Average total cost of a data breach cost $4 million, 13.6% increase since 2014. Key magnifiers of privacy risk included:
- Changing Environment: 64% of employees regularly use personal technologies for work purposes.
- Disconnected Ownership: 68% of IT executives claim responsibility for technology use and security but lack the authority to manage them effectively.
- Strategic Value: 79% of senior executives report that new uses of digital information are key to growth.
- Threatening Atmosphere: 69% of executives believe that their companies can’t keep up with the increasing pace and sophistication of cyber attacks.
An increasing corporate need for privacy:
- 75% of employees currently have access to customer contract information (e.g. names, e-mail addresses).
- 37% of employees do not receive any data privacy training.
- 58% of employees violated a privacy policy without knowing it in 2015.
The greatest security threats are employee led, our research over the past three years shows that 60% of privacy failure were caused by employee behavior.
- 58% were unintentional due to a lack of awareness.
- 8% were intentional and malicious.
- 44% were unintentional and mistaken.
- 45% was intentional but not malicious.
Key considerations to formalize your privacy program
- Create a privacy function and structure based on your information exposure.
- Coordinate across functions to determine appropriate ownership and responsibilities.
- Assess the root causes of privacy failures in your organization.
Who is involved in a successful privacy program?
- IT/IS: Assess and classify data; monitor data breaches.
- Privacy: Advice on the risk of collecting information given the intended business value, future analysis, and data storage.
- Legal: Monitor privacy-related laws and regulations; participate in government inquiries and investigations.
- Procurement: Perform third-party due diligence; supply information for vendor questionnaires.
- Compliance: Create and monitor privacy related employee training; assist in internal privacy investigations.
- Risk Management: Identify and assess enterprise-wide privacy risks.
- HR: Advise on the proper collection and use of employee records and data.
- Sales and Marketing: Ensure the proper collection and storage of prospective and existing customer data.
- Audit: Assist in auditing program effectiveness and internal controls.
- Strategy: Advice on potential privacy issues related to new product offerings.
Source from CEB
