Investigating staff information security policy compliance in electronic identity systems - the Ghanaian National Identity System

Information Security Policy (ISP) compliance is key in securing organisational data. Although the factors that influence ISP compliance have been extensively studied, the emergence of Electronic Identity Systems (EIS) organisations like the Ghanaian National Identification Authority (NIA), have placed particular emphasis on the trustworthiness, privacy and security requirements. It is necessary to study these factors in this new context to ensure the security of the system. This paper presents the first study in this area. Prior research has shown the importance of staff attitude and motivation in ISP compliance, with motivation related to the perceived intrinsic benefits and extrinsic rewards for compliance. So, this study uses the NIA as a case study to explore the staff attitude towards ISP compliance and their perceived intrinsic and extrinsic rewards for compliance. A questionnaire-based study was conducted using adapted scales from literature. The results show that both experienced and inexperienced NIA staff recognise the necessity, benefits, importance, and usefulness of the ISP, and feel content, satisfied, accomplished, and fulfilled when complying with it. However, although experienced staff perceptions are clear that extrinsic rewards are not motivating compliance in the NIA, the inexperienced staff perceptions are unclear. These findings reinforce the need for clarity in EIS organisations regarding ISP compliance through formally approved policies and awareness training, they also point towards an opportunity to complement sanctions with rewards to motivate their staff.