Privacy Risk Study 2023

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.

Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics.

To compliment the report, the IAPP published an at-a-glance infographic that presents key data points, which can be accessed here.

This year, instead of just relying on public disclosures, we asked senior privacy leaders to explain their risk management practices. We also highlighted the results of interviews held with senior privacy leaders through workshops and interviews.

Ongoing regulatory change around the globe, new technologies (including artificial intelligence), and uncertainty from an inability to predict the future amplify privacy risks for organizations.

This study explores some of the most significant privacy challenges faced by organizations and what those organizations do to manage enterprise privacy risks. We believe this study can aid in developing a roadmap for managing and mitigating many of the privacy risks identified.

Key Takeaways

The five highest priority privacy risk domains identified by participants were data breaches, noncompliant third-party data processing, ineffective privacy by design implementation, inappropriate personal data management and insufficient privacy training for employees.

Additional top-ranked emerging risks included balancing data localization requirements with EU business needs, unintended consequences due to immaturity in managing the privacy risks that occur through the use of AI and privacy risks resulting from efforts to monetize data.

Regulation/compliance, data management and governance were the top three most common risk domains identified by participants.