Date of Award

5-7-2026

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Information Science

First Advisor

John Talburt

Abstract

This dissertation investigates the extent to which deficiencies in data quality, specifically accuracy, completeness, consistency, timeliness, validity, and uniqueness, undermine data security, privacy compliance, and governance effectiveness in small businesses (fewer than 200 employees and annual revenues under $10 million) in Washington State. Although data are increasingly viewed as a strategic asset, empirical research on how poor data quality amplifies cyber risks and regulatory exposure in resource-constrained environments remains limited. A convergent mixed-methods design was employed. A purposive survey captured practitioner perceptions from nine small-business professionals regarding the impact of data quality on security (CIA triad), privacy (accuracy and transparency principles), and governance practices. This was triangulated with a systematic documentary analysis of 300 publicly available data breach notifications submitted by small businesses to the Washington State Attorney General’s office. Notifications were assessed for completeness against the state’s statutory form, and organizational websites were reviewed to compute a Data Quality Index (DQI) based on the presence of privacy, security, and governance policies. Findings reveal pervasive gaps, particularly in completeness and accuracy. Breach notifications frequently omitted optional but analytically critical fields (e.g., number of affected Washington residents, investigation end dates, and public disclosure signatures), while website policy disclosures showed governance policies present in only 3% of cases. Survey responses indicated moderate awareness of data quality impacts, with stronger recognition in governance and privacy than in security, yet perceptions often diverged from documentary evidence. These patterns demonstrate that poor data quality functions as a structural vulnerability rather than a mere technical issue, weakening threat detection, incident response, regulatory compliance, and accountability. To address these challenges, the study introduces the Small Business Data Quality Maturity Model for Security, Privacy, and Governance (SB-DQMM-SPG). This streamlined, four-level framework incorporates a Minimal Viable Data Inventory, Lightweight Data Stewardship, Integrated Quality Controls, Bidirectional Security-Quality Alignment, and Privacy-Readiness Mapping. It serves as a guide for small businesses to enhance their organizational practices. Tailored to SMEs’ resource constraints, the model positions data quality as foundational governance that enhances cybersecurity resilience and privacy protections. The research establishes a clear connection between the data quality dimensions outlined by DAMA-UK and the outcomes related to security, privacy, and governance in small organizations. Practically, it provides scalable guidance for owners, practitioners, and policymakers who aim to enhance data management as a proactive defense against cyber threats and regulatory risks, particularly in resource-limited environments.

Share

COinS