Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function 


An ISACA Survey

  Download (registration required, 4.5M)

  Download Quiz (registration required, 3K)

  Provide feedback on this document

  View News Release

Announcements of major privacy breaches involving thousands, even millions, of data records are becoming common print and Internet headlines. We live in an information economy where no enterprise is exempt from security threats, vulnerabilities and privacy exposures. Because a privacy breach can generate a shocking degree of damage, enterprises cannot afford to overlook or mismanage their data security efforts.

ISACA, the world’s leading independent, nonprofit association in governing, managing and assuring trust in an evolving digital world, conducted a survey among more than 15,000 members and others with privacy-related job titles to learn more about current privacy governance practices, structures and attitudes. This report presents the ISACA Privacy Survey results. ISACA takes seriously its responsibility to understand privacy issues and provide its stakeholders with tools to establish and manage an effective privacy program. ISACA is using the survey findings to create privacy principles and other guidance, which will be published in the near future.

The ISACA survey reveals that enterprises are in various stages of privacy program maturity. Most understand the requirements of an effective privacy program:

  • Appropriate privacy-function staffing
  • Positioning of privacy function at a high level in the enterprise organization chart
  • Privacy-protection culture
  • Privacy awareness training
  • Globally accepted frameworks/standards
  • Metrics and monitoring program effectiveness
  • Compliance with data-protection legal requirements