Companies Not Doing Enough to Protect Consumer Information
Companies are not adequately protecting consumer information, according to a recent survey of privacy and risk professionals.
Conducted by ISACA, a global nonprofit information systems organization, the survey found that half of the 546 respondents said consumers should not feel confident that companies are doing a sufficient job guarding their sensitive data.
The survey also found only 29% of the respondents believe their company can maintain the privacy of sensitive consumer data. Not only are these employees worried about the possibility of a security breach, one in five has actually already experienced such a privacy breach.
The survey broke down the seven components of a good privacy program. They are:
- An adequate number of security professionals.
- Someone at a high level in the company who is responsible for privacy.
- A company culture that stresses privacy.
- Regular training on privacy awareness.
- Adherence to the privacy frameworks and standards accepted globally.
- Programs that monitor effectiveness.
- Compliance with all legally required data protection methods.
The main difficulties a company faces when trying to establish a privacy program are the complex regulatory landscape and confusion about the roles and responsibilities of security employees.
The survey showed that the main privacy failures include poor employee training or a lack thereof; past data breaches or leakages; and a lack of risk assessments.
The news is not all bad. Nine out of ten organizations have a specific person in charge of privacy, and these people are generally CISOs or Chief Privacy Officers, both of whom report to the company’s CEO. Also, 76% of companies hold privacy awareness trainings.