In recent years, there has been heightened awareness and concern regarding privacy and data protection, driven by high-profile data breaches and increasing connectivity. Organizations are under growing pressure to safeguard sensitive data due to legal obligations and the need to maintain trust with their stakeholders.
To better understand the state of organizational privacy, ISACA surveyed 1,300 privacy professionals in the fourth quarter of 2023. The resulting Privacy in Practice 2024 report highlights the findings of the survey and the implications for organizations’ privacy programs.
With the rapid changes in privacy regulations around the globe, the survey found that only one-third of respondents find it easy to understand their privacy obligations, and only 43 percent are very or completely confident in their organization’s ability to ensure data privacy and achieve compliance with new privacy laws and regulations.
Privacy Budgets Are Tightening
In addition to the complexity of the privacy regulatory landscape, privacy professionals face other challenges, including constrained budgets. Nearly half of respondents said their privacy budget is underfunded, and only 36 percent said it is appropriately funded. One-quarter said they expect their budget to increase in the year ahead, only 1 percent said it will remain the same, and more than half expect a decrease in their budget.
In addition, technical privacy positions are in the highest demand, with 62 percent of respondents expecting increased demand for technical privacy roles in the next year, compared to 55 percent for legal/compliance roles. However, respondents indicate there are skills gaps among these privacy professionals; they cite experience with different types of technologies and applications as the biggest gap.
The survey also found that creating an effective privacy program is hampered by a lack of:
- Competent resources
- Clarity on mandate, roles, and responsibilities
- C-suite and executive support
- Visibility and influence within the organization
When looking at common privacy failures, respondents pinpointed the lack of employee training, not practicing “privacy by design” and data breaches as their main concerns.
Privacy By Design Benefits
The report explained that privacy by design involves the “integration of privacy into the entire engineering process” and “thinking of privacy as part of basic functionality rather than treating it as an afterthought.”
Based on the survey responses, enterprises that practice privacy by design are more likely to:
- Encourage interactions across all functional areas of the organization
- Have a privacy strategy that aligns with other organizational objectives
- Be confident in their ability to ensure the privacy of sensitive data
- Believe their privacy budget is appropriately funded
- Separate privacy training from security training
The report warned that organizations that do not protect their data risk losing the trust of stakeholders and customers, as privacy violations can result in heavy fines and reputational damage.
From the survey results, it is clear that organizational privacy involves a delicate balance between technological progress, regulatory compliance, employee recruitment training and the need to earn and maintain the trust of individuals and society at large.
MBL Technologies provides comprehensive cybersecurity services for long-term, sustainable solutions that address every facet of the privacy landscape in 2024 and beyond. We help you boost your cybersecurity posture and implement a robust privacy program to stop costly breaches. Contact us to learn more.