ISACA’s newly released State of Privacy 2026 report shows that even with increased recognition and awareness for the privacy function, practitioners still face a range of difficulties when it comes to staffing, compliance and more.
This year’s installment of ISACA’s annual State of Privacy research gathers insights from more than 1,800 global privacy professionals, providing insights into privacy staffing, operations, breaches, awareness training, privacy by design, and use of AI tools by privacy professionals.
The ISACA research surfaced several encouraging points of interest, including:
- Over half (56%) of survey respondents believe their Board of Directors has adequately prioritized privacy.
- 82% use a framework or law/regulation to manage privacy in their organization.
- 66% of organizations review and revise privacy awareness training at least annually (up from 59% in 2025).
- 31% of organizations find it easy to understand their privacy obligations, while only 20% say it is difficult (down from 23% in 2025).
However, privacy practitioners are still contending with substantial challenges on several fronts, including:
- The median privacy staff size dropped by one third this year, from 8 in 2025 to 5.
- Fewer than half (46%) of respondents felt very or completely confident in their organization’s privacy team’s ability to achieve compliance with new privacy laws and regulations.
- 65% say their roles are significantly or slightly more stressful now compared to five years ago.
- The rapid evolution of technology is cited as the number one stressor: 71% (up from 63% last year), followed by compliance challenges (62%) and resource shortages (61%).
Access the full global research report at www.isaca.org/state-of-privacy. See more privacy resources from ISACA here.