Data privacy needs focused effort – study

DATA is the lifeblood of organization’s today, but when companies fail to manage it correctly, it exposes the company to several threats and puts customers and employees at risk.

According to a new study by PwC, organizations are not doing all they can to protect data privacy.

The consulting giant surveyed 9,500 senior business and technology executives from 122 countries and learned just how ‘careless’ companies were about the data in their repositories.

Less than half of respondents said their organization limits collection, retention, and access of personal information to the minimum necessary to accomplish the legitimate purpose for which it is collected.

Yet, only 51 percent of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored.

Further, only 53 percent require employees to complete training on privacy policy and practices.

When it comes to third parties who handle personal data of customers and employees, less than half conduct compliance audits to ensure they have the capacity to protect sensitive information.

Only 46 percent of respondents said their organization requires third parties to comply with their privacy policies.

US Cybersecurity and Privacy Leader Sean Joyce said:

Using data in more innovative ways opens the door to both more opportunities and more risks. There are very few companies that are building cyber and privacy risk management into their digital transformation. Understanding the most common risks, including lack of awareness about data collection and retention activities, is a starting point for developing a data-use governance framework.

Businesses in Europe and the Middle East generally lag behind those in Asia, North America, and South America in developing an overall information security strategy and implementing data-use governance practices, according to study.

However, the report reaffirms that senior executives recognize the rising stakes of cyber insecurity. And there is some cause for optimism. Eighty-seven percent of global CEOs say they are investing in cybersecurity to build trust with customers.

Almost four in five CEOs say they are creating transparency in the usage and storage of data. But less than half say they are taking these actions “to a large extent.”

And more worrying is that less than a third of African CEOs and nearly a quarter of North American CEOs (22 percent) say they are “not at all” creating transparency in the usage and storage of data.

The study also revealed that less than a third of respondents say their corporate board directly participates in a review of current security and privacy risks.

For organizations worth more than US$25 billion the figure is only a bit higher (36 percent).

“Organisations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management. Without a solid understanding of the risks, boards are not well positioned to exercise their oversight responsibilities for data protection and privacy matters,” PwC’s Asia Pacific Cybersecurity and Privacy Leader Paul O’Rourke said.

---

---

---