Regulation and risk driving corporate investment to address privacy in 2011
New York, 2 February 2011 – Organizations are expected to invest more money to protect personal information in response to increased government regulation and enforcement and to stem the rising tide of risk, according to Privacy trends 2011: Challenges to privacy programs in a borderless world, a new report released today by EY. To combat the growing risks associated with the key trends in protecting corporate and personal data, companies will spend money in 2011 to hire highly-skilled certified privacy professionals and invest in technical controls that monitor and manage external attacks and internal leaks from within the organization.
“In an increasingly borderless business environment, protecting personal and professional information is a paramount concern,” says Bernie Wedge, Americas Information Technology & Risk Assurance leader for Ernst & Young LLP. “New technologies associated with mobile communication, social networking and cloud computing have erased the boundaries of how we do business today, but while these new technologies provide tremendous opportunities, they also present new privacy risks for organizations and employees alike.”
In addition to increased investment, the report details another 10 interrelated trends that affect organizational privacy. Two of these trends are government initiated – expanding government regulation and privacy laws with higher penalties and additional notification provisions that will require organizations to increase transparency and adopt new approaches tailored to their industry and where they operate. This type of government action leads to a wave of organizational governance, risk and compliance initiatives.
Increased usage of enhanced technology drives the remaining trends, which include:
- Gradual transitioning to cloud computing that demands robust vendor risk management and third-party reporting capabilities to address privacy risks
- Increasing use of mobile devices that should require organizational management of geo-location abilities that enable organizations to identify the physical location of a device and the person using it, as well as employee education about their privacy and limitations
- Escalation of privacy assessments, including more and deeper internal audits and an increasing desire for an organization to obtain an external assessment against the Generally Accepted Privacy Principles (GAPP)
- Growing demands for service providers to obtain an independent assessment of their privacy and security practices, whether using the SAS 70 standard or moving to the new guidance on Service Organization Controls reporting that will allow service providers to report to their customers on their privacy and security controls in a SAS 70-style report
- Instituting Privacy by Design, an internationally recognized model that ensures privacy isn’t treated as an afterthought and becomes an essential part of privacy protection by embedding it into new technologies and business practices from the beginning
- Social networking between the organization and customers, employees and job candidates, resulting in the development of further privacy protection policies
- Evolving professional expectations, leading to privacy certifications in specific jurisdictions or industries
As regulations concerning data protection and privacy are expected to proliferate, the EY report notes that companies must be certain their enterprise-wide privacy protection strategies meet current needs and anticipate future challenges.
“Protecting personal information needs to be an ongoing focus across the organization, and no longer an afterthought,” says Dr. Sagi Leizerov, Executive Director and Leader of Ernst & Young LLP’s Privacy Services, part of the firm’s Advisory Services practice. “There needs to be a series of thoughtful and strategic policies that embed privacy protection into new technologies and business practices from the beginning, which will ultimately lead to enhanced business performance.”
Increased attention to privacy protection will also play a pivotal role in career advancement for privacy professionals. Businesses will likely hire more privacy professionals, reversing the losses privacy offices experienced during the economic downturn. More organizations are improving their privacy function by merging information security, privacy and other functions, including HR, legal and sourcing, into virtual information risk organizations, creating a more holistic approach to data protection. Many positions that address the organization’s use of personal information, in areas such as IT, audit, legal and marketing, will also add privacy protection to their skill sets. As a result, more individuals will obtain privacy certifications in 2011.
“In 2011, we expect to see a fundamental shift in the approach organizations take to protect personal information,” adds Leizerov. “Organizations can no longer ignore the importance of protecting against external or internal threats and must understand that data breaches will not only result in financial penalties, but can also severely damage a company’s brand and reputation.”
The full report is available at www.ey.com.
About EY's Advisory Services
The relationship between risk and performance improvement is an increasingly complex and central business challenge, with business performance directly connected to the recognition and effective management of risk. Whether your focus is on business transformation or sustaining achievement, having the right advisors on your side can make all the difference. Our 20,000 advisory professionals form one of the broadest global advisory networks of any professional organization, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and superior client experience. We use proven, integrated methodologies to help you achieve your strategic priorities and make improvements that are sustainable for the longer term. We understand that, to achieve your potential as an organization, you require services that respond to your specific issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where the strategy is delivering the value your business needs. It’s how EY makes a difference.
EY is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
For a copy of the report, please visit www.ey.com.
EY refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity.
This news release has been issued by Ernst & Young LLP, a client-serving member firm of Ernst & Young Global Limited located in the US.