Survey of Fortune 1000 Chief Privacy Officers Predicts Increased Investment, Focus and Hiring in Corporate Privacy Programs

First-of-Its-Kind Study Finds Privacy Nascent but Evolving At Large Companies as Regulatory and Consumer Demands Increase

 New York, NY November 5, 2014 – Today the International Association of Privacy Professionals (IAPP), the world’s largest association of privacy professionals, released the industry’s first comprehensive survey of corporate privacy programs at Fortune 1000 companies. The survey, Benchmarking Privacy Management and Investments of the Fortune 1000 found while corporate investment in privacy is likely to increase, many privacy leaders feel their programs are relatively nascent and want greater influence over corporate decision making.

Driven by exponential growth in cloud, mobility and big data analysis in the digital age, privacy has become an important issue that companies must address as a core part of doing business. When faced with increasing levels of regulatory scrutiny on corporate privacy practices and growing consumer concern for protecting their personal information, companies find themselves grappling with managing a complex set of privacy requirements and expectations. Just as companies evolve their business to take advantage of new technology trends, they are challenged with reconciling the privacy concerns that come with them.

“Understanding how several of the world’s largest companies are managing their privacy programs can help professionals across the board more effectively develop programs and advocate for the budget, tools and organizational influence they need to be successful," said J. Trevor Hughes, CIPP, president and CEO of the IAPP. "The study showed that managing privacy in the ever-changing technological landscape with seemingly endless layers of regulation to comply with, cultural sentiments to accommodate and consumer expectations to satisfy requires strong privacy programs and leadership.”

Key Findings

The first-of-its-kind study surveyed Chief Privacy Officers at Fortune 100 companies about the structure of their privacy programs, current spending and their levels of influence across the organization. An overview of key findings from the survey are as follows:

Privacy Budgets in the Millions; Likely to Increase

  • Surveyed organizations had an annual privacy budget of $2.4 million, which equates to an average of $204 per $1 million in revenue. Privacy falls far short of the average security budget of $4.1 million in 2014 according to PwC’s Global State of Information Security Survey.
  • Thirty-eight percent of respondents said they would likely increase their privacy budget an average of 34 percent with only 10 percent likely to experience budget contraction.
  • Based on current spending levels and projected spending from respondents, privacy spending for the Fortune 1000 is expected to approach $3 billion in 2015.
  • This projected increase in budget could be due in part to many programs being relatively nascent with only 26 percent of companies characterizing their programs as mature.

Privacy Is a Growing and Lucrative Profession at Fortune 1000

  • Privacy is a relatively lucrative profession with more than half of employees making more than $200,000 in base salary. Further, the profession is nearly equally split between women (48 percent) and men (52 percent), a ratio more rare in comparably technical fields.
  • Many of the Fortune 1000 are looking to increase the number of employees focused on privacy issues. One third (33 percent) of organizations plan to increase either fully dedicated privacy headcount or create positions with privacy as part of its responsibility in the next year.
  • Extrapolating the average headcounts to the full Fortune 1000, then multiplying by the expected average increases, this translates to a projected increase of 950 full-time privacy professionals with another 2,200 professionals with privacy listed as part of their responsibilities over the next year.
  • Steep growth in the IAPP’s membership numbers – from 10,000 members in 2012 to a projected 20,000 at the end of 2014 – further shows this trend extends even outside the Fortune 1000.

Increased CPO Influence and Integration with IT and Security

  • There is a clear trend of privacy responsibilities being increasingly linked to security at companies.
  • CPOs surveyed recognized the importance of integrating privacy with security. Ninety-three percent of respondents indicated having a close working relationship with information security colleagues and 79 percent report working with the broader IT organization.
  • This close working relationship translates to significant influence over security and IT decision-making. A majority of respondents report satisfaction with their influence over IT (64 percent) and information security (61 percent) operations.

An executive summary of ‘Benchmarking Privacy Management and Investments of the Fortune 1000’, is available on IAPP’s website.

The IAPP Privacy Perspective blog also includes additional reactions and opinions from:

Omer Tene, vice president, Research and Education, IAPP

Hilary Wandall, CIPP/US, CIPP/E, CIPM, chief privacy officer, MERCK & Co

Nuala O’Connor, CIPP/US, CIPP/G, president and CEO, Center for Democracy and Technology

 

About the IAPP

The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data. Founded in 2000, the IAPP is a not-for-profit association that helps define, support and improve the privacy profession globally. More information about the IAPP is available at iapp.org.

 

###

 

For more information, press only:

Leah Motz
Edelman on behalf of International Association of Privacy Professionals
1.206.664.7843
Leah.Motz@edelman.com