Sample Systemic Literature Review: Privacy Implications of Workplace Technologies: Investigating Employee Perceptions in Five UK Technology Firms

1. Introduction

The increasing connectivity of the modern work environment is blurring the boundaries between personal and professional lives in terms of online presence and the digital footprint left by individuals (Parker et al., 2017; Roblek et al., 2016). While many company CEOs maintain their social media pages as official accounts, many regular employees do not want to demonstrate similar levels of openness. However, the use of real names and other personal information published on company websites may expose regular staff members to various risks, ranging from stalking to hacker attacks (Tranvik & Braten, 2017; van Zoonen & Rice, 2017). Stolen professional accounts and credentials are also widely used by criminals for phishing and social engineering schemes (Walden, 2016). These considerations inform the topic of this thesis, which seeks to investigate the privacy implications of different workplace technologies used in modern technology firms in the UK.

The purpose of this chapter is to perform a systematic literature review of secondary data related to the issues of privacy implications or workplace technologies and employee perceptions of privacy issues related to them (Beer & Mulder, 2020; Katsabian, 2019). This aim is achieved by identifying the key inclusion-exclusion criteria for academic publications, outlining a detailed search process including the methods used for selecting high-quality sources, and the description of the specific search techniques and instruments (Saunders et al., 2015). The overall process of the systematic literature search is presented in a PRISM flow chart template inserted at the end of the following section.

2. Search Strategy

The search strategy for selecting the literature on privacy implications of workplace technologies involved the phases of Identification, Screening, and Inclusion as outlined by the PRISM flow chart framework (Ayele et al., 2023). The first stage included the selection of the most appropriate databases and the formulation of appropriate keywords for the search. Preliminary analysis revealed three databases that contained the largest number of potentially suitable articles for the selected research focus (Dunleavy, 2017). They included SAGE (2024), ScienceDirect (2024), and Taylor & Francis (2024). The first one specialises in social sciences and humanities and provides a large number of peer-reviewed journals. The second database contains multiple articles on cybersecurity exploring the problem from a scientific point of view. Finally, Taylor & Francis contains hundreds of publications in such spheres as psychology and management that may contribute to the analysis of employee perceptions related to the studied topic. The search process included several stages, which are discussed in detail in the following sections.

2.1. Initial Keyword Identification

First, primary keywords such as “employee perceptions”, “privacy concerns”, and “surveillance” related to the researched topic were identified by the author based on the preliminary literature search conducted. The resulting list included both broad terms such as “social media in the workplace” and more specific phrases such as “stalking risks”. This ensured that the future systematic search for literature would generate rich outputs covering different areas of privacy implications of workplace technologies rather than a single specific problem or challenge (Paltridge & Starfield, 2007). Second, the author focused on secondary keywords such as “employee trust”, “digital privacy”, and “thematic analysis”. These elements were used to explore the studies that could discuss some aspects of the analysed problem indirectly while also outlining the preferred methodologies of the searched studies (Bryman, 2012). The final list of primary and secondary keywords is presented in the table below.

Table 1: List of Primary and Secondary Keywords

Primary KeywordsSecondary Keywords
workplace technologyemployee trust
privacy concernscybersecurity risks
employee perceptionsdigital privacy
data securityanonymity in the workplace
surveillanceorganisational policies
social media in the workplacequantitative survey
security threatsthematic analysis
personal data exposuremixed-methods strategy
stalking risksexplanatory sequential design

2.2. Boolean Operators

To refine the search results, the author employed Boolean operators (AND, OR, NOT) in the following manner:

  • AND was used to combine individual concepts (e.g. “privacy implications and peer-reviewed”).
  • OR was used to include synonyms and related terms in search outputs (e.g. “systematic review OR meta-analysis”).
  • NOT was used to exclude irrelevant elements (e.g. “workplace technologies NOT remote work”).

The use of Boolean operators was deemed necessary due to their usefulness for creating complex queries yielding more relevant and targeted results (Cassell et al., 2017). This allowed the author to combine individual keywords to narrow down search outputs or exclude certain terms, methodologies, and topics from search outputs.

2.3. Wildcards and Truncation

Wildcards and truncation were utilised to capture possible variations of the keywords from the table above. For example, the use of the asterisk symbol (*) ensured that the term “research*” also yielded results for “researching” or “researched”. Similarly, “employee*” ensured that both “employee” and “employees” were captured in article headings. The use of wildcards and truncation allowed the author to broaden search results by ensuring that all derivatives and variations of the keywords were included in search outputs (Bryman & Bell, 2015). This contributed to a more comprehensive understanding of the topic since a wider scope of relevant literature was captured for further extraction (Creswell & Guetterman, 2018).

2.4. Inclusion and Exclusion Criteria

As implied by the Screening element of PRISM, the outputs of initial search procedures must be further refined to exclude duplicate entries and explore the quality of the articles included in the literature review in terms of their methodologies, relevance to the topic, and other inclusion and exclusion criteria (Paltridge & Starfield, 2007). The use of such conditions ensures that studies with sub-optimal quality or wrong focus are not included in the final sample for retrieval. This saves time and reduces the risks of selecting inappropriate sources that do not contribute to a comprehensive understanding of the existing status quo in some areas of academic knowledge (Wisker, 2015). In light of the selected topic, this implies the need to sort out industry publications, publications in online journals, and articles published in popular non-academic journals that discuss the privacy implications of different workplace technologies. While these sources may contain some interesting ideas informing new research directions, the absence of peer review and external evaluation frequently reduces the quality of the source (Smith & Felix, 2019). More specifically, such works may reflect the personal opinions of authors instead of objective findings, while their conclusions do not undergo rigorous evaluation by independent experts in a certain sphere before publication.

Additionally, some of the studies found via selected keywords may not directly explore the selected areas of interest or may not be fully relevant to the selected research focus of the systematic literature review (Phillips & Johnson, 2022). In the case of workplace technologies, the author seeks to approach this problem from a human resource management (HRM) standpoint, while many publications in this field prioritise information security or organisational performance standpoints. This worldview makes some of the studies matching the earlier defined keywords sub-optimal for addressing the aims of this thesis. The table below presents key inclusion and exclusion criteria informed by these considerations.

Table 2: Inclusion and Exclusion Criteria

Inclusion CriteriaExclusion Criteria
Studies published in Q1 and Q2 peer-reviewed journalsArticles published in non-peer-reviewed journals as well as non-peer-reviewed articles (e.g. editorials and opinion pieces)
Articles employing robust methodologies and thoroughly describing the research processArticles with ambiguous descriptions of their research methodologies
Studies published from 2000 onward with special attention to studies published during the last 5 yearsStudies published before 2000
Articles specifically exploring the issues of privacy implications of workplace technologiesArticles diverged from the field of workplace technologies and employee perceptions of them or articles with an unfocused or unclear research topic

Upon the retrieval of the relevant articles, the author used the citation chaining technique to identify additional publications that could be relevant to the selected topic. This process involved:

  • A review of reference lists in all selected articles.
  • The identification of newer articles citing these studies via citation indexes in the three earlier discussed databases.

This procedure ensured that all relevant sources were identified and documented (Smith & Felix, 2019). Additionally, citation chaining allows authors to explore the historical evolution of research in certain areas or identify key authors and works in the field. From a practical standpoint, this method reduces the time spent on literature retrieval. The focus on well-cited papers ensures direct access to multiple relevant studies while excluding less impactful publications that are frequently found in initial search results using keywords only (Cohen et al., 2018). Such efficiency is highly beneficial for PhD research and allows authors to develop robust bibliographies while also taking into account different perspectives within the studied field.

The PRISM flow chart below summarises the key procedures utilised for the literature search (Cassell et al., 2017). The first identification phase involved the retrieval of 68 articles from the three aforementioned databases, namely SAGE, ScienceDirect, and Taylor & Francis. This process included the use of the identified primary and secondary keywords combined via Boolean operators followed by the removal of duplicate records and the use of wildcards and the citation chaining technique (Creswell & Guetterman, 2018). The final number of entries before the screening phase amounted to 50 sources. The second stage involved the removal of articles that were not available for retrieval or did not match the defined research focus. This process left 42 sources that were assessed for eligibility in accordance with the earlier discussed inclusion-exclusion criteria. At this point, the author performed a screening review of each source to appraise its quality, relevance for the selected field, and publication date.

Figure 1: PRISM Flow Chart

cybersecurity systemic literature review sample figure 1

These factors informed the exclusion of 17 sources that did not match these inclusion criteria. The resulting sample of 25 publications was used in the systematic literature review. The use of the earlier selected primary and secondary keywords proved effective for identifying the studies suitable for the selected topic. For example, “workplace technology” and “surveillance” elements led to the discovery of the studies by Bhave et al. (2020), Kayas (2023) and Mickeler et al. (2023). Similarly, “data security” and “personal data exposure” produced the search outputs including the projects by Glavin et al. (2024) and Griep et al. (2021), both of which contained relevant and up-to-date information about the studied topics. At the same time, the use of citation chaining in the most recent publications allowed the author to identify additional projects, such as Lopez (2024) and Ninaus et al. (2021). Both of these studies were not found in the original search outputs from the three selected databases, which confirmed that the selected search strategy involving multiple methods was effective in finding all relevant literature related to the selected topic.

With that being said, several studies excluded during the screening phase included Mao and DeAndrea (2019) and Paganin and Simbula (2021). These entries were excluded due to their different focus, namely employee voice and work-stress management instruments. While they contained some general information about workplace technologies, this information was not directly related to the privacy implications of workplace technologies. Similarly, the works of Mishra and Crampton (1998) and Rodriguez (1995) did not meet the criteria of relevance, since they were published before 2000. With the rapid advancement of information technologies, the author prioritised sources published in recent years. This was deemed necessary to ensure that the findings of these studies reflected the current problems of workplace technologies’ implementation in terms of their perceived risks from the standpoint of employees.

References

Ayele, R., Rabin, B., McCreight, M., & Battaglia, C. (2023). Understanding, assessing, and guiding adaptations in public health and health systems interventions: current and future directions. Frontiers in Public Health, 11(1), 1-23. https://doi.org/10.3389/fpubh.2023.1228437

Beer, P., & Mulder, R. (2020). The effects of technological developments on work and their implications for continuous vocational education and training: A systematic review. Frontiers in Psychology, 11(1), 918-932. https://doi.org/10.3389/fpsyg.2020.00918

Bhave, D., Teo, L., & Dalal, R. (2020). Privacy at work: A review and a research agenda for a contested terrain. Journal of Management, 46(1), 127-164. http://dx.doi.org/10.1177/0149206319878254

Bryman, A. (2012). Social Research Methods. New York: Oxford University Press Inc.

Bryman, A., & Bell, E. (2015). Business Research Methods. London: Oxford University Press.

Cassell, C., Cunliffe, A., & Grandy, G. (2017). The SAGE Handbook of Qualitative Business and Management Research Methods: History and Traditions. London: SAGE.

Cohen, L., Manion, L., & Morrison, K. (2018). Research methods in education. London: Routledge.

Creswell, J., & Guetterman, T. (2018). Educational Research: Planning, Conducting, and Evaluating Quantitative and Qualitative Research. London: Pearson.

Dunleavy, P. (2017). Authoring a PhD: How to plan, draft, write and finish a doctoral dissertation or thesis. London: Bloomsbury Publishing.

Glavin, P., Bierman, A., & Schieman, S. (2024). Private Eyes, They See Your Every Move: Workplace Surveillance and Worker Well-Being. Social Currents, 11(4), 327-345. https://doi.org/10.1177/23294965241228874

Griep, Y., Vranjes, I., van Hooff, M., Beckers, D., & Geurts, S. (2021). Technology in the workplace: Opportunities and challenges. Flexible Working Practices and Approaches: Psychological and Social Implications, 1(1) 93-116. http://dx.doi.org/10.1007/978-3-030-74128-0_6

Katsabian, T. (2019). Employees’ privacy in the internet age. Berkeley Journal of Employment and Labor Law, 40(2), 203-255. http://dx.doi.org/10.2139/ssrn.3152404

Kayas, O. (2023). Workplace surveillance: A systematic review, integrative framework, and research agenda. Journal of Business Research, 168(1), 1-17. https://doi.org/10.1016/j.jbusres.2023.114212

Lopez, A. (2024). The role of information technology and workplace organization in firm productivity: evidence from Spanish firms. Economics of Innovation and New Technology, 33(2), 282-298. https://doi.org/10.1080/10438599.2023.2172000

Mao, C., & DeAndrea, D. (2019). How anonymity and visibility affordances influence employees’ decisions about voicing workplace concerns. Management Communication Quarterly, 33(2), 160-188. https://doi.org/10.1177/0893318918813202

Mickeler, M., Khashabi, P., Kleine, M., & Kretschmer, T. (2023). Knowledge seeking and anonymity in digital work settings. Strategic Management Journal, 44(10), 2413-2442. https://doi.org/10.1002/smj.3504

Mishra, J., & Crampton, S. (1998). Employee monitoring: privacy in the workplace?. Advanced Management Journal, 63(1), 4-14. https://doi.org/10.1023/A:1021600419449

Ninaus, K., Diehl, S., & Terlutter, R. (2021). Employee perceptions of information and communication technologies in work life, perceived burnout, job satisfaction and the role of work-family balance. Journal of Business Research, 136(1), 652-666. https://doi.org/10.1016/j.jbusres.2021.08.007

Paganin, G., & Simbula, S. (2021). New technologies in the workplace: can personal and organizational variables affect the employees’ intention to use a work-stress management app?. International Journal of Environmental Research and Public Health, 18(17), 9366-9378. https://doi.org/10.3390/ijerph18179366

Paltridge, B., & Starfield, S. (2007). Thesis and Dissertation Writing in a Second Language. London: Routledge.

Parker, S., Van den Broeck, A., & Holman, D. (2017). Work design influences: A synthesis of multilevel factors that affect the design of jobs. Academy of Management Annals, 11(1), 267-308. https://doi.org/10.5465/annals.2014.0054

Phillips, E., & Johnson, C. (2022). How to Get a PhD: A handbook for students and their supervisors. London: McGraw-Hill Education (UK).

Roblek, V., Meško, M., & Krapež, A. (2016). A complex view of industry 4.0. Sage open, 6(2), 1-17. https://doi.org/10.1177/2158244016653987

Rodriguez, A. (1995). The protection of workers’ privacy: The situation in the Americas. International Labour Review, 134(1), 297-320. http://dx.doi.org/10.1177/20539517211013051

SAGE (2024, October 17). Sage Journals. Sage Journals. https://journals.sagepub.com/

Saunders, M., Lewis, P., & Thornhill, A. (2015). Research Methods for Business Students. Harlow: Pearson Education Limited.

ScienceDirect (2024, October 17). ScienceDirect. ScienceDirect. https://www.sciencedirect.com/

Smith, I., & Felix, M. (2019). A practical guide to dissertation and thesis writing. Cambridge: Cambridge Scholars Publishing.

Taylor & Francis (2024, October 17). Taylor & Francis. Taylor & Francis. https://www.tandfonline.com/

Tranvik, T., & Braten, M. (2017). The visible employee-technological governance and control of the mobile workforce. Management Revue, 10(1), 319-337. https://doi.org/10.5771/0935-9915-2017-3-319

van Zoonen, W., & Rice, R. (2017). Paradoxical implications of personal social media use for work. New Technology, Work and Employment, 32(3), 228-246. https://doi.org/10.1111/ntwe.12098

Walden, J. (2016). Integrating social media into the workplace: A study of shifting technology use repertoires. Journal of Broadcasting & Electronic Media, 60(2), 347-363. https://doi.org/10.1080/08838151.2016.1164163

Wisker, G. (2015). Developing doctoral authors: Engaging with theoretical perspectives through the literature review. Innovations in Education and Teaching International, 52(1), 64-74. https://doi.org/10.1080/14703297.2014.981841

Author

  • Jason T phd writer in cybersecurity

    Jason returned to academia to pursue his PhD degree in Security, Risk, and Vulnerability after developing a remarkable professional career involving collaborations with some Fortune 1000 companies. His renewed interest in teaching and full-time academic writing was associated with the internal need to share this accumulated practical expertise with PhD students. Jason can help you succeed in your own thesis writing journey by offering unique insights into various security and vulnerability spheres. He also has experience in using various statistical analysis software products (e.g., SPSS and STATA), as well as financial calculations for cybersecurity risk management solutions.

    View all posts PhD Cybersecurity Writer