This blog series discusses research and trends across the spectrum of Digital Insights & Risk Management. Part 1 in the series, by Sophie Ross, defined the concept of digital risk and shared a state of the industry across the big picture of this problem space. This post discusses the findings relating to data privacy, and how data privacy has become a central risk focus across nearly every organization.
Data privacy concerns continue to pervade discourse in business and society. Citizens are embracing and increasingly leveraging their rights relating to their personal information, while business leaders grapple with the tension between upholding consumer trust, leveraging data insights and meeting the requirements of hundreds of privacy regulations around the world.
In FTI Technology’s recent Digital Insights & Risk Management survey, senior leaders globally, from general counsel and chief privacy officers to chief financial officers, chief risk officers, chief executive officers and other roles, were in resounding agreement that data privacy is one of the most critical areas of digital risk today. More than two-thirds of respondents ranked data privacy within their top three concerns, while half listed it as their number one risk.
While it isn’t inherently surprising that data privacy is the front and center issue of the moment, what was surprising in the survey is the extent to which data privacy risks have penetrated every area of business, gained mindshare among CEOs and become more challenging despite widespread awareness.
Data Privacy Across Every Function
For example, in looking at subset groups of respondents, particularly those who would not typically be viewed as focused on data privacy issues, the majority still listed data privacy within their top three risks. Among leaders who indicated a primary focus of blockchain and digital assets projects (CFOs and chief technology officers), 45% ranked data privacy as their top concern (surpassed only by information security/data breaches, which had a top ranking from 63%).
Similarly, respondents whose key responsibility centered around disputes and investigations ranked data privacy as the top issue by far. Nearly two-thirds listed privacy as the number one risk, over risks relating to growing data volumes, emerging data sources, data quality and challenges of bringing new systems together post-merger. And more than half of legal operations respondents said they are supporting privacy coordination.
Data Privacy Among CEOs
CEOs and chief operations officers, who have the most extensive, company-wide responsibilities, also participated in the survey. Among this group, 71% identified data privacy as their top concern today. In other words, CEOs were more concerned about data privacy than any other senior leadership function.
It’s critical for all stakeholders to collaborate with each other and the CEO to mitigate these pressing issues. While one survey participant had a strong working relationship with her organization’s C-suite, saying, “I don’t have any difficulty getting an audience with my business leaders…and a lot of appreciation for the work that I’ve done to manage digital risk,” that isn’t the standard experience. For example, another respondent said, “I only rarely talk with management. There isn’t much interest from the C-suite in what we do, and there’s not much of a connection between myself and my peers and the C-suite.”
Growing Data Privacy Challenges
Unfortunately, even as awareness and best practices gain traction, achieving compliance is becoming more difficult.
One driver causing data privacy and security challenges is the remote and hybrid work reality. Forty-one percent of respondents stated that data is being shared on devices and through systems that are not sanctioned or covered within the organization’s data privacy policies, and 38% said that remote and hybrid work have made it more difficult for the organization to monitor compliance with or enforce data privacy policies. Even more stated that remote work has increased their potential breach surface. To narrow in on that further, 90% of respondents who indicated they are data privacy professionals said their organizations have experienced negative risk implications as a result of remote and hybrid work.
Additional findings from that subset include:
- 72% said data breaches have become more complex.
- 77% said data breaches have become more expensive.
- 68% said their board is concerned about the organization’s ability to manage and maintain data privacy risk and compliance.
- 71% are concerned about privacy violations occurring during cross-border data transfers.
Data privacy challenges will continue to evolve. New laws will emerge and existing laws will evolve. Data breaches will persist as a reality of doing business. The fact that data privacy risk has become a central focus is important progress in improving programs and compliance. To keep pace with the changing nature of this space, and to maximize the mindshare senior leaders are giving this issue, privacy professionals have a tremendous opportunity. Tapping into it will require collaboration with their counterparts and developing initiatives that ensure privacy risks are properly communicated, understood and addressed proactively across each facet of the business.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.