the concept of peer group with the Subjective Norm factor.
Lewis et al. [37] also examined and confirmed the relationship between usage and the use of a private profile. The authors concluded that individuals who used an online social network, such as Facebook, were more likely to be aware of using private profiles. This suggested that a greater familiarity with a network could increase the use of private profiles. The TPB concept of PBC does measure an individuals' perception of their ability to perform a behavior. While not an exact match, the [37] study does suggest that greater use results in more awareness and use of private profiles.

Apathy
Apathy is another possible determinant of intention and behavior regarding changing social networking security policies and settings. Apathy is a lack of motivation, interest, and emotion [46]. An individual may be aware of social networking security settings but may have no interest in changing the settings or may simply feel no need to modify the default settings [25]. Appendix F shows the survey item wordings, abbreviations, means, standard deviations, and the overall construct mean for the Apathy construct.
As defined earlier, Attitude captures an individual's positive or negative perceptions of performing the behavior [1]- [2]. However, a recent call for research suggested the inclusion of apathy. Madejski et al. [41] examined online social network security settings established by college students, as well as violations or errors in these settings. The authors found that subjects reported simply not caring about settings more often than expected. As a result, [41] recommended the incorporation of an apathetic option in future research. Although Apathy appears similar to Attitude (or a lack of Attitude), this research will include Apathy as an additional factor within the Theory of Planned Behavior in an attempt to determine if Apathy and Attitude are different factors. If the two are actually different factors, this research will also allow us to evaluate the significance of Apathy upon Intentions.

Social Trust
Apathy reflects a lack of motivation to perform a behavior. However, some individuals may simply assume that the service provider is better equipped to make decisions relating to security settings. This type of assumption is reflected in the construct Social Trust. Social Trust reflects a willingness to allow others to make decisions, especially in areas where the individual may lack interest, time, abilities, or other resources to reach decisions personally [51]. Some individuals may substitute Social Trust for an understanding of risks associated with technology [20]. Within the current context, social networking users could simply assume that service providers automatically adjust the security settings in optimal ways, given that the social networking security providers have presumably greater knowledge of the systems. Appendix G displays the survey item wordings, abbreviations, means, standard deviations, and the overall construct mean for the Social Trust construct.

Hypotheses
Existing research has utilized the TPB in a wide variety of settings, including information systems security. Thus the current research examines the standard TPB hypothesis within a new setting: utilization of security settings in social networking. For example, the TPB suggests that Behavior is influenced by Intention and that Intention is influenced by Attitude, Subjective Norm, and Perceived Behavioral Control. Each of these theoretical links will be examined separately. Further, TPB suggests that Perceived Behavioral Control also has a direct impact on Behavior. This also will be examined. As discussed above, the extant literature suggests that motivation also plays a part in the formation of intention and behavior. This research will investigate the impact of Apathy (the lack of motivation) upon user's intention and actual modification of security settings.

H6: Apathy is correlated with Attitude
Extant literature also suggests that individuals may elect simply to trust others to make decisions about items such as security settings. This study will also examine the impact that Perceived Behavioral Control has on Social Trust.

Data Collection and Demographics
A total of 70 respondents returned useable surveys. One concern surrounding this sample was its size. A review of the Structural Equation Modeling (SEM) literature showed that this sample size was adequate for the research. The criteria for determining minimum sample size were (a) ten times the largest number of formative indicators in a construct or (b) ten times the largest number of structural paths pointing toward a latent construct [32]. Since the model did not include formative indicators, the number of structural paths were used to determine minimum sample size. The model showed that the largest number of paths directed at a latent construct was three. Thus, the minimum sample size required for this study was 30, indicating that the actual sample of 70 is adequate.
The respondents represented a diverse group that had similar attributes to the general MBA population as well as similarities to traditional social network users. They were 44% male and 56% female, ranging in age from 20 to 59. When respondents were asked if they would classify themselves as business professionals or students, 57% indicated business professional. A recent survey conducted by the Pew Research Center [43] provided similar results to those in the current study. That survey examined the level of educational achievement for all Internet users 18+. Of the respondents who were categorized in the some college and college+ groups, 59% were identified as having achieved the college+ level of education. Table 1 shows the respondents' age, gender and primary orientation. Respondents were employed in a cross-section of industries with a strong representation from healthcare. They also represented varying levels of work experience, with an average of almost 10 years. Respondents also indicated that they had a reasonable level of computer literacy with 60% classifying themselves as being very to extremely knowledgeable. Tables 2, 3 and 4 show respondents' industry and years of industry and computer experience.   Although the use of a convenience sample of students does present weaknesses, such a sample is adequate for the current study. Students are generally considered to be quite familiar with Facebook and to possess reasonable technological skills, thus suggesting that students may be more familiar than most with managing privacy settings. Further, individuals preparing to enter the job market may be more aware of the need to focus on those privacy settings. In addition, college students are more likely than older users to post sensitive information online [41]. In addition, [48] suggests that the demographics of college students between the ages of 18 and 30 are similar to those of social networking site users. Hargittai [34] further suggests that college students are similar to SNS users.

Overview of Statistical Analysis
SmartPLS, a Structural Equation Modeling (SEM) tool that uses a variance-based approach to estimating parameters, was used to validate the measurement model and to test the hypotheses [45]. It utilizes a least-squares estimation procedure that places minimal demands on measurement scales, distributional assumptions, and sample size [15], [22], [27]. Other SEM tools, such as Analysis of a Moment Structures (AMOS) and Linear Structural Relationship Analysis (LISREL), employ a covariance-based approach to estimate parameters. They use a maximum likelihood function to obtain estimates and make greater demands on the scales, assumptions, and sample size. If the demands of the covariance based approach cannot be met, the preferred method is the variancebased approach [32]. When results are compared using structural equation models with good measurement properties, both approaches generally achieve comparable results [32].
The authors used the variance-based approach because the data did not meet the covariance-based approach assumptions exactly. The small sample size and the non-normal distribution of the data violated those assumptions. When such assumptions are violated, the preferred alternative is the variance-based approach that provides comparable results [32].

Assessment of the Measurement Model
The authors examined the psychometric properties of the measurement model to assess internal consistency reliability (ICR), convergent validity, and discriminant validity [15]. ICR, also known as composite reliability, is analogous to Cronbach's Alpha. Results showed that the loadings ranged from .85 to .96. These values exceed the recommended cutoff of .70 [27]. The results supported ICR. See Table 5.  Discriminant validity of the scales was assessed by comparing the square root of the AVE with the correlation among the constructs and examining the factor loadings and cross-loadings of the construct items. For the first measure, the square root of the AVE should be at least .707 (i.e., AVE>.50) and should exceed the correlation between pairs of constructs [28]. In terms of the second measure, items should load higher on their respective construct than on others [29]. Tables 5 and 6 show that the criteria used to measure discriminant validity met or exceeded their thresholds. Thus, discriminant validity is supported.

Results
Structural Equation Modeling (SEM) using SmartPLS was used to test the relationships among the constructs [45]. Results showed that six of the eight hypotheses were supported. Attitude (H1), Subjective Norm (H2), and Perceived Behavioral Control (H3) positively influenced Behavioral Intentions. Behavioral Intentions (H4) positively predicted actual Behavior. Apathy (H6) had a significant but negative impact on Attitude while Perceived Behavioral Control (H7) exhibited a positive influence on Social Trust. Perceived Behavioral Control (H5) did not impact Behavior and Social Trust did not predict Behavioral Intention (H8). Table 7 shows the results of the hypotheses testing. Figure 3 shows the results and their level of significance.

Results
This study used TPB as its conceptual framework to investigate the factors that influenced users' behavior toward changing their social networking privacy and security settings. Results showed that the behavior associated with changing such settings was impacted by six of the eight constructs. In other words, Attitude (H1), Subjective Norm (H2) and Perceived Behavioral Control (H3) positively influenced users' Behavioral Intention. Behavioral Intention (4) positively predicted users' Behavior toward changing social networking privacy and security settings. Apathy (H6) negatively influenced Attitude and Perceived Behavioral Control (H7) positively predicted Social Trust. Perceived Behavioral Control (H5), however, did not predict Behavior and Social Trust did not impact Behavioral Intention (H8).
TPB suggests that Behavior is influenced by Intention, and Intention is influenced by Attitude, Subjective Norm, and Perceived Behavioral Control [1]. The results provided support for the hypothesis that Attitude predicted Behavioral Intention (H1). This support is consistent with the expectation that the Attitude toward the Behavior affects users' feelings about performing the behavior. In other words, users believed that it was important to understand and check social networking privacy and security settings. These feelings toward social networking privacy and security settings positively influenced users' Intentions to change the settings.
The results provided support for the hypothesis that Subjective Norm predicted Behavioral Intention (H2). The support is consistent with the expectation that people and authorities who are important to users can influence their behavior; e.g., users' friends and family or their superiors at college/companies think they should change privacy and security settings. This perceived social pressure positively influenced users' behavior intentions toward changing social networking privacy and security settings.
Results revealed support for the hypothesis that Perceived Behavioral Control (H3) positively predicted Behavioral Intention. This support is consistent with the expectation that users perceive that they have the abilities to perform the behavior based on past experience and anticipated issues, as well as their skills, opportunity, compulsions, and dependence upon others [1]. In other words, users believed that they have the knowledge and resources necessary to change social networking privacy and security settings. They also believed that changing those settings was easy. Such perceptions can be expected to have a positive influence on users' behavioral intention toward changing social networking privacy and security settings.
The results also supported the hypothesis that Behavioral Intention (H4) positively influenced Behavior. This finding is consistent with the expectation that Behavior can be predicted by investigating users' Intentions to perform the behaviors [1]. In other words, users' intentions to take time to check and change social networking privacy and security settings predicted their actual behavior toward changing such settings.
The study results showed negative support for the hypothesis that Apathy predicted Attitude (H6). This support was consistent with the expectation that users who do not feel motivated, interested or emotional about changing their social networking privacy and security settings will assume that such changes are unimportant and that failing to change those settings will have no consequences. Thus, Apathy had a negative effect on users' Attitudes toward changing their social networking settings.
Results showed support for the hypothesis that Perceived Behavioral Control influences Social Trust (H7). This finding is consistent with the expectation that users who feel unable to make changes to security settings due to a lack of interest, time, abilities, or other resources may prefer to let service providers adjust security settings for them [37]. On the other hand, users who understand how to adjust security settings but lack the time, interest, or opportunity to do so may rely on service providers to make the changes.
However, no statistical support is found for the impact of Social Trust on Behavioral Intention (H8). This unexpected result suggests that trusting or not trusting the service provider to make decisions has no real impact on user intention. While unexpected, this could simply reflect a lack of overall understanding of security settings. Alternatively, Social Trust may be reflected somewhat in Perceived Behavioral Control measurements. For example, Perceived Behavioral Control represents user perceptions of ability to perform a behavior. If users perceive that they can change settings but elect to use the default settings established by the service provider, one could assume that the users are expressing trust in the existing settings-thus there would be no intention to make changes. Future research could help clarify this.
Despite expectations, the relationship between PBC and Behavior (H5) is not significant in the current study. However, this is not unexpected from a theoretical perspective. Armitage and Conner [5] noted that in situations where the behavior in question is under volitional control, PBC logically should not have any impact on the relationship between intention and behavior. In short, these authors suggest that PBC will only be important when subjects feel they lack control over a behavior. Barua [7] offers support for this position, noting that the actual role of PBC varies according to the situational factors (p. 57). Within the current study, the users may feel they have significant control over the alteration of privacy settings on social networks, thus negating the impact of PBC on behavior itself.

Study Limitations and Future Research
This research examined the Theory of Planned Behavior as applied to user modification of social networking privacy settings. Although the applicability of TPB to security-related behaviors has been examined in the past, this research is the first to confirm that the TPB stands within the area of social networking privacy.
In addition, this research extends the TPB by adding two factors: Apathy and Social Trust. Although both factors have been examined in the extant security and privacy literature, this is the first time the two factors have been examined together as part of the TPB in an examination of social networking privacy. Both of the new factors, Apathy and Social Trust, were found significant. These factors helped explain the formation of Attitude and how Perceived Behavioral Control influence Social Trust and added another possible way to examine the underlying causes of Behavior.
This study also provides a foundation for future research regarding user modification of social networking security settings. For instance, future work could examine variation in subject characteristics such as age or past experiences with security breaches. Furthermore, other factors such as group norm from [5] should be included and examined as well. In addition, Apathy and Social Trust could be employed in future research utilizing TPB, Technology Acceptance Model (TAM), or other related models.
The limitations of this study offer opportunities for researchers to make meaningful contributions to the security and privacy literature. One limitation was that environmental and economic factors were not investigated. These factors could impact Intentions toward performing a behavior. Future researchers could examine how these factors might impact users' Intentions toward changing their social networking privacy settings. Another limitation was that the direction and correctness of users' changes to their social networking settings were not examined in details. Although some research has been done in this area [39], [41], the literature review provided sparse findings. Researchers could use this lack of findings to fill the gap in our understanding of the accuracy of how users' make changes to their social networking setting. A final limitation of the study was that it did not explore a longitudinal study. Future researchers could use TPB in the context of a longitudinal study to examine how, if any, changes in users' social networking settings vary over time.

Implications for Practice
Although this study was limited by the use of a convenience sample of MBA students, a number of implications for practice should be noted. First, the results of this study suggested that respondents do not consider changing privacy settings to be difficult; however, those settings are still often not changed. This suggests a need to focus on why users elect not to change privacy settings.
Fortunately, the study does suggest why users elect not to change settings: Apathy. Although the other TPB constructs, including Attitude and Subjective Norm, were associated with the behavior of changing constructs, Apathy also plays a part. Results suggest that social network users simply do not understand or see a need to change their privacy settings. As a result, those settings are typically not modified.
This result provides insight for practitioners, social networking organizations, and organizations in general. Additional education and training should be provided frequently to help users understand the importance of privacy settings and to help them make good decisions regarding their settings. Users need to be continually reminded of the importance of privacy settings and not simply to trust others (Social Trust) to handle it for them.

Conclusion
This research examined social network user Intention to change privacy and security settings. As predicted by the TPB, Attitude, Subjective Norm, and Perceived Behavioral Control, all influenced intention to change settings. In addition, intention to modify privacy and security settings predicted the actual behavior of changing those privacy and security settings. In contrast to the TPB, PBC was not correlated with Behavior.
In addition, to examining the TPB constructs within the social networking privacy and security setting, this research also examined the impact of Apathy and Social Trust. As expected, Apathy negatively influenced Attitude, suggesting that individuals who simply don't care are unlikely to change their privacy and security settings. The current research also investigated the impact of PBC upon Social Trust; a positive relationship was found.
This research contributes by adding to our understanding of how and why individuals are willing to modify the privacy and security settings of their social networking accounts. Apathy appears to be a huge factor negatively influencing such changes; however, Apathy can be overcome. Deviations Items Adapted from [52] Survey Item Abbreviation