IAPP publishes Organizational Digital Governance Report

Companies are prioritizing their journeys from digital entropy to digital responsibility

PORTSMOUTH, N.H. — 5 September 2024 — The IAPP, the global home for privacy, AI governance and digital responsibility professionals, published the Organizational Digital Governance Report 2024. This research charts the transformative and sometimes destabilizing impacts of new technologies and related regulatory requirements on organizations' legacy governance structures, as well as the emergence of more coherent and integrated approaches for the digital age.

Since January, the IAPP has been researching the extent to which organizations currently or intend to structure their resources and decision-making to respond to "digital entropy," aligning oversight of privacy, AI governance, cybersecurity law and other areas of digital responsibility. One thing is clear: Designing and implementing effective structural responses to the complexity of digital regulation and risk is a top strategic priority for organizations.

The IAPP interviewed senior leaders at some of the world's most technologically enabled organizations to understand the extent to which digital governance has been defined; the domains in scope; the responsibilities and reporting lines of those domains; and the structures, process and people supporting the transition to a more effective digital governance model. The report also includes data from more than 670 respondents to the IAPP's annual governance survey.

“This report comes at a crucial juncture for professionals tasked with digital responsibility,” said IAPP President and CEO J. Trevor Hughes. “There is massive disorder and a lack of structure in both the private and public responses to the litany of emerging digital risks and requirements. Organizations have recognized the growing gaps in governance and now must prioritize appointing leadership to steer their response.”

“Many organizations are struggling with whether and how to define and cohere digital governance, and to bring order to digital entropy,” said IAPP Research and Insights Director Joe Jones. “This report captures some of the emerging trends and responses that will shape how organizations build and scale their governance of digital technologies.”

Key takeaways from the report include:

  • Proliferating digital governance regulation is creating a complex matrix of compliance obligations and risks for organizations, which, in turn, is accelerating organizational responses.
  • Companies have begun to vest C-suite leadership with responsibility and accountability for broad digital governance domains.
  • Existing C-suite leaders of specific domains are seeing their personal remits expanded and elevated. For example, 69% of chief privacy officers surveyed have acquired additional responsibility for AI governance. Of those surveyed, 69% are now responsible for data governance and data ethics, 37% for cybersecurity regulatory compliance and 20% for platform liability. Over 80% of privacy teams now have responsibilities that extend beyond privacy.
  • Illustrative depictions of existing and future-state organizational structures for digital governance are provided, ranging from analog models to augmented models to more aligned models.

The full report can be found at: https://iapp.org/resources/article/organizational-digital-governance-report/

About the IAPP
The IAPP is the largest and most comprehensive global information privacy and AI governance community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally. More information about the IAPP is available at iapp.org.