Privacy, data breaches still run rampant, shows survey of IT pros

If it seems as though digital privacy invasions and personal-data breaches happen every day in corporate America, these survey results will only reinforce that notion.

A recent survey of 827 security and privacy professionals in North America found that 66% said they were aware of six to 20 “privacy incidents” in their organizations during the past year where personally identifiable information was mishandled or exposed.

In addition, 85% of the respondents said there was at least one significant data breach that required notification in the last 12 months. That's according to the “Enterprise@Risk: 2007 Privacy and Data Protection Survey,” which was conducted by Deloitte & Touche and Ponemon Institute. The sheer volume of incidents large and small has resulted in security and privacy professionals complaining they spend too much of their time in incident-response activities such as notification and remediation rather than on root-cause analysis and employee training.

The respondents in the “Enterprise@Risk” survey work in industries of financial services, healthcare, technology, government, consumer business and manufacturing.

Of the respondents to the survey, 546 are security professionals who indicated they were spending most of their time on incident response, execution of program goals and data-protection design. The privacy professionals, the remaining 281 individuals in the survey, also said they spent most of their time on the same areas.

Seventy-one percent of the security professionals said they report to the CEO. However, privacy officers, more associated with IT governance, had a more varied reporting structure.

Thirty-eight percent of the privacy officers report to the general counsel, 21% to the head of Compliance, 11% to the CIO and the remainder to either the CEO, head of human resources, or the CFO, among others.

According to the survey, the privacy professionals earn an average salary of $125,427, while security professionals made $100,694.

Of the privacy professionals, 52% were male and 48% female, with the males earning $130,481 on average, while females earned $120,753.

Of the security professionals, 67.9% were male, 32.1% female, with the males earning an average $101,083 and the females $99,884.