Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.



Resource Center / Reports and Surveys / Privacy Risk Study 2023

Privacy Risk Study 2023

This report, published by the IAPP and KPMG, presents a comprehensive study of privacy risk.

Published: June 2023

Contributors:

Brandon LaLonde
Saz Kanthasamy
Sylvia Klasovec Kingsmill

View Report (Members-Only)View Infographic

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.

Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics.

"Privacy by design and by default continues to be important beyond compliance, with regulatory requirements offering organizations the opportunity to reduce risk and effectively manage privacy harms impacting individuals in their absence."

To compliment the report, the IAPP published an at-a-glance infographic that presents key data points, which can be accessed here.

This year, instead of just relying on public disclosures, we asked senior privacy leaders to explain their risk management practices. We also highlighted the results of interviews held with senior privacy leaders through workshops and interviews.

Ongoing regulatory change around the globe, new technologies (including artificial intelligence), and uncertainty from an inability to predict the future amplify privacy risks for organizations.

This study explores some of the most significant privacy challenges faced by organizations and what those organizations do to manage enterprise privacy risks. We believe this study can aid in developing a roadmap for managing and mitigating many of the privacy risks identified.

Key takeaways

The five highest priority privacy risk domains identified by participants were data breaches, noncompliant third-party data processing, ineffective privacy by design implementation, inappropriate personal data management and insufficient privacy training for employees.

21%

The most common and most emerging privacy risk identified by participants was difficulty maintaining compliance across various regulatory regimes with differing and/or evolving requirements.

30%

Almost 30% of organizations use spreadsheet technology to help manage their privacy risk efforts.

50%

Only 50% of organizations have an established privacy risk appetite.

64%

64% of organizations have a privacy risk management program that is fully integrated into their overall enterprise risk management program.

83%

83% of organizations place some kind of privacy risk information in their annual report.

93%

Almost 93% of organizations indicated privacy is a top-10 organizational risk, and 36% ranked it within the top five.

Additional top-ranked emerging risks included balancing data localization requirements with EU business needs, unintended consequences due to immaturity in managing the privacy risks that occur through the use of AI and privacy risks resulting from efforts to monetize data.

Regulation/compliance, data management and governance were the top three most common risk domains identified by participants.

View Report (Members-Only)

Tags: Data Loss, Infosecurity, Privacy Business, Privacy Operations Management, Privacy Research, Security Operations Management, Westin Research Center

Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 2

Submit for CPEs

Related Stories
Privacy Technology
Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy technology and privacy by design....
The Industry of Privacy
This page offers research on the industry of privacy from the IAPP and others to help you take stock, compare your practices to those of others, justify the need for privacy professionals within your organization and obtain budget benchmarks....
Incident and Breach Management
On this topic page, you'll find news, resources, tools and insights covering cyber incidents and data breaches, with guidance on how best to respond as an organization or individual in the occurrence of being impacted by a breach....
Privacy Program Operations
This topic page contains a curation of the IAPP's guidance, coverage, analysis and relevant resources covering how to build a privacy program from the ground up....