Company Memo: We Can't Protect Consumer Data

 
 
By Dennis McCafferty  |  Posted 10-12-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Company Memo: We Can't Protect Consumer Data
    Next

    Company Memo: We Can't Protect Consumer Data

    To avoid a public-relations nightmare, companies rely on privacy risk assessments and audits and invest in security awareness training sessions for staff.
  • Previous
    Risk Factor
    Next

    Risk Factor

    Less than one-third of survey respondents are "very" confident in their enterprise's ability to ensure the privacy of its sensitive data.
  • Previous
    Broken Trust
    Next

    Broken Trust

    More than half do not think consumers today should feel confident that enterprises are adequately protecting their personal information (PI).
  • Previous
    Top Negative Consequences of a Privacy Breach
    Next

    Top Negative Consequences of a Privacy Breach

    Reputation decline: 80%, Legal action: 62%, Regulatory action: 60%. Unfavorable press coverage: 58%
  • Previous
    Report Card
    Next

    Report Card

    Two-thirds said the primary metric to measure their company's effectiveness on privacy governance is the number of breaches/incidents experienced, while nearly half cite the number of privacy complaints received from customers/clients.
  • Previous
    Best Practices, Part 1
    Next

    Best Practices, Part 1

    75% said their organization's use of privacy policies, procedures, standards and other management approaches is mandatory, while 19% indicate this is "recommended."
  • Previous
    Best Practices, Part II
    Next

    Best Practices, Part II

    46% said their company will perform a privacy risk assessment to monitor the effectiveness of its privacy program, while about two out of five said their organization will perform a privacy self-assessment and/or undergo a privacy audit.
  • Previous
    Designated Duty
    Next

    Designated Duty

    Nine out of 10 said their organization has assigned someone to be accountable for privacy, with the Chief Information Security Officer or Chief Security Officer most likely to oversee this (within 23% of companies).
  • Previous
    School in Session
    Next

    School in Session

    76% said their company provides privacy awareness training to staff.
  • Previous
    Top Certifications Held by Privacy Management/Staff
    Next

    Top Certifications Held by Privacy Management/Staff

    Certified Information Systems Auditor (CISA): 51%, Certified Information Systems Security Professional (CISSP): 36%, Certified Information Security Manager: (CISM): 34%
  • Previous
    Biggest Barriers to the Establishment of a Privacy Program
    Next

    Biggest Barriers to the Establishment of a Privacy Program

    Complexities of global legal/regulatory landscape: 49%, Lack of clarity on the mandate, roles and responsibilities: 39%, Absence of a privacy strategy and implementation road map: 37%
 

The majority of technology, risk and business professionals revealed customers should not feel confident that their personal information is fully secured, according to a recent survey from ISACA. The report, titled "Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function," shows how few survey respondents feel "very" confident in their organization's ability to ensure the privacy of its sensitive data. As a result, they fear their corporate reputation will take a major hit, with the potential for regulatory consequences. To avoid this, companies are turning to privacy risk assessments and audits, while investing in awareness training sessions for staff. "Major privacy breaches of customer data records are becoming common news headlines, shattering the trust of customers who expected the affected enterprises to protect their personal information (PI)," according to the report. "Although these enterprises believed that they had adequate measures in place to secure PI, someone—a hacker who seeks financial gain, a hacktivist who wishes to make a political point, a malicious insider who desires to get revenge for a real or imagined wrong, or a well-meaning but untrained employee who simply makes a mistake—found a way to penetrate their defenses." ISACA is a global non-profit which provides information resources and credentialing/career development opportunities for professionals who are interested in leading, adapting and assuring trust in the digital world. More than 780 global executives and professionals—including compliance/risk officers, security managers and IT audit directors—took part in the research.

 
 
 
 
 
Dennis McCafferty is a freelance writer for Baseline Magazine.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register