Skip Links

Survey says more attention being paid to data privacy, but still a ways to go

By Grant Hatchimonji, CSO
January 31, 2014 04:50 PM ET

CSO - Data privacy has gotten its fair share of attention these days, what with the high-profile data breaches that have taken place in recent months. Fittingly, PricewaterhouseCoopers released the results of its 2013 data privacy survey late last year, in which the 370 participants represented both board level members responsible for oversight of privacy programs within their organization and practitioners involved in day to day operations.

While some of the statistics were reassuring and showed that data privacy is growing in importance, it would appear that there's still a ways to go before it gets the amount of attention it deserves.

For instance, one of the many statistics indicated that the majority of respondents considered consumer privacy a "medium priority." By PwC's definition, this means that it's a business concern that gets "some attention."

That being said, what the statistics did not necessarily indicate is that a lot depends on the sector being discussed, said Carolyn Holcomb, a partner and leader in PwC's Risk Assurance Data Protection and Privacy Practice. Different areas like the financial and healthcare sectors clearly prioritize consumer privacy more than others. One example Holcomb gave was B2B companies that are, in essence, not part of the front line like retailers are.

"People in [sectors like financial or healthcare] will tell you that privacy is among their top 10 risks," said Holcomb. "It's when you expand that to other sectors that don't collect as much consumer information that you don't see as high of a risk."

But it's difficult to deny that privacy awareness isn't quite where it should be. Study results said that 47 percent of board members felt that while they were aware of privacy issues, they weren't aware of the impact they have on their organization (while an additional 13 percent said that they weren't even aware of the issues at all).

One possible reason for the lack of awareness is that, according to the study, 54 percent of board members admitted to relying on internal communications rather than one-on-one meetings to stay informed on privacy issues.

"Some of that is still related to a lack of education. Board education still has a way to go," said Holcomb in reference to the lack of face-to-face meetings. "Board members still aren't sure what they're missing. It goes back to that confusion that security and privacy are the same, so they see a security presentation and think they don't need anything else."

Naturally, the unfortunate implication here is that more often than not, board members may not be aware of the impact privacy risks might have on their companies. "There might be a privacy risk, but they'll think, 'We have a lawyer, we have a privacy policy, so everything must be okay,'" said Holcomb. "There's a lack of understanding of the risk."

Regardless of how companies perceive the importance of privacy on the whole, they do seem to be, at the very least, discussing it more. The study results indicated that while the majority of respondents -- 39 percent -- were only discussing privacy issues at the board level annually, the number of companies that are discussing them more frequently wasn't far behind. That number is on the rise year over year according to Holcomb, with 23 percent of respondents saying that they discuss privacy issues quarterly.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News