A recent study by FTI Consulting sheds some light on how organizations are responding to new data privacy regulations, and consequentially limiting their use of consumer data, and balancing the costs and risks of managing data in compliance with privacy laws.
FTI surveyed senior management and C-suit roles (more than 60% of respondents), and middle-management roles (28%) who had insights into the corporate data privacy programs from more than 500 large, U.S.-based companies.
The results of the study provided an insight into the state of data privacy programs, and perceptions and strategies at large corporations. The report states four key themes that were constantly emerging:
Change in the perception of data privacy
Data privacy scenery constantly changes with new data protection laws emerging across the globe, just as we discussed in data privacy trends for 2020.
If we look at the numbers from the study, we see a lot of companies actively adjusting to these changes moving forward with their privacy programs in the past year and adjusting to the requirements of new regulations, with an expected increase in their budgets.
97% of the companies stated they plan to increase their data privacy spend by 50% and 75% have made changes in their privacy programs in the past 12 months.
That is a lot of activity in the data privacy area and looking at the planned budgets, it is becoming evident that perception of data privacy initiatives has shifted from merely aligning with regulatory requirements, to seeing them as a great risk mitigator and added value to the core business of the organization.
But we have to ask, what is propelling this change? Did the activities of supervisory authorities have anything to do with how much resources are these companies investing in data privacy, did data protection laws play a part, or is it the expectation of the public that had a greater impact?
It is all that and more. Let’s find out who is building the pressure.
Organizations are facing risks
The research indicates that companies are constantly operating under the risk of data privacy breaches and other crises that might potentially arise from processing personal data, and they are well aware of negative impacts.
As we discussed in “Data breach and Reputation Management” privacy incidents will, without a doubt, affect how consumers will perceive your company in the future, affect your brand value, potentially bring regulatory investigations and sanctions, and lead to substantial financial losses.
This is corroborated by companies’ expectations of a 9% drop in global annual turnover as a result of a data privacy crisis event.
Not to mention that we are talking about companies whose average annual turnover is $830 million, and a 9% drop means $79 million in losses.
Such far-reaching impact builds up enormous pressure to be compliant from different external and internal sources, like customers and the public, but also the board, media, and supervisory authorities.
Most concerns were expressed over data usage, limitations of usage, and sharing with third parties, breaches, internal data theft, employee hardware loss, and regulatory investigations and sanctions.
Awareness does not translate into action
And while 81% stated their executives are aware of the issues, more than one-third of companies said the awareness is not translating into prioritization.
Also, most companies had positive self-assessment which reflects inconsistencies between awareness, prioritization, perception, and readiness.
If they self- assessed and came to a conclusion their privacy program is satisfactory, why is there 79% of respondents who feel vulnerable to a data privacy crisis, and nearly 40% of those who claim they are very vulnerable?
The most vulnerable industries were technology services(48%) and the financial sector (43%).
Technology stands out
Like all business processes, compliance is also a complex matter that can’t be solved by using one method or resource. It requires “a healthy mix of people, process and technology“. However, the study showed that technology stands out when it comes to compliance efforts.
68% rated systems and technology as very effective for data privacy compliance
So why are you not in the process of purchasing your data privacy solution? Well, maybe you are, but nearly 60 % of respondents stated they don’t have the resources in the organization to ensure compliance.
However, trends indicate there will be a significant increase in privacy budgets, more personnel, more internal processes and revisions of existing measures and policies.
Conclusion
“While progress is moving in the right direction, there is more work to be done. Organizations will need to translate their awareness to more action and diligence. As this happens, and privacy postures strengthen, organizations will begin to uncover and focus on the opportunities surrounding their data—rather than the risk.”
There is nothing we would want to add to this statement, except to notice, that the companies that will go through this shift faster and better will have upper-hand on their competition and will be able to draw more insights from their data.
This study is giving us a glance at the evolution of the data privacy programs in large enterprises in the US, and there is a lot of useful information to be found in the research, so we advise you to go and check the entire report here!
