Privacy trends 2016

Can privacy really be protected anymore?

  • Share

The programs and governance structures in place to turn privacy protection into reality remain, if not in their infancy, then certainly in their adolescence.

As an essential part of the Global Information Security Survey (GISS) 2015, we asked 630 participants to answer questions focused on the privacy issues facing organizations today.

In this GISS 2015 privacy questionnaire, 38% of respondents admit that they address security in new business processes and technologies, but not privacy specifically.

EY chart – GISS: what concerns most when it comes to how privacy is managed?

However, more telling, and perhaps more concerning for organizations and individuals alike when it comes to managing privacy, is that for nearly half (46%) of survey respondents, their number one or two concern is not having a clear picture of where personal information is stored or processed outside of their main systems and servers. This is exacerbated by the fact that for 40% of respondents, their number one or two concern is that there are simply not enough people to support their privacy program.

In a world where laws and regulations cannot keep pace with digital change, the question many are asking is: can privacy really be protected anymore?

As the onus of accountability shifts from regulators to organizations, organizations need to take heed of where they are in terms of their privacy maturity and what they need to do to make privacy protection a part of everything in an organization. Our Privacy trends 2016 report includes:

If the evolution of privacy protection is still in the adolescent phase, then it needs to grow up — fast. The digital future is upon us and it won’t wait for governments to craft laws that address the myriad privacy risks it creates.

Alarmingly large numbers of organizations still have no idea where personally identifiable data lives within their systems, let alone how to protect it.

Going forward, organizations need to be taking clear and decisive action to develop and enhance privacy management beyond ad hoc policies and toward fully accountable, certified and trusted privacy programs.

Knowing how information is collected, used, shared and maintained, developing KPIs, finding the balance between monitoring for insider threats and employee privacy, controlling access by modifying and de-identifying data, preparing for the worst and providing independent assurance on privacy programs are all signs of an evolving maturity that governments and individuals alike are demanding.