Privacy sweep shows big compliance gaps


By Dylan Bushell-Embling
Tuesday, 05 March, 2019

Privacy sweep shows big compliance gaps

A global sweep of data protection procedures and capabilities of organisations in 18 countries found that only half are compliant with legal requirements around maintaining data privacy policies.

In addition, only 52% of organisations indicated that they have a documented incident response procedure, while only 58% have clear measures in place to both deal with data breaches and other incidents as they arise and notify individuals and regulators.

The sweep was led by New Zealand's Office of the Privacy Commissioner and the UK's Information Commissioner's Office, and drew the participation of 16 other data protection authorities that have allied with these offices as part of the Global Privacy Enforcement Network.

It found that while less than 10% of organisations have no privacy policies governing how they handle personal data at all, only around 50% of organisations both maintain an internal data privacy consistent with legal requirements and would be able to demonstrate that the policy has been embedded into everyday practices.

Furthermore, over 20% of organisations have no programs in place to conduct self-assessments or internal audits of their data protection standards, and 14% were deemed to have poor internal privacy practices.

The survey also identified significant gaps in terms of transparency, with only 55% of organisations maintaining a clear privacy policy which is easily assessable to customers and the general public.

Meanwhile, only half of organisations conduct regular data protection training to all staff.

But the report (PDF) also identified signs of improvement, with 33% of respondents indicating that they are in the process of implementing a data privacy framework or had partially implemented internal policies.

In addition, 67% of respondents reported appointing a dedicated data privacy officer or a senior-level member of staff responsible for overall privacy governance, and only 6% either reported that they have nobody responsible for data protection or failed to specify.

Image credit: ©.shock/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd