在数据隐私日之前, only one-third of organizations find it easy to understand their privacy obligations, 根据ISACA的最新研究
美国伊利诺斯州绍姆堡 —从印度的《澳门赌场官方软件》到巴西的《澳门赌场官方软件》,过去的一年见证了全球隐私法规的新发展和更新. 然而, 只有34%的组织表示,他们很容易理解自己的隐私义务,只有43%的组织对其组织的隐私团队确保数据隐私并遵守新隐私法律法规的能力非常或完全有信心, 根据ISACA的数据 私隐实务2024 检验报告.
多于1,300 professionals globally who work in data privacy roles responded to the survey, weighing in on privacy topics such as 人员配备, 组织结构, 政策, 预算和培训.
隐私的挑战
In addition to difficulty understanding the privacy regulatory landscape, organizations also face other data privacy challenges, 包括预算. 近一半的受访者(43%)表示他们的隐私预算资金不足,只有36%的受访者表示他们的预算资金充足. 展望未来的一年, 只有24%的人预计预算会增加(比去年下降了10个百分点)。, and only one percent say it will remain the same (down 26 points from last year). Over half (51 percent) expect a decrease in budget, 这一比例明显高于去年,当时只有12%的人预计预算会减少.
的 path to forming a privacy program is not always a smooth one, 要么, with respondents indicating that the top obstacles include:
- Lack of competent resources (41 percent)
- Lack of clarity on the mandate, roles and responsibilities (39 percent)
- Lack of executive or business support (37 percent)
- Lack of visibility and influence within the organization (37 percent)
寻找有能力的资源, technical privacy positions are in highest demand, 62%的受访者表示,明年对技术隐私职位的需求将会增加, compared to 55 percent for legal/compliance roles. 然而, respondents indicate there are skills gaps among these privacy professionals; they cite experience with different types of technologies and/or applications (63 percent) as the biggest one.
When looking at common privacy failures, respondents pinpointed the lack of or poor training (49 percent), 主要担心的问题是没有在设计上保护隐私(44%)和数据泄露(42%).
“When privacy teams face limited 预算 and skills gaps among their workforce, 在不断发展和扩大的数据隐私法规中保持领先地位可能更加困难,甚至会增加数据泄露的风险,萨菲亚·卡兹说, ISACA主要, 隐私专业实践. “By understanding where these challenges lie, 组织可以采取必要的措施来纠正这些问题,并改变方向,加强他们的隐私团队和项目.”
采取行动
组织缓解劳动力缺口和隐私失败的方法之一是通过培训. 一半的受访者(50%)表示,他们正在接受培训,以允许非隐私员工进入隐私角色, while 39 percent are increasing usage of contract employees or outside consultants.
对员工进行培训, 86%的人表示他们的组织为员工提供隐私意识培训, with 66 percent providing training to all employees annually, and 52 percent of respondents providing privacy awareness training to new hires. 60%的组织至少每年审查和修订隐私意识培训. 71%的受访者认为,隐私培训对澳门赌场官方下载的隐私意识产生了强烈或积极的影响. 有趣的是, 受访者指出,他们的组织最常将完成培训的员工数量(65%)作为跟踪隐私培训有效性的主要指标, not a decrease in privacy incidents (56 percent).
组织也在采取行动,通过使用各种隐私控制来加强数据隐私, with the top three being identity and access management (74 percent), 加密(73%), 数据安全(72%).
尽管面临挑战, 63%的组织表示,在过去12个月里,他们没有发生重大的隐私泄露事件, 18%的人认为他们所经历的数据泄露事件数量没有变化. 受访者对来年也持乐观态度:不到五分之一(16%)的人表示,他们预计未来12个月将发生重大隐私泄露事件.
To assess the effectiveness of privacy programs, survey respondents note their organizations are most often taking the approach of:
- Performing a privacy 风险 assessment (49 percent)
- Performing a privacy impact assessment (PIA) (44 percent)
- Performing a privacy self-assessment (38%)
- Undergoing a privacy audit/assessment (34 percent)
隐私设计的价值
从调查结果中最明显的收获之一是,从设计上实践隐私的组织有一些关键优势:
- 的y have more employees in privacy roles (median staff size 15 vs. 在所有受访者中有9人),并且更有可能表示他们的技术隐私部门配备适当的人员(42%对50%). (占所有受访者的34%).
- 他们强烈认为董事会优先考虑组织隐私(77% vs. 57%).
- 他们不太可能将组织隐私计划视为纯粹的合规性驱动(35% vs. 占总数的44%), and more likely as a combination of compliance, ethics and competitive advantage (39 percent vs. 合计29%).
- 他们更有可能看到他们组织的隐私策略与组织目标保持一致(90% vs. 74%).
- 的y use many more privacy controls in total, overall, than are legally required:
- Data minimization and retention controls (54 percent vs. (占所有受访者的39%)
- Data quality and integrity (50 percent vs. 38%)
- Cryptographic protection (59 percent vs. 46%)
- Feel their privacy budget is appropriately funded (50% vs. 36%的总)
最终, 始终在设计中保护隐私的组织也更有可能对其组织的隐私团队确保数据隐私和遵守新隐私法律法规的能力非常或完全有信心(71%对43%)。.
“Always practicing privacy by design and employing a proactive, 对个人隐私程序的周到处理可以为组织带来强大的价值,博士说。. 丽莎·麦基, 创始合伙人, 美国安全与隐私, and member of the ISACA Emerging Trends Working Group. “对于许多, prioritizing privacy and protecting people’s data is not only the right thing to do, but offers strong benefits in strategy alignment, 预算, 人员配备, compliance and reputation for their business too.”
Kazi and Jon Brandt, ISACA director, professional practices & innovation for content development and services, will discuss these survey findings further in an upcoming webinar, 隐私状态2024,将于1月25日12:00 PM(东部时间)/ 11:00 AM (CT) / 9:00 AM (PT) / 16:00 (UTC)举行。. 它对澳门赌场官方软件免费,非澳门赌场官方软件75美元,并将在一年后按需提供. 要了解更多信息并注册,请访问 http://store.androidas.net/s/community-event?id = a334w000006C7rMAAS.
Recently, ISACA explored other privacy themes in new white papers. 消除欺骗性隐私行为:通过解决隐私黑暗模式建立信任 探索黑暗模式的问题本质和可以用来取代它们的以消费者为中心的替代品的策略. Applied Data Management for 隐私, Security and Digital Trust 研究隐私和数据管理之间的联系,以及隐私和安全如何支持数字信任, 并教育读者如何构建和维护适合他们需要的数据管理程序.
的 私隐实务2024 检验报告 is complimentary and can be accessed at ygvz.androidas.net/privacy -实践- 2024.
Additional privacy resources can be found at: ygvz.androidas.net/resources/privacy.
关于ISACA
ISACA® (ygvz.androidas.net)是一个推动个人和组织追求数字信任的全球澳门赌场官方下载. 50多年了, ISACA has equipped individuals and enterprises with the knowledge, 凭证, 教育, training and community to progress their careers, 改变他们的组织, and build a more trusted and ethical digital world. ISACA是一个全球性的专业协会和学习型组织,它利用了170多个澳门赌场官方软件的专业知识,000 members who work in digital trust fields such as information security, 治理, 保证, 风险, 隐私和质量. It has a presence in 188 countries, including 225 chapters worldwide. 通过其基金会One In Tech, ISACA为资源不足和代表性不足的澳门赌场官方下载提供信息技术教育和职业发展途径.
Twitter: www.推特.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.脸谱网.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
联系
艾米丽·阿亚拉,+1.847.385.7223
布里奇特·德鲁克,+1.847.660.5554
