Privacy trends 2014
To be accountable, organizations need to innovate
Governments are making valiant efforts to protect privacy, but they cannot do it alone. Accountability for privacy and personal data protection needs to be a joint effort among governments, privacy commissioners, organizations and individuals themselves.
Without such a coordinated effort, the whole notion of “right to privacy” may disappear. As the pace of technology increasingly outstrips governments’ abilities to regulate privacy protection, all stakeholders must take joint responsibility.
Leading practices to instill accountability According to EY’s Global Information Security Survey 2013, 30% of respondents rate privacy as their number one or two priority in terms of investment, putting privacy 10th in the hierarchy of required information security investments. Privacy needs to rank higher.
Which information security areas do you define as “top priorities” over the coming 12 months?
In that same report, we identified four areas where organizations could improve their information security programs. In 2014, organizations can equally apply these leading practices specifically to privacy:
- Commitment from the top. Gain board support to establish a charter and a long-term strategy for privacy protection.
- Organizational alignment. As part of the organization’s strategy, develop a formal governance and operating model, align all aspects of privacy to the business and build relationships across the enterprise. Also, be willing to increase investment in privacy protection.
- People, processes and technology. Document and communicate business processes related to privacy, and make them agile enough so that they can be updated when necessary. Consider new technology choices not only in terms of their benefits to the organization, but also the privacy risks they may pose.
- Operational enablement. Allow good privacy governance to drive compliance, measure leading indicators to monitor performance and make improvements as opportunities present themselves. Facilitate greater collaboration among functions. And leverage behavior-based analytics for more effective analysis.
The last leading practice that we will add, which wasn’t included in our list of leading practices for information security is: change the culture.
Use the forces of change to enable the use of new technologies with appropriate privacy protocols rather than banning them entirely. Additionally, consider robust training programs for employees so that they clearly understand and can act in accordance with established boundaries associated with privacy and personal data protection.