Firms continue to struggle with rising data privacy concerns: Report
Companies globally are increasingly concerned about data privacy due to new regulations like India's Personal Data Protection Bill and Brazil's General Data Protection Law. However, a new report by cybersecurity body ISACA published on Tuesday shows that many organizations struggle to understand their privacy obligations and comply with these new laws, alongside allocating sufficient budget, and bridging skills gaps.
The latest ISACA Privacy in Practice 2024 survey report shows, only 34% of organizations find it easy to understand their privacy obligations. This lack of clarity can lead to non-compliance and increase the risk of data breaches. Additionally, only 43% of organizations have complete confidence in their privacy team's ability to ensure data privacy and comply with new privacy laws.
Budget constraints also pose a significant barrier to compliance. The survey reveals that nearly half of the respondents (43%) believe their privacy budget is underfunded. Only 36% feel that their budget is appropriately funded. Looking ahead, 51% of organizations expect a decrease in their privacy budget, while only 24% anticipate an increase.
The combination of budget constraints and the ever-changing nature of data privacy regulations further makes it difficult for organizations to allocate resources effectively and keep up with evolving requirements.
Another challenge organizations face is the lack of competent resources in their privacy teams. The survey shows that 53% of organizations consider their technical privacy teams to be understaffed. Additionally, there are skills gaps among privacy professionals, particularly in areas such as technology experience (63%), technical expertise (50%), and IT operations knowledge (42%).
To be sure, a Pew Research Center survey indicated that 67% of consumers said that they understand little to nothing about what brands are doing with their personal data. Concerns about data privacy aren't limited to what private businesses are doing with it — 71% are also worried about the government's use of their data.
The ISACA report further suggests that organizations can improve their privacy programs by investing in training, implementing privacy by design, and adopting effective assessment approaches to align with consumer data, transparency, privacy concerns, and compliance.