This year’s “Privacy Governance Report” is the product of a partnership between the IAPP and FTI Consulting, our new sponsor for this year’s annual study that benchmarks the privacy profession. Now in its sixth year, this report takes a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe. It provides key metrics on ongoing compliance with core pieces of privacy legislation, including the EU General Data Protection Regulation and California Consumer Privacy Act, and the effects of recent legal rulings and guidance from data protection authorities on processing operations. It also explores how privacy professionals delineate tasks, hold processors and vendors accountable, measure performance, and communicate privacy issues and data protection risks to both internal and external stakeholders.
What makes this year’s report different from those of previous years, however, is undoubtedly the effects felt from the COVID-19 pandemic. The global spread of the virus, lockdowns, public safety measures, like handwashing, social distancing, face masks, testing, contact tracing, working from home en masse and the race to develop a safe and effective vaccine are a few of the defining issues of the year. Just 12 months ago, however, few of these challenges could have been anticipated. Without question, COVID-19 has brought about a sea change in the way we live, work, socialize, travel and care for ourselves. Moreover, privacy professionals, in particular, have been preoccupied throughout the year with untangling the nexus between the COVID-19 pandemic and the data protection and privacy risks that have arisen in its wake.
Thus, this year’s “Privacy Governance Report” includes data on the impact of COVID-19 on privacy programs and the privacy profession, in general. It provides answers to critical questions, such as: How has COVID-19 affected perceptions about the importance of privacy within organizations? How are organizations handling the sensitive health data being collected from employees and others to respond to the pandemic? And how have the responsibilities of privacy professional changed in the COVID-19 era, especially given the ubiquity of remote work?