//
you're reading...
Information Security, IT & TECHNOLOGY

Global Privacy Study: How Does Your Organization Compare?


ISACA-Logo

Major privacy breaches of customer data records are becoming common news headlines, shattering the trust of customers who expected the affected enterprises to protect their personal information. Almost 75 percent of the respondents to ISACA’s 2015 Privacy Survey indicate that their enterprises’ use of privacy policies, procedures, standards and other management approaches is mandatory, while 19 percent indicate that their use is “recommended.” This finding is a reflection of good practice because written policies and procedures should be at the heart of every enterprise, regardless of size.

However, less than one-third of the surveyed privacy professionals are very confident in their enterprise’s ability to ensure the privacy of its sensitive data. This is confirmed by the fact that more than half of surveyed privacy professionals believe that consumers should not be confident that enterprises are protecting their personal information.

Slightly more than 90 percent of the respondents to the survey report that the privacy function has a significant or moderate level of interaction with information security. This may explain why the CISO/CSO is a consistent selection as the role with primary accountability for privacy across all enterprise sizes. Unfortunately, nearly 8 percent report that no one is assigned to privacy accountability.

More than half of the respondents identify a lack of training or poor training as the most common type of privacy-related failure. This put an emphasis on the fact that privacy governance/management depends on regular, consistent monitoring of the program effectiveness, coupled with a commitment to making changes when weaknesses are spotted.

Any enterprise program as complex as privacy—requiring the coordinated efforts of many departments and individuals—requires a formal system of governance and management. Having the appropriate leadership and staff structures is an integral part of privacy governance and management. Increased (and increasingly diverse) regulation adds to the complexity, making an effective system of governance and management that involves frameworks, standards, policies and metrics a requirement. Operating in multiple jurisdictions adds a layer of complexity to privacy programs because it requires knowledge of and compliance with a wide variety of differing global regulations.

All of this is why ISACA is developing privacy principles for enterprises to use to develop a privacy program that is adaptable, flexible and applicable to the global population, with plans to publish the principles in the near future. These principles will use the COBITframework to provide structure and an implementation road map to guide practitioners through privacy management activities.

Yves Le Roux, CISM, CISSP
Chair, ISACA’s Privacy Task Force
CA Technologies

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,727 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,534 other followers

Twitter Updates

Archives

November 2015
M T W T F S S
« Oct   Dec »
 1
2345678
9101112131415
16171819202122
23242526272829
30  
%d bloggers like this: