enterprise data privacy quiz
TRANSCRIPT
ENTERPRISE DATA PRIVACY: How Does Your Business Stack Up?
2
A recent survey examined the state of data privacy in businesses. Results showed a critical disconnect between companies’ data privacy policies and protection of sensitive data. We’ve selected 10 questions from the survey for you to answer. Keep track of your responses, then see how your organization compares to those in the study.
3
Regulated customer data (credit cards,
health records, etc.)
Password or authentication
credentials
Personal employee info (SSNs, phone
numbers, etc.)
Intellectual property
Accounting and financial
Unregulated customer data (emails, order
history, etc.)
Payroll Planning and strategy documents
We do not have sensitive business data
What type of data is the most sensitive to your business? (Select up to 3)
4
Does your IT organization conduct regular SECURITY audits to ensure compliance with data security standards?
❏ Yes ❏ No
Does your IT organization conduct regular PRIVACY audits to ensure compliance with data privacy standards?
❏ Yes ❏ No
5
How does your IT organization focus efforts to protect data between external threats (hackers) and internal threats (like careless employees)?
❏ More effort on internal threats ❏ More effort on external threats ❏ Same effort on both internal and external threats
6
Sales Marketing Owner/Partner Operations IT
Accounting Manufacturing Engineering Legal
Which departments are MOST likely to ignore corporate data privacy policies? (Select up to 3)
7
Contractors Executives Contributors/front-line staff
Team managers
What level of employee is most likely to ignore data privacy policies?
8
Insufficient employee awareness &
understanding of data privacy policies
Lack budget to purchase & implement technology solutions
No process in place to train or audit
employee behavior
Lack of executive visibility or priority into the problem
IT team doesn’t have knowledge of laws and requirements
Lack of data privacy policies
Other We have no challenges
Which of these challenges ensuring privacy of sensitive data does your IT team face? (Select all that apply)
9
Access Control
Log all data access Multi-factor authentication
Encrypt data on laptops
Encrypt data on tablets and
smartphones
No technological controls for data
privacy
What technological controls does your organization have in place to limit or audit access to sensitive data by authorized or unauthorized parties? (Select all that apply)
10
Which of these regional data privacy challenges does your business face? (Select all that apply) Emerging rules and
regulations difficult to track and implement
Requirements are ambiguous, making it difficult to determine the correct course of
action
Technology vendors not offering solutions
or guidance in addressing regulations
Legal or compliance team does not communicate
requirements to IT
IT team lacks compliance knowledge
to understand requirements
Does not apply; we do not have operations in
multiple countries.
11
How concerned are you about the privacy of sensitive business data in the cloud?
Very concerned
Concerned
Not concerned
Does not apply; my company does not put any data in the cloud
12
In your opinion, which environment has better data privacy controls?
Cloud On-premise
Now that you’ve taken the quiz, see how the experts answered the same questions.
14
1. Of the 99% of businesses which say they have sensitive data to manage, 52% identified the most common types as credit cards and health records. 46% selected password or other authentication credentials, and 41% selected personal employee information such as social security numbers.
2. While almost half of organizations (47%) conduct regular privacy audits, more (68%) conduct regular security audits.
3. 28% of companies focus efforts on protecting against internal threats, like careless employees, that impact data privacy. 72% put most of their efforts into protecting from external threats, like hackers, that impact data security.
4. 48% of companies report that sales is the most likely to ignore data privacy policies, followed by marketing (35%), owners or partners (31%), and legal (6%).
5. Individual contributors and front-line professionals are the most likely to ignore data privacy policies (39%), closely followed by executives (33%).
6. 93% of IT organizations face challenges ranging from insufficient employee awareness (56%) and lack of budget to purchase technology solutions (45%), to lack of process to audit behavior (36%) and lack of executive visibility and priority (34%).
7. 63% of companies use some kind of technology approach to ensure data privacy. The most common are basic access control (58%) and logging data access (41%). 21% encrypt data on mobile devices and 36% encrypt data on laptops.
8. For global companies, 41% report facing difficulties tracking emerging rules, 29% are challenged by ambiguity of requirements, 29% blame technology vendors for not offering solutions or guidance to address regulations, and 17% say their IT teams lack the ability to understand the requirements.
9. 87% of IT organizations are concerned about the privacy of cloud data, including 32% who describe themselves as “very concerned”.
10. 65% of IT professionals still believe that their on-premises environments have better privacy controls than the cloud, even though the reputation of SaaS and public clouds has improved dramatically in recent years.
SURVEY RESULTS
To learn more, download our research report: The State of Data Privacy 2015