ENTERPRISE DATA PRIVACY: How Does Your Business Stack Up?

2

A recent survey examined the state of data privacy in businesses. Results showed a critical disconnect between companies’ data privacy policies and protection of sensitive data. We’ve selected 10 questions from the survey for you to answer. Keep track of your responses, then see how your organization compares to those in the study.

3

Regulated customer data (credit cards,

health records, etc.)

Password or authentication

credentials

Personal employee info (SSNs, phone

numbers, etc.)

Intellectual property

Accounting and financial

Unregulated customer data (emails, order

history, etc.)

Payroll Planning and strategy documents

We do not have sensitive business data

What type of data is the most sensitive to your business? (Select up to 3)

4

Does your IT organization conduct regular SECURITY audits to ensure compliance with data security standards?

❏  Yes ❏  No

Does your IT organization conduct regular PRIVACY audits to ensure compliance with data privacy standards?

❏  Yes ❏  No

5

How does your IT organization focus efforts to protect data between external threats (hackers) and internal threats (like careless employees)?

❏  More effort on internal threats ❏  More effort on external threats ❏  Same effort on both internal and external threats

6

Sales Marketing Owner/Partner Operations IT

Accounting Manufacturing Engineering Legal

Which departments are MOST likely to ignore corporate data privacy policies? (Select up to 3)

7

Contractors Executives Contributors/front-line staff

Team managers

What level of employee is most likely to ignore data privacy policies?

8

Insufficient employee awareness &

understanding of data privacy policies

Lack budget to purchase & implement technology solutions

No process in place to train or audit

employee behavior

Lack of executive visibility or priority into the problem

IT team doesn’t have knowledge of laws and requirements

Lack of data privacy policies

Other We have no challenges

Which of these challenges ensuring privacy of sensitive data does your IT team face? (Select all that apply)

9

Access Control

Log all data access Multi-factor authentication

Encrypt data on laptops

Encrypt data on tablets and

smartphones

No technological controls for data

privacy

What technological controls does your organization have in place to limit or audit access to sensitive data by authorized or unauthorized parties? (Select all that apply)

10

Which of these regional data privacy challenges does your business face? (Select all that apply) Emerging rules and

regulations difficult to track and implement

Requirements are ambiguous, making it difficult to determine the correct course of

action

Technology vendors not offering solutions

or guidance in addressing regulations

Legal or compliance team does not communicate

requirements to IT

IT team lacks compliance knowledge

to understand requirements

Does not apply; we do not have operations in

multiple countries.

11

How concerned are you about the privacy of sensitive business data in the cloud?

Very concerned

Concerned

Not concerned

Does not apply; my company does not put any data in the cloud

12

In your opinion, which environment has better data privacy controls?

Cloud On-premise

Now that you’ve taken the quiz, see how the experts answered the same questions.

14

1.  Of the 99% of businesses which say they have sensitive data to manage, 52% identified the most common types as credit cards and health records. 46% selected password or other authentication credentials, and 41% selected personal employee information such as social security numbers.

2.  While almost half of organizations (47%) conduct regular privacy audits, more (68%) conduct regular security audits.

3.  28% of companies focus efforts on protecting against internal threats, like careless employees, that impact data privacy. 72% put most of their efforts into protecting from external threats, like hackers, that impact data security.

4.  48% of companies report that sales is the most likely to ignore data privacy policies, followed by marketing (35%), owners or partners (31%), and legal (6%).

5.  Individual contributors and front-line professionals are the most likely to ignore data privacy policies (39%), closely followed by executives (33%).

6.  93% of IT organizations face challenges ranging from insufficient employee awareness (56%) and lack of budget to purchase technology solutions (45%), to lack of process to audit behavior (36%) and lack of executive visibility and priority (34%).

7.  63% of companies use some kind of technology approach to ensure data privacy. The most common are basic access control (58%) and logging data access (41%). 21% encrypt data on mobile devices and 36% encrypt data on laptops.

8.  For global companies, 41% report facing difficulties tracking emerging rules, 29% are challenged by ambiguity of requirements, 29% blame technology vendors for not offering solutions or guidance to address regulations, and 17% say their IT teams lack the ability to understand the requirements.

9.  87% of IT organizations are concerned about the privacy of cloud data, including 32% who describe themselves as “very concerned”.

10.  65% of IT professionals still believe that their on-premises environments have better privacy controls than the cloud, even though the reputation of SaaS and public clouds has improved dramatically in recent years.

SURVEY RESULTS

To learn more, download our research report: The State of Data Privacy 2015