Companies Not Doing Enough to Protect Consumer Information

October 8, 2015, Written By Lynn Oldshue
Security lock with privacy message on white computer keyboard - information privacy concept

Companies are not adequately protecting consumer information, according to a recent survey of privacy and risk professionals.

Conducted by ISACA, a global nonprofit information systems organization, the survey found that half of the 546 respondents said consumers should not feel confident that companies are doing a sufficient job guarding their sensitive data.

The survey also found only 29% of the respondents believe their company can maintain the privacy of sensitive consumer data. Not only are these employees worried about the possibility of a security breach, one in five has actually already experienced such a privacy breach.

The survey broke down the seven components of a good privacy program. They are:

  1. An adequate number of security professionals.
  2. Someone at a high level in the company who is responsible for privacy.
  3. A company culture that stresses privacy.
  4. Regular training on privacy awareness.
  5. Adherence to the privacy frameworks and standards accepted globally.
  6. Programs that monitor effectiveness.
  7. Compliance with all legally required data protection methods.

The main difficulties a company faces when trying to establish a privacy program are the complex regulatory landscape and confusion about the roles and responsibilities of security employees.

The survey showed that the main privacy failures include poor employee training or a lack thereof; past data breaches or leakages; and a lack of risk assessments.

The news is not all bad. Nine out of ten organizations have a specific person in charge of privacy, and these people are generally CISOs or Chief Privacy Officers, both of whom report to the company’s CEO. Also, 76% of companies hold privacy awareness trainings.

The information contained within this article was accurate as of October 8, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.