Site icon IT World Canada

Data Privacy Day: Privacy pros worry about inadequate budgets

Image from GettyImages.ca

Organizations are taking data privacy more seriously, but a new survey suggests many systems audit professionals feel they still don’t have enough money to accomplish their goals.

The survey by ISACA of 1,873 professionals who work in data privacy or have knowledge of their organizations’ data privacy functions showed 49 per cent of respondents felt they have inadequate privacy budgets. Thirty-five per cent of respondents said their privacy budgets are adequate.

It was one of a number of privacy-related surveys released this week by vendors for ahead of annual International Data Privacy Day, observed Jan. 28.

Cisco Systems said its annual Data Privacy Benchmark Study showed “strong evidence that privacy has become an even more important priority during the pandemic. Privacy budgets have increased over the last year, organizations have more resources focused on privacy, and privacy investments going above and beyond the law are translating into real business value.”

Privacy isn’t an “afterthought,” the report says. “It is core to how we work and interact with each other. The Age of Privacy has arrived.”

In the ISACA survey, circulated in the third quarter of 2020, respondents were also asked to list the causes of common privacy failures they’ve seen. Sixty-four per cent of respondents pointed a finger at lack of or poor training; 53 per cent of respondents said a failure to perform a risk analysis; and 50 per cent said bad or nonexistent detection of personal information.

Survey respondents noted that the most helpful methods in overcoming these obstacles are using a privacy principles framework, experience-based credentials and privacy training.

The Cisco report came from its annual Cybersecurity Benchmark Survey. Privacy-specific questions went to more than 4,400 respondents around the world who said they are familiar with the privacy processes at their organizations.

Among the highlights of the Cisco study,

Of the 200 Canadian respondents, he added 77 per cent said privacy regulations had a positive impact on their organizations.

More advice

Asked what organizations should do to improve their privacy maturity Waitman listed three things:

Dave Lewis, Cisco’s global advisory CISO, added this advice:

Iman Ahmad, the co-chair of the data protection, privacy and cybersecurity practice at the Norton Rose Fulbright Canada law firm, noted that the regulatory environment in Canada may toughen shortly.

“Ever since the European Union’s General Data Protection Regulation (GDPR) came into force, increasingly prescriptive privacy and data protection laws are being adopted around the work. Canada is no exception with the proposed laws in Quebec and the proposed new federal Bill-C11. If passed, the cost of non-compliance will increase materially. We are seeing and anticipate organizations investing significantly in privacy compliance programs in the coming 12 -24 months.”

The advice doesn’t stop

“Data protection is definitely something that is now firmly on more radars than not,” said Kris Klein, managing director of the Canadian division of the International Association of Privacy Professionals (IAPP) and a member of the Ottawa privacy law firm nNovation. “It’s become mainstream to talk about privacy and security. A day doesn’t go by without at least one major data breach being reported in the news. All this to say, organizations still make mistakes and some do not prioritize having a privacy management program in place, a component of which is to properly safeguard data. One common mistake we see when dealing with data breaches is that vendors who are entrusted to process personal information are not being properly vetted, and the contracts between controllers and processors don’t have the necessary safeguards. So, vendor screening is a big issue that organizations need to do better at.

“Another common mistake is that organizations do not spend enough time and energy training their staff on what is the right thing to do with data. Ethical issues are abundant but people are often left to their own devices in trying to figure out what is right and what is wrong. More training on these issues is needed.”

“Data Privacy Day is an ideal time to build awareness and start an open dialogue about how individuals’ data is being leveraged by companies,” said Jasen Meece, CEO of Cloudentity. “It’s important to put the power of data back into consumers’ hands so they can decide how their data is being used and shared.”

Rene McIver, chief privacy officer of Toronto-based SecureKey Technologies, said Data Privacy Day helps promote data protection and sharing between consumers and organizations, who both play a critical role in moving awareness of this topic forward. “This helps bridge the gap for safer digital practices in Canada and around the world, which has never been more critical in today’s ever-evolving digital landscape. Digital transformation globally over the past year has been exponential, which gives data privacy a whole new level of importance in 2021. This has increased the initiative’s progress by shedding a spotlight on why it’s important to reflect on the digital progress in Canada and abroad, while continuing to advocate for further actions to close the remaining gaps that are often the source of online vulnerabilities.

“Data Privacy Day is an opportunity for organizations to manage reputation, enhance growth and cultivate trust with consumers by being transparent about how they collect, store and use data.”

Start with basic hygiene

Ian Pitt, CIO of LogMeIn, offered these tips to managers:

Exit mobile version