Scribd Logo
Upload

Welcome to Scribd!

  • How IT and Info Sec Value Privacy? Infographic From TRUSTe & IAPP

    Uploaded by

    TrustArc
    28 views1 page
    Infographic on Privacy vs. security - based on the survey from TRUSTe and IAPP on how privacy and information security teams work inside an organization in order to minimize data breaches which has also led to increased privacy spends. Visit http://www.truste.com/blog/2016/03/01/new-iapptruste-study-privacy-brings-security-results/ to view the complete survey results.

    Original Title

    How IT and Info Sec value privacy? Infographic from TRUSTe & IAPP

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Infographic on Privacy vs. security - based on the survey from TRUSTe and IAPP on how privacy and information security teams work inside an organization in order to minimize data breaches which has also led to increased privacy spends. Visit http://www.truste.com/blog/2016/03/01/new-iapptruste-study-privacy-brings-security-results/ to view the complete survey results.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views1 page

    How IT and Info Sec Value Privacy? Infographic From TRUSTe & IAPP

    Uploaded by

    TrustArc
    Infographic on Privacy vs. security - based on the survey from TRUSTe and IAPP on how privacy and information security teams work inside an organization in order to minimize data breaches which has also led to increased privacy spends. Visit http://www.truste.com/blog/2016/03/01/new-iapptruste-study-privacy-brings-security-results/ to view the complete survey results.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    How IT and

    Infosec
    Value Privacy
    Privacy and information security policy overlap and are
    also separate, as in a Venn diagram or like links in a chain.

    What about in operations, though?


    How do privacy and info security teams inside
    organizations actually work together?
    How do their priorities and efforts align?

    These are the questions the IAPP and TRUSTe set out to
    explore in a recent survey of 550 privacy, IT, and
    information security professionals.

    One thing they agree on?


    Communication between the privacy and security
    departments, alongside a strong data breach response
    team, is most important for mitigating the risk of
    a data breach:

    Highest overall perceived importance


    (as ranked by those selecting 4 or 5):
    25

    30

    40

    50

    60

    70

    80

    90

    Communications between privacy and security depts

    87

    Data breach response teams

    100

    92

    85
    84

    Corporate training and education on privacy

    78

    Role of privacy pro on the incident response team

    Maturity of privacy program

    89

    75

    88

    72

    84

    Relationships with regulators


    53
    53
    Privacy working group

    50

    64

    Budget of privacy team


    46

    61

    Privacy certification, individuals


    46
    50
    Privacy certification, organizational
    35
    30
    Outside privacy counsel
    35
    37

    IT / INFOSECURITY

    Size of privacy team


    34
    46

    PRIVACY

    As they seek to get a better handle on their data and the


    extent of corporate risk, they value core privacy functions
    such as data minimization and data mapping:

    Highest overall perceived importance


    (as ranked by those selecting 4 or 5):
    30
    40
    50
    Data minimization

    60

    70

    80
    75

    Data inventory/mapping

    90

    100

    80

    74
    75

    Privacy policies

    70

    Privacy impact assessments

    69

    Vendor management programs

    77
    72

    65

    77
    Spend on information security-related technology
    64
    77
    DATA retention policies
    64
    69

    Employee monitoring

    52

    56
    Spend on privacy-related technology
    48
    61

    IT / INFOSECURITY

    Website tracker scanning


    33
    48

    PRIVACY

    In fact, more than half of infosecurity teams now have


    privacy representation, and nearly half of privacy teams
    have infosecurity professionals involved. And you can
    see privacy beginning to make its way deep into the
    organization, just as IT and infosecurity have done
    in the past.
    Department

    Disciplines representation

    PRIVACY INFOSEC

    NO

    IT

    Information Technology

    42%

    76%

    Information Security

    52%

    71%

    Legal

    95%

    43%

    26%

    46%

    33%

    Reg Compliance / Ethics

    92%

    51%

    57%

    Human Resources

    82%

    40%

    34%

    Physical Security

    42%

    73%

    53%

    Records Management

    71%

    49%

    41%

    Finance / Accounting

    52%

    54%

    50%

    Procurement

    44%

    55%

    57%

    Marketing/ PR

    67%

    37%

    47%

    Government Affairs

    78%

    29%

    31%

    Privacy

    Further, while high-profile breaches clearly have companies


    increasing their infosecurity budgets, so too are they
    increasing privacy spend, and focusing that spend as much
    on privacy technology as personnel.

    Those who reported increases:


    Spend on infosecurity-related technology:

    %
    66

    Overall infosecurity budget:

    61

    Employee privacy training:

    53

    Privacy employees on the infosecurity team:

    50

    Number of employees with privacy duties:

    49

    Spend on privacy-related technology:

    42

    Use of data inventory and classification:

    42

    Use of privacy impact assessments:

    41

    Use of data retention policies:

    40

    Overall privacy budget:

    39

    Spend on external privacy counsel:

    34

    Spend on external privacy audit:

    26

    However, when we look at what motivates behavior


    directly, it isnt so much security incidents as contact
    from regulators that grabs the attention of companies:

    Have you experienced a significant security


    incident in the past two years?

    Yes: 39%

    No: 53%

    Dont Know: 8%

    Have you been notified of a regulators


    investigation in the past two years?

    Yes: 14.5%

    No: 75.5%

    Dont Know: 10%

    75%

    67%

    Privacy working group

    60%

    68%

    Budget of privacy team

    58%

    70%

    Spend on privacy-related technology

    57%

    49%

    Relationships with regulators

    53%

    64%

    Privacy certification, individuals

    49%

    52%

    Size of privacy team

    43%

    55%

    Privacy certification, organization

    31%

    30%

    >

    Data inventory/mapping

    -6%
    -8%

    >

    62%

    +8%
    +12%
    -8%

    >

    68%

    +11%

    >

    Data retention policies

    -9%

    +3%

    >

    70%

    +12%

    >

    79%

    >

    Data minimization

    +7%

    >

    88%

    >

    81%

    >

    Maturity of privacy program

    >

    How attitudes in importance for mitigating breach risk


    change following interaction with a regulator (percent of

    -1%

    Simply experiencing a security incident changed behavior


    almost not at all. Clearly, when the regulators are
    watching, companies prioritize their privacy operations.
    Which can only serve to help the infosecurity department.
    As long as they communicate.

    You might also like