Employees do not feel confident that companies are adequately protecting their information, according to a study conducted by global IT association ISACA.
Findings claim that only 29 percent of the 546 respondents are ‘very confident” in their enterprise’s ability to ensure the privacy of its sensitive data - in fact, nearly one in five said they have experienced a material privacy breach.
According to survey, the seven key components of an effective privacy program are:
1. Appropriate staffing
2. Positioning of privacy function at a high level in the organisation chart
3. Privacy-protection culture
4. Privacy awareness training
5. Globally accepted frameworks/standards
6. Metrics and monitoring program effectiveness
7. Compliance with data-protection legal requirements
“Organisations with effective privacy programs understand that these programs begin with a system of governance and management, and are supported by a team with defined privacy responsibilities,” says Yves Le Roux, chair of ISACA’s Privacy Working Group, principal consultant, CA Technologies.
Respondents also cite complex international legal and regulatory landscape and lack of clarity on roles and responsibilities as the two main barriers to establishing a successful privacy program.
The most commonly reported privacy failures are a lack of training or poor training, data breach/leakage as well as companies not performing a risk assessment.
However, the survey also identified some bright spots.
More than 9 in 10 organisations have assigned someone to be accountable for privacy, the primary positions given this responsibility are CISOs and chief privacy officers (CPOs) who report directly to the CEO.
Additionally, the majority (76 percent) of organisations provide privacy awareness training to staff.