Is Data Privacy Compliance Your Mt. Everest?

Do you know where your company’s sensitive information is? A lot of companies don’t even realize their information is missing until it’s too late.

Posted by Joe Gerard in Corporate Security, Ethics & Compliance, Human Resources, Information Security on April 14th, 2011

Do you know where your company’s sensitive information is? A lot of companies don’t even realize their information is missing until it’s too late. It’s important for employers and employees to understand the risks of noncompliance when it comes to data privacy. Even sharing information within your office has risks and consequences. At times, dealing with data privacy compliance seems as challenging as climbing Mt. Everest. I was recently reading findings from a survey that focused on determining how big of a challenge data privacy compliance is – is it like stepping over a mole hill or tackling Mt. Everest?

Data Privacy and Compliance

The Health Care Compliance Association (HCCA) and the Society of Corporate Compliance and Ethics (SCCE) teamed up to work on a survey. The survey findings were released in the report titled “Data Privacy: How Big a Compliance Challenge?” In the executive summary of the report, they write:

“Privacy has become a growing mandate for compliance professionals. 75% of respondents reported that compliance is responsible for overseeing data protection and privacy. In addition, the amount of time spent on the issue has increased significantly, with 82% of respondents reporting an increase, and 77% expecting there to be more time invested in the next year. In general healthcare companies are finding this more of a challenge, but the numbers for non-healthcare companies are also substantial.”

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Report Findings

Here are the key findings from the report:

1. Privacy becomes the responsibility of the Compliance Department.

Who takes care of ensuring data privacy compliance in your organization? Just over 3/4 of respondents reported that this task was the responsibility of their compliance department. The study also found that if compliance doesn’t oversee data privacy, it’s usually the responsibility of the privacy department or IT.

2. The time invested into protecting data has increased significantly.

If you want to successfully comply with data privacy laws, a lot of time is invested in implementing protective measures, training employees and monitoring. Data privacy compliance isn’t a “one and done” type of activity – it’s ongoing. 42% of those surveyed stated that the time invested in data privacy has increased a great deal and 40% stated that the time invested increased somewhat over the past three years.

3. Future expectations for the time invested in privacy compliance.

It’s good to see that almost all respondents continue to observe some type of an increase in the time devoted to privacy compliance in the future. 50% of respondents expect the time invested to “increase somewhat”, while 27% expect the time to “increase a great deal”. 21% expect no change in the time invested.

4. Accidental breaches are feared more than intentional ones.

This result is predictable.  The survey respondents were asked how likely they felt that data would be released through:

  • Hacking attacks.
  • Intentional breaches by employees and third party vendors.
  • Accidental breaches by employees and vendors.

Many respondents feel that an accidental breach is also more likely to occur, which makes sense, as human error is a major data privacy risk. If an employee misplaces a company laptop, smart phone, USB key – you name it, it’s possible that the data could be stolen. Another accidental human error is email. Whether it’s opening a spammy, virus infected email or sending an email containing confidential information to the wrong recipient(s), data privacy is breached.

5. Respondents feel relatively comfortable when it comes to fighting off an attack from a hacker, but are less confident when it comes to other challenges.

Data privacy threats come from a number of different sources and companies must be prepared to fight them all. Respondents felt more prepared to handle attacks from hackers (70%) than they do intentional third party breaches (48%). However, the responses demonstrate that some of these issues may not be considered the respondent’s “Mt. Everest”. The results show that there’s still work to do and progress to be made, but companies are hiking their way up the mountain.

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website