Companies Are Not Adequately Protecting Consumers’ Personal Information


ISACA_logoAccording to a global survey of privacy and risk professionals which was released on the 30th September, more than half of the 546 respondents say consumers should not feel confident that companies are adequately protecting their information. The study, conducted by global IT association ISACA, also found that only 29 per cent of the respondents are very confident in their enterprise’s ability to ensure the privacy of its sensitive data. In fact, nearly one in five said they have experienced a material privacy breach.

According to ISACA’s survey report, Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function, the seven key components of an effective privacy program are:

  1. Appropriate staffing
  2. Positioning of privacy function at a high level in the organisation chart
  3. Privacy-protection culture
  4. Privacy awareness training
  5. Globally accepted frameworks/standards
  6. Metrics and monitoring program effectiveness
  7. Compliance with data-protection legal requirements

Respondents cite complex international legal and regulatory landscape and lack of clarity on roles and responsibilities as the two main barriers to establishing a successful privacy program.

The most commonly reported privacy failures are:

  • Lack of training or poor training
  • Data breach/leakage
  • Not performing a risk assessment

However, the survey also identified some bright spots. More than 9 in 10 organisations have assigned someone to be accountable for privacy, the primary positions given this responsibility are CISOs and chief privacy officers (CPOs) who report directly to the CEO. Additionally, the majority (76 per cent) of organisations provide privacy awareness training to staff.

“Organisations with effective privacy programs understand that these programs begin with a system of governance and management, and are supported by a team with defined privacy responsibilities,” said Yves Le Roux, chair of ISACA’s Privacy Working Group, principal consultant of CA Technologies.

For full results, visit

ISACA will use the survey data to help create additional privacy guidance, including a set of guiding principles in 2016.


ISACA( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.



Comments are closed.