Organizations that ignore the importance of protecting personal information from outside — or inside — will suffer more than financial penalties. They may also see their reputation damaged and their brand negatively impacted.
Summary: You don’t have time to wait for privacy regulations. Instead, develop privacy-protection strategies that match your risk profile. Look to drive regulation, rather than the other way around, to anticipate tomorrow’s challenges.
Top 11 trends in data privacy
- Regulation, laws and enforcement
Historically, enforcement of privacy legislation was inconsistent or nonexistent. Today’s regulators plan on changing that by expanding their reach and imposing tougher penalties.
- Additional breach notification requirements
Governments around the world are drafting and adopting breach notification legislation. Organizations need to adapt based on their industry and jurisdictions of operations.
- Governance, risk and compliance (GRC) initiatives
Organizations are expanding GRC initiatives to converge with governance and enhance business performance with risk management. There is only a small number of GRC technologies available, but that number is growing. In 2011, expect technology firms to produce and update modules that attempt to address privacy monitoring.
- Cloud computing
Organizations transitioning their business processes to a cloud environment need to have robust vendor risk management and third-party reporting capabilities in place that address privacy risks.
- Mobile devices
Portable media means portable personal information. Employees and organizations alike need to understand and respect the power, limitations and technical controls of mobile devices.
- Increased investment
Organizations are increasing their investment in governance and tools that help manage privacy and data protection, in part because of regulation, but also because of increasing risks.
- More privacy assessments from internal audit departments
Look for internal audit departments to identify specific parts of their organizations on which to conduct deeper privacy audits and for other assessments to expand.
- Service provider reporting standards
Changes to the Statement on Auditing Standards (SAS) 70 in 2011 will give service providers the ability to obtain a report on privacy and data protection controls and compliance.
- Privacy by Design
Evolving from a concept to an essential component of privacy protection, Privacy by Design suggests that regulators are recognizing the importance of embedding privacy into new technologies and business practices from the beginning.
- Social networking
Organizations need to develop and communicate thoughtful privacy protection policies that address interactions among customers, employees and job candidates on social networks.
- Evolving privacy professional expectations
Privacy certifications are becoming more specialized, allowing individuals to be certified in focused areas such as jurisdictional regulation, IT or industry.
- Are you throwing money at your risk problems?
Companies must demonstrate sound risk management. But spending big on compliance doesn't translate into true stability. Sound familiar? Stop the spending spree.
- New information technology is both friend and foe — borderless security
In a world of anytime, anywhere access to information, traditional security efforts are not enough. Our survey explores the risks and obligations you face to keep information secure.