|View printer-friendly version|
Privacy Governance Report from IAPP and FTI Consulting Finds Nearly Half of Organizations Have Increased Data Privacy Budgets and Priority
Throughout most of 2020, privacy professionals were focused on wrestling with the complicated links between working during a global pandemic and the data protection and privacy risks that have emerged as a result. In parallel, legislative activity on the data privacy front was accelerated among state and federal authorities around the world, creating a confluence of challenges and concerns for privacy professionals to prioritize.
“Privacy will continue to be a big focus for businesses in 2021,” said
Pandemic Concerns Dominate
More than 40% of survey respondents said privacy has become more important within their organization due to COVID-19, while only 5% said it has become less important. Many privacy professionals have also seen their day-to-day responsibilities shift this year, with more than half saying that maintaining and advising on employee privacy has become a priority. Roughly half are also dedicating more time to assessing platforms that support the organization’s remote workforce.
In terms of concerns over data collected from employees for COVID-19 purposes, respondents were split. Approximately 45% said they have conducted a privacy risk assessment or data protection impact assessment on this information, while about half had not.
Growth in Privacy Budgets and Priorities
Privacy spending is up by 8% from 2019, at a mean budget of roughly
Approximately four in 10 organizations are working toward a single privacy strategy that can be applied around the globe. Another 30% take an approach that segments data subjects by jurisdiction, handling each data subject’s personal data according to the relevant local law. As was true in 2019, compliance issues—concerning GDPR, the California Consumer Privacy Act (“CCPA”) and beyond—continue to remain the top priorities for privacy professionals. Overall, 30% said that compliance with GDPR remained their top priority.
Legislative and Legal Changes
Data privacy laws picked up momentum around the world this year. While GDPR compliance is up from 2019, half of respondents are still not fully compliant. The CCPA has also triggered notable changes, with 38% of organizations reporting they have modified business practices to avoid selling data, and 32% confirming they have added a “Do Not Sell My Personal Information” link on their website.
The Schrems II ruling from earlier in 2020, which invalidated the Privacy Shield framework for cross-border data transfers, is another issue causing direct and indirect challenges for many companies. Nearly two-thirds of respondents said their organizations transfer data outside of the EU—55% previously relied on Privacy Shield and 62% are adjusting their data transfer mechanism as a result of this year’s ruling. Another 88% use standard contractual clauses as their mechanism for the compliant transfer of data outside of the EU, but many experts agree this approach has been cast into doubt in the wake of Schrems II.
Privacy Leadership Expands, Staffing Plateaus
While privacy hiring has been on the rise in previous years, it has leveled off in 2020. Nearly half of organizations have implemented or plan to implement hiring freezes for privacy and non-privacy roles, and 71% expect the current number of full-time privacy staff to remain the same in the coming year. In 4 out of 10 organizations, the most senior “privacy leader” holds the title of chief privacy officer. Boards of Directors maintain privacy leadership at 13% of organizations.
In terms of job duties, privacy professionals in
Download the fully IAPP-FTI Consulting Privacy Governance Report 2020 here.
A total of 473 respondents completed the survey this year. Email invitations to take the survey were sent to subscribers of the IAPP’s Daily Dashboard. The survey was fielded in August and
555 12th Street NW
Source: FTI Consulting, Inc.