The document is a survey that examines data privacy practices in businesses. It presents 10 questions for the reader to answer about their organization's data privacy policies and protections. It then reveals the expert answers to the same 10 questions from a survey of 99% of businesses that handle sensitive data. The expert answers provide insights into common challenges around data privacy compliance, use of security controls, concerns about privacy in the cloud, and which departments are most likely to ignore privacy policies.
2. 2
A recent survey examined the state of data
privacy in businesses. Results showed a
critical disconnect between companies’ data
privacy policies and protection of sensitive
data.
We’ve selected 10 questions from the survey
for you to answer. Keep track of your
responses, then see how your organization
compares to those in the study.
3. 3
Regulated customer
data (credit cards,
health records, etc.)
Password or
authentication
credentials
Personal employee
info (SSNs, phone
numbers, etc.)
Intellectual
property
Accounting and
financial
Unregulated customer
data (emails, order
history, etc.)
Payroll Planning and
strategy documents
We do not
have sensitive
business data
What type of data is the most sensitive to your business?
(Select up to 3)
4. 4
Does your IT organization
conduct regular SECURITY
audits to ensure compliance
with data security standards?
❏ Yes
❏ No
Does your IT organization
conduct regular PRIVACY
audits to ensure compliance
with data privacy standards?
❏ Yes
❏ No
5. 5
How does your IT organization focus efforts to protect
data between external threats (hackers) and internal
threats (like careless employees)?
❏ More effort on internal threats
❏ More effort on external threats
❏ Same effort on both internal and external threats
6. 6
Sales Marketing Owner/Partner Operations IT
Accounting Manufacturing Engineering Legal
Which departments are MOST likely to ignore
corporate data privacy policies? (Select up to 3)
8. 8
Insufficient employee
awareness &
understanding of data
privacy policies
Lack budget to
purchase & implement
technology solutions
No process in place
to train or audit
employee behavior
Lack of executive
visibility or priority
into the problem
IT team doesn’t have
knowledge of laws
and requirements
Lack of data privacy
policies
Other We have no
challenges
Which of these challenges ensuring privacy of sensitive data
does your IT team face? (Select all that apply)
9. 9
Access
Control
Log all data access Multi-factor
authentication
Encrypt data on
laptops
Encrypt data on
tablets and
smartphones
No technological
controls for data
privacy
What technological controls
does your organization
have in place to limit or
audit access to sensitive
data by authorized or
unauthorized parties?
(Select all that apply)
10. 10
Which of these regional
data privacy challenges
does your business face?
(Select all that apply) Emerging rules and
regulations difficult to
track and implement
Requirements are
ambiguous, making it
difficult to determine
the correct course of
action
Technology vendors
not offering solutions
or guidance in
addressing regulations
Legal or compliance
team does not
communicate
requirements to IT
IT team lacks
compliance knowledge
to understand
requirements
Does not apply; we do
not have operations in
multiple countries.
11. 11
How concerned are you about the privacy of sensitive
business data in the cloud?
Very concerned
Concerned
Not concerned
Does not apply; my company does not put any data in the cloud
12. 12
In your opinion, which environment has
better data privacy controls?
Cloud On-premise
13. Now that you’ve taken the quiz, see how the experts
answered the same questions.
14. 14
1. Of the 99% of businesses which say they have sensitive data to
manage, 52% identified the most common types as credit cards
and health records. 46% selected password or other authentication
credentials, and 41% selected personal employee information such
as social security numbers.
2. While almost half of organizations (47%) conduct regular privacy
audits, more (68%) conduct regular security audits.
3. 28% of companies focus efforts on protecting against internal
threats, like careless employees, that impact data privacy. 72% put
most of their efforts into protecting from external threats, like
hackers, that impact data security.
4. 48% of companies report that sales is the most likely to ignore data
privacy policies, followed by marketing (35%), owners or partners
(31%), and legal (6%).
5. Individual contributors and front-line professionals are the most
likely to ignore data privacy policies (39%), closely followed by
executives (33%).
6. 93% of IT organizations face challenges ranging from insufficient
employee awareness (56%) and lack of budget to purchase
technology solutions (45%), to lack of process to audit behavior
(36%) and lack of executive visibility and priority (34%).
7. 63% of companies use some kind of technology approach to
ensure data privacy. The most common are basic access control
(58%) and logging data access (41%). 21% encrypt data on mobile
devices and 36% encrypt data on laptops.
8. For global companies, 41% report facing difficulties tracking
emerging rules, 29% are challenged by ambiguity of requirements,
29% blame technology vendors for not offering solutions or
guidance to address regulations, and 17% say their IT teams lack
the ability to understand the requirements.
9. 87% of IT organizations are concerned about the privacy of cloud
data, including 32% who describe themselves as “very concerned”.
10. 65% of IT professionals still believe that their on-premises
environments have better privacy controls than the cloud, even
though the reputation of SaaS and public clouds has improved
dramatically in recent years.
SURVEY RESULTS
15. To learn more, download our research report:
The State of Data Privacy 2015