The Rising Importance of Data Privacy


Average total cost of a data breach cost $4 million, 13.6% increase since 2014. Key magnifiers of privacy risk included:

  • Changing Environment: 64% of employees regularly use personal technologies for work purposes.
  • Disconnected Ownership: 68% of IT executives claim responsibility for technology use and security but lack the authority to manage them effectively.
  • Strategic Value: 79% of senior executives report that new uses of digital information are key to growth.
  • Threatening Atmosphere: 69% of executives believe that their companies can’t keep up with the increasing pace and sophistication of cyber attacks.

An increasing corporate need for privacy:

  • 75% of employees currently have access to customer contract information (e.g. names, e-mail addresses).
  • 37% of employees do not receive any data privacy training.
  • 58% of employees violated a privacy policy without knowing it in 2015.

The greatest security threats are employee led, our research over the past three years shows that 60% of privacy failure were caused by employee behavior.

  • 58% were unintentional due to a lack of awareness.
  • 8% were intentional and malicious.
  • 44% were unintentional and mistaken.
  • 45% was intentional but not malicious.

Key considerations to formalize your privacy program

  1. Create a privacy function and structure based on your information exposure.
  2. Coordinate across functions to determine appropriate ownership and responsibilities.
  3. Assess the root causes of privacy failures in your organization.

Who is involved in a successful privacy program?

  • IT/IS: Assess and classify data; monitor data breaches.
  • Privacy: Advice on the risk of collecting information given the intended business value, future analysis, and data storage.
  • Legal: Monitor privacy-related laws and regulations; participate in government inquiries and investigations.
  • Procurement: Perform third-party due diligence; supply information for vendor questionnaires.
  • Compliance: Create and monitor privacy related employee training; assist in internal privacy investigations.
  • Risk Management: Identify and assess enterprise-wide privacy risks.
  • HR: Advise on the proper collection and use of employee records and data.
  • Sales and Marketing: Ensure the proper collection and storage of prospective and existing customer data.
  • Audit: Assist in auditing program effectiveness and internal controls.
  • Strategy: Advice on potential privacy issues related to new product offerings.

Source from CEB

Leave a Reply

Your email address will not be published. Required fields are marked *