Privacy sweep shows big compliance gaps


By Dylan Bushell-Embling
Tuesday, 05 March, 2019
Privacy sweep shows big compliance gaps

A global sweep of data protection procedures and capabilities of organisations in 18 countries found that only half are compliant with legal requirements around maintaining data privacy policies.

In addition, only 52% of organisations indicated that they have a documented incident response procedure, while only 58% have clear measures in place to both deal with data breaches and other incidents as they arise and notify individuals and regulators.

The sweep was led by New Zealand's Office of the Privacy Commissioner and the UK's Information Commissioner's Office, and drew the participation of 16 other data protection authorities that have allied with these offices as part of the Global Privacy Enforcement Network.

It found that while less than 10% of organisations have no privacy policies governing how they handle personal data at all, only around 50% of organisations both maintain an internal data privacy consistent with legal requirements and would be able to demonstrate that the policy has been embedded into everyday practices.

Furthermore, over 20% of organisations have no programs in place to conduct self-assessments or internal audits of their data protection standards, and 14% were deemed to have poor internal privacy practices.

The survey also identified significant gaps in terms of transparency, with only 55% of organisations maintaining a clear privacy policy which is easily assessable to customers and the general public.

Meanwhile, only half of organisations conduct regular data protection training to all staff.

But the report (PDF) also identified signs of improvement, with 33% of respondents indicating that they are in the process of implementing a data privacy framework or had partially implemented internal policies.

In addition, 67% of respondents reported appointing a dedicated data privacy officer or a senior-level member of staff responsible for overall privacy governance, and only 6% either reported that they have nobody responsible for data protection or failed to specify.

Image credit: ©.shock/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

BlueVoyant launches security ops platform

BlueVoyant's Cyber Defence Platform leverages AI to enable security operations that span an...

CrowdStrike launches next-gen MDR solution

The Crowdstrike Falcon Next-Gen MDR solution expands MDR operations beyond native endpoint,...

Cysurance to offer cyber insurance to Sophos customers

Australian Sophos customers will be able to take advantage of discounted cyber insurance provided...

Content from other channels on our network

Victorian OPP implements new case management system

The need to cap the ATO's access to personal data

Supporting sustainable employment for neurodivergent individuals

Indonesian hackers apologise, ask for donations

Armis completes IRAP assessment

The crucial role of contacts in connector functionality

Silicon photonics for large-scale quantum information applications

Researchers advance recycling for solid-state lithium batteries

Creating artificial 'muscles' for safer, softer robots

Single-crystal cathodes make lithium batteries more durable

'Service mesh' technology to solve 6G communication issues

Field trials demonstrate the benefits of Wi-Fi HaLow

Milestone as UWA's TeraNet captures laser signals from satellite

SoftBank achieves THz outdoor coverage for connected cars

Govt invests over $100m to deliver next-gen drones to ADF

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd