Schaumburg, Ill. (Jan. 26, 2021) — As Data Privacy Day approaches this week, new research conducted by ISACA reveals critical skills gaps and insufficient training. The survey report, Privacy in Practice 2021: Data Privacy Trends, Forecasts and Challenges, also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams.
Privacy by Design
The Privacy in Practice 2021 survey findings—gathered in Q3 2020 from 1,873 professionals who work in data privacy or have knowledge of their organizations' data privacy functions—show some positive trends for those enterprises who report they always use privacy by design. Seventy-seven percent of those respondents believe that their boards of directors prioritize privacy (compared with 52 percent of all respondents). They are also less likely to view privacy programs as driven solely by compliance (22 percent vs. 34 percent total) and more likely to be driven by a combination of compliance and ethics (62 percent vs. 52 percent total). In addition, they are more likely to report that their enterprise privacy strategy aligns with organizational objectives (90 percent vs. 69 percent total).
However, though enterprises consistently using privacy by design are nearly two-and-a-half times more likely to be completely confident in the ability of their privacy team to ensure data privacy and achieve compliance with new privacy laws and regulations (24 percent vs. 10 percent total), there was not a meaningful difference in the number of privacy breaches experiences in the last 12 months. Approximately 10 percent of both groups reported breaches—a number that ISACA experts feel is potentially underreported.
"Privacy is not a one-time, check the box activity," says Matt Stamper, CISA, CISM, CDPSE, CRISC, Chief Information Security Officer and Executive Advisor at EVOTEK. "The findings around data breaches illustrate that while privacy by design can bring great value to enterprises, it does not make them any less susceptible to privacy breaches, and privacy practitioners need to keep up their guard."
In addition to breaches, respondents identified other areas as common privacy failures, including:
Survey respondents noted that the most helpful methods in overcoming these obstacles are using a privacy principles framework, experience-based credentials and privacy training. Additionally, they report using privacy controls including encryption (77 percent), identity and access management (76 percent), and data security (71 percent).
In privacy workforce trends, respondents indicated that they foresee more of an increased demand for technical privacy roles compared to legal/compliance roles (70 percent increase vs. 59 percent increase). However, they see more challenges in staffing technical privacy teams compared to legal/compliance teams; technical privacy roles were more likely to be considered understaffed (46 percent compared to 33 percent).
Nevertheless, hiring managers have been finding ways to fill these roles by training other employees—47 percent noted that they have been training non-privacy staff who are interested in moving into privacy roles. 92 percent of respondents indicated that they have privacy staff who started their career in IT or security and moved into privacy and compliance.
"It is clear that organizations will continue needing a strong privacy workforce in the years ahead to leverage data responsibly and ensure regulatory compliance," says Nader Qaimari, ISACA chief product officer. "As non-privacy professionals increasingly get opportunities to train for this career path and gain technical skills, it not only eases the privacy skills gap but enriches this workforce."
Highlights from the Privacy in Practice 2021 survey will be discussed in the complimentary webinar, "Exploring Privacy Trends, Challenges & Predictions," on 28 January 2021 at 12:00 PM (EST) / 11:00 AM (CST) / 9:00 AM (PST) / 5:00 PM (UTC). For more information or to register, visit https://store.isaca.org/s/community-event?id=a334w000004SGu9AAG.
To access the Privacy in Practice 2021 survey report and related guidance, visit www.isaca.org/privacy-in-practice-2021. Additional information on ISACA's privacy resources, including the Certified Data Privacy Solutions Engineer™ (CDPSE™) certification, is available at www.isaca.org/cdpse. Professionals who interact with privacy issues can also join ISACA's Privacy group on Engage to discuss the topic and share best practices.
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.