The full version of this report, available only to IAPP members, can be accessed here.
Despite challenging economic conditions, 33% of organizations saw their privacy teams grow in the past year.
This investment reflects how the role of the privacy professional and privacy team has expanded and integrated into every facet of both day-to-day organizational operations and top-level strategic planning. Gone are the days when privacy was an insular workflow. Today, the privacy function is a beating heart for organizations, especially as they become more data-driven in the information economy. Of surveyed privacy professionals, 86% reported regularly working with three or more teams within their organization. Decisions are being made at the top, with over 50% of those surveyed noting their reporting line goes directly to their company's C-suite and 78% responding that the most senior privacy leader is in the five highest levels of their organizations.
Information on privacy and privacy regulations is readily available, with just over 96% of respondents identifying that they are confident in their ability to stay informed about new privacy laws and policy initiatives. There is no question of privacy's importance, nor a lack of information for those looking to deepen their own understanding of the field.
You are reading the Executive Summary of the IAPP-EY Privacy Governance Report 2023. The full report, available only to IAPP members, can be accessed here. The IAPP additionally published a separate report focused on organizational AI governance.
However, despite widespread recognition that adhering to global privacy regulations and standards is critical for success, fiscal headwinds and budgetary constraints threaten organizations' confidence in the efficacy of their privacy governance. Of respondents, 63% agreed the limited availability of resources within their organization impacts its ability to deliver on privacy goals. The limitations were clearly outlined within survey responses, with 63% identifying that no recruitment is currently being undertaken and 67% indicating their budget is less than sufficient. To that end, only two out of 10 of those surveyed reported they were totally confident in their organization's privacy law compliance. The paradigm of doing more with less is a clarion call for more investment and smarter ways of working. Investment in training and technology — like emerging privacy enhancing technologies, which 70% of organizations have yet to implement — will grow with importance.
Privacy team changes in 2023
All of this is against a backdrop where getting privacy right or wrong has never been so consequential. An organization's ability to adapt and thrive is increasingly linked to the extent to which privacy is connected to their larger strategic plan. Consumers, increasingly aware of their rights to privacy, may choose to seek alternative products and services in the absence of appropriate protections. For those unable to keep pace and comply with proliferating and maturing privacy laws, we've seen multibillion dollar fines, consumer distrust, business-model fracturing and market shutouts.
The path forward is clear — it is increasingly essential for privacy governance to be elevated to, integrated with, and even become the governance of everything. We demonstrate not only why this is important to organizations, but what steps they are taking now and looking to take in the future to make a success out of privacy governance. To compliment the report, the IAPP published an at-a-glance infographic that presents key data points, which can be accessed here.
What's in the full report?
The full report, which is only available to IAPP members, contains extensive sections covering the below topics:
- Privacy strategy
- Reporting lines
- Activities of the function
- The year of the DPO
- Emerging risk management
- Technology-enabled compliance
- Gathering metrics