Nearly
three-quarters of organizations believe they have adequate policies in place to
protect sensitive, personal information, yet more than half have lost sensitive
data within the past two years — and nearly 60 percent of those organizations
acknowledge data loss as a recurring problem, according to findings of a global
study released today by Accenture.

The study —
which surveyed more than 5,500 business leaders and 15,500 adult consumers in
19 countries — reveals a startling difference between organizations’
intentions regarding data privacy and how they actually protect sensitive
personal information, such as name, address, date of birth, race, National
ID/social security number and medical history.  The study was conducted in
conjunction with the Ponemon Institute, an independent privacy, protection and
information security research firm.

“The volume
of sensitive personal information being collected and shared by organizations
has grown exponentially in recent years, making data protection a critical
business issue and not just a technology concern,” said Alastair MacWillson,
managing director of Accenture’s Security practice. “Our study underscores the
importance of taking a comprehensive approach to data privacy and protection,
one that closes the gaps between business strategy, risk management, compliance
reporting and IT security.”

Global
business findings

Fifty-eight
(58) percent of business respondents have experienced at least one data
security breach over the past two years, yet 73 percent said their organization
has adequate policies to protect the personally identifiable information it
maintains.

While 70
percent agreed that organizations have an obligation to take reasonable steps
to secure consumers’ personal information, there are discrepancies in their
commitments for doing so:

  • Forty-five (45) percent of respondents were
    unsure about or actively disagreed with granting customers the right to
    control the type of information that is collected about them.
  • Forty-seven (47) percent were unsure about or
    disagreed with customers having a right to control how this information is
    used.
  • Nearly half also did not believe it was important
    or very important to: limit the collection (47 percent) or sharing (46
    percent) of sensitive personal customer information; protect consumer
    privacy rights (47 percent); prevent cross-border transfers of personal
    information to countries with inadequate privacy laws (47 percent);
    prevent cyber crimes against consumers (48 percent); or prevent data loss
    or theft (47 percent).

The study
revealed that the biggest causes of data loss are internal — problems
presumably well within an organization’s ability to detect and correct. For
instance, business or system failure (57 percent) and employee negligence or
errors (48 percent) were cited most often as the source of the breaches; cyber
crime was cited as a cause of only 18 percent of security breaches.

While many
organizations believe that complying with existing regulations is sufficient,
it appears that compliance alone may not be enough to protect sensitive data.
 For instance, 70 percent of respondents said they regularly monitor
privacy and data protection regulatory compliance requirements, yet data
breaches have occurred in 58 percent of organizations polled.

The study
also identified significant differences in terms of attitudes and policies
regarding data privacy and protection between organizations that had not
experienced any data-security breach in the past two years and those that had.
 Specifically, respondents in organizations that did not have a
data-security breach:

  • were more likely to know where personal
    information on customers and employees resides within their organization’s
    IT enterprise (75 percent versus 66 percent); and
  • were more likely to feel an obligation to control
    who has access to personal data (72 percent versus 60 percent).

Global
consumer findings

More than
two-thirds (70 percent) of consumers surveyed around the world believe that
privacy of their personal information is important or very important, yet 42
percent are skeptical that organizations are doing enough to adequately protect
the personally identifiable information they have shared, revealing an overall
lack of trust.

The study
suggests that while consumers want to ‘own’ their personal information, they
feel organizations have a responsibility for managing and protecting it.
 For instance:

  • Fifty-three (53) percent of consumers said they
    believe they have the right to control how their personal information is
    used. The same percentage said they believe they have a right to access
    and review the data collected and used by organizations.
  • When asked who has the most responsibility for
    ensuring that information is adequately protected, 41 percent of consumer
    respondents said the government, 21 percent said companies, 19 percent
    said the individual, and 20 percent said it should be a shared effort.

 “The
findings reinforce the critical role that data privacy plays in maintaining
trust between organizations and their consumer and business customers,” said
Bojana Bellamy, Accenture’s director of Data Privacy and vice president of the
International Association of PrivacyProfessionals. “A proactive approach to
data protection and privacy can not only help organizations avoid fines for
non-compliance but, even more importantly, can help avoid breaches that can
alienate customers and destroy brand credibility.”

Digg It!DZone It!StumbleUponTechnoratiRedditDel.icio.usNewsVineFurlBlinkList

Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post