A new study of privacy professionals shows the importance of collaboration and the need to measure success more effectively. The results of "Benchmarking Privacy" show that after unprecedented growth in the privacy profession, the global macroeconomic conditions have affected the industry -- most privacy leaders reported that they anticipated no change in head count this year.
More privacy resources
The study is the result of a global survey of 166 privacy professional conducted by the International Association of Privacy Professionals (IAPP) and the Ponemon Institute. When privacy leaders were asked about the importance of collabo¬ration or cooperation with other functions, they said the success of their efforts rests on colleagues in other departments. Respondents said collaboration with information security (100%), corporate IT (98%), legal (98%), regulatory compliance (93%), and human resources (83%) was either "very important or important to the success of the organization's privacy mission."
Key findings from the survey
Key finding No. 1: "Budgets vary disproportionately according to the size of the organization. More than 70% of companies with over $10 billion in revenue reported privacy budgets between $500,000 and $2.5 million."
Key finding No. 2: "The scope and function of privacy initiatives change as the program matures. Immature privacy programs tend to have a narrow focus on a particular law, issue or data type. As the program matures, its focus broadens to other related domains, including the strategic use of information assets."
Key finding No. 3: "Privacy professionals recognize the need for collaboration across the enterprise in order to achieve privacy and data protection objectives."
Key finding No. 4: "A majority of organizations attempt to measure their privacy program's success or failure in meeting objectives."
Key finding No. 5: "A majority of participating privacy offices have someone on the staff with a CIPP, CIPP/G or CIPP/C designation."
Source: "Benchmarking Privacy," International Association of Privacy Professionals and the Ponemon Institute, September 2009
"The most common tool used by our respondents is privacy liaisons," said J. Trevor Hughes, executive director of the IAPP. "A liason in this context is someone who has responsibility for privacy in their job description but does not have a direction relationship to the top privacy professional." Privacy liaisons often provide training and support for specific business purposes.
According to the results in the privacy survey, 55% of respondents said their organizations had "measures in place to evaluate the privacy program's performance (success or failure) in meeting its mission or objectives." The two techniques used most often by privacy professionals are self-assessments and audits. "These tools that people use to measure are standard," said Hughes. "Auditing is high on the list and gives people a clear picture of what's happening. More formal assessments and benchmarking against other companies are also being used.
Ninety percent of respondents use training and employee awareness to measure organizational compliance with policies; 74% use reductions in the incidence of data breaches.