IAPP Releases IAPP-EY Privacy Governance Report 2023

Despite fraught economic conditions, 33% of organizations saw their privacy teams grow in the past year

PORTSMOUTH, N.H. – 9 November 2023 – Today, The International Association of Privacy Professionals (IAPP), the largest and most comprehensive global information privacy community and resource, released the IAPP-EY Privacy Governance Report 2023. The 7th edition of the flagship IAPP-EY report explores privacy’s ever-increasing role in the daily operations of organizations across all sectors.

“It is clearer than ever that privacy is an essential organizational and strategic function that spans across teams, responsibilities, and stakeholder interactions,” IAPP Research and Insights Director Joe Jones said. “This year’s Privacy Governance Report explores not only the critical role of the privacy professional but also what organizations are doing to get ahead in today’s and tomorrow’s dynamic data-driven world.”

“The comprehensive report explores how privacy functions do more work with less and the emergence and prevalence of privacy-enhancing technologies,” said Angela Saverice-Rohan, EY Americas Privacy Leader. “We expect these technologies, as well as how organizations are approaching the governance of AI, will grow in importance for the privacy engineering community. This report also shines a light on the increasingly important role of the data protection officer, as well as themes around privacy strategy, resourcing and budget. I encourage everyone who reads this report to reflect on your own role in governing privacy within your respective organization.”

Key takeaways from the report include:

1. Despite fraught economic conditions, 33% of organizations saw their privacy teams grow in the past year. Only 14% saw a decrease in their number of privacy staff.
2. Not only are privacy teams taking on more work, with 86% of organizations indicating that they perform at least 10 activities listed in the survey, but they are more multi- and inter-disciplinary than ever before. 86% of privacy professionals reported that they regularly work with three or more teams within their organization. Privacy by design is the top strategic privacy priority for organizations in 2023, reflecting the importance of integrating privacy from the get-go.
3. Only two in 10 organizations identified they were totally confident in their organization's ability to comply with various privacy regulatory requirements, with confidence impacted by the availability and sufficiency of privacy resources, the frequency with which enterprise privacy compliance risk assessments are undertaken, and whether or not an organization has a data protection officer, among other factors. For example, of organizations with a DPO, 70% are at least somewhat confident in their organization’s privacy compliance, compared to only 30% of those without a DPO.
4. 63% of respondents agree that the limited availability of resources within their organization impacts their organization’s ability to deliver on its privacy objectives.
5. With proliferating new and updated global privacy laws, a one-size fits all approach to privacy compliance is being replaced by six in 10 respondents leveraging a global approach that either implements heightened or reduced regulatory requirements, depending on the applicable law.

For research specific to AI governance, the IAPP will release a separate report in early December.

The full report will be available here. To learn more about the IAPP, visit iapp.org.

About the IAPP
The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally. More information about the IAPP is available at iapp.org.