Privacy is a thriving industry in rapid growth. Still nascent a decade ago, it now employs thousands of professionals with diverse backgrounds active across the gamut of organizational structures, from tech start ups through regulated banks and health care providers to government agencies, in the United States, Europe and around the globe. Yet there is still relatively little data about how the work of privacy is done.
To that end, the International Association of Privacy Professionals and EY endeavored to survey a broad spectrum of organizations across the globe to document the stage of privacy governance. We found that privacy professionals earn well, are trained in law, business and technology, influence a broad swath of departments across their organizations and are increasingly part of strategic management teams. At the same time, privacy programs clamor for additional resources and seek more sophisticated and efficient technological tools to monitor, manage and protect data flows in their organizations.
The data, via nearly 800 completed surveys, reveal several important trends:
- Privacy professionals take part in a rapidly growing industry. They expect their staff and budgets to grow over the next year, and report a growth in their influence within their organizations. Increasingly, the leading privacy role, typically a Chief Privacy Officer is equivalent in seniority to the longer established Chief Information Security Officer.
- Unregulated industries, such as online, software and retail, report a greater investment in privacy programs as well as a more strategic focus on risk mitigation, brand management and consumer expectations. In addition, unregulated businesses are more focused than average on global expansion and positioning privacy as a competitive differentiator.
- Regulated industries, such as banking and healthcare, place greater focus on compliance and accountability processes, including internal audits, privacy impact assessments and vendor management programs. In addition, regulated industries report a greater tendency to create privacy working groups, comprising senior officers from across the organization.
- Government programs report low budgets and staff shortages and a focus on compliance and prevention of data loss. Government privacy officers regularly deploy privacy impact assessments and interact with records management departments.
- There is a close correlation between the maturity of privacy programs and company size. The privacy programs in large companies are far better staffed (24 professionals on average) and resourced ($1 million on average) than those in small and medium size enterprises (two and $75,000 respectively).