Organizations predominantly rely on punishment and sanctioning to enforce compliance with information security policies among employees. However, employee’s reactance to these punitive approaches have recently been linked to several negative consequences that in the long run might negatively affect organizational performance. Against this backdrop, we aim to understand how non-punitive approaches present a viable alternative. We propose to study the unique revelatory case of Netflix Stethoscope, a new software tool that breaks with the tradition by assuming that users are generally willing to comply with information security policies if allowed the freedom to do so. Taking the employees perspective, and drawing from symbolic interactionism, we propose an exploratory research design targeted at uncovering what these non-punitive approaches mean to employees, how employees respond to non-punitive approaches, and how culture affects employees’ meaning of non-punitive approaches.
