Upload File

how it and info sec value privacy? infographic from truste & iapp

  • Home
  • Documents
  • How IT and Info Sec value privacy? Infographic from TRUSTe & IAPP
1
How IT and Infosec Value Privacy Privacy and information security policy overlap and are also separate, as in a Venn diagram or like links in a chain. These are the questions the IAPP and TRUSTe set out to explore in a recent survey of 550 privacy, IT, and information security professionals. What about in operations, though? How do privacy and info security teams inside organizations actually work together? How do their priorities and efforts align? ? Communication between the privacy and security departments, alongside a strong data breach response team, is most important for mitigating the risk of a data breach: One thing they agree on? In fact, more than half of infosecurity teams now have privacy representation, and nearly half of privacy teams have infosecurity professionals involved. And you can see privacy beginning to make its way deep into the organization, just as IT and infosecurity have done in the past. PRIVACY INFOSEC IT NO Information Technology Information Security Legal Privacy Reg Compliance / Ethics Human Resources Physical Security Records Management Finance / Accounting Procurement Marketing/ PR Government Affairs 76% 42% - - 52% 71% 43% 95% 26% 46% - 33% 51% 92% 57% 40% 82% 34% 73% 42% 53% 49% 71% 41% 54% 52% 50% 55% 44% 57% 37% 67% 47% 29% 78% 31% Department Discipline’s representation Further, while high-profile breaches clearly have companies increasing their infosecurity budgets, so too are they increasing privacy spend, and focusing that spend as much on privacy technology as personnel. Those who reported increases: Spend on infosecurity-related technology: 66 Overall infosecurity budget: 61 Employee privacy training: 53 Privacy employees on the infosecurity team: 50 Number of employees with privacy duties: 49 Spend on privacy-related technology: 42 Use of data inventory and classification: 42 Use of privacy impact assessments: 41 Use of data retention policies: 40 Overall privacy budget: 39 Spend on external privacy counsel: 34 Spend on external privacy audit: 26 % However, when we look at what motivates behavior directly, it isn’t so much security incidents as contact from regulators that grabs the attention of companies: How attitudes in importance for mitigating breach risk change following interaction with a regulator (percent of Maturity of privacy program Data minimization Data retention policies Data inventory/mapping Privacy working group Budget of privacy team Spend on privacy-related technology Relationships with regulators Privacy certification, individuals Size of privacy team Privacy certification, organization 88% 81% +7% 70% 79% -9% 62% 68% -6% 67% 75% -8% 68% 60% +8% 70% 58% +12% 49% 57% -8% 64% 53% +11% 52% 49% +3% 55% 43% +12% 30% 31% -1% > > > > > > > > > > > Simply experiencing a security incident changed behavior almost not at all. Clearly, when the regulators are watching, companies prioritize their privacy operations. Which can only serve to help the infosecurity department. As long as they communicate. As they seek to get a better handle on their data and the extent of corporate risk, they value core privacy functions such as data minimization and data mapping: Yes: 39% No: 53% Don’t Know: 8% Have you experienced a significant security incident in the past two years? Have you been notified of a regulator’s investigation in the past two years? Yes: 14.5% No: 75.5% Don’t Know: 10% Communications between privacy and security depts Data breach response teams Corporate training and education on privacy Role of privacy pro on the incident response team Maturity of privacy program Relationships with regulators Privacy working group Budget of privacy team Privacy certification, individuals Privacy certification, organizational Outside privacy counsel Size of privacy team IT / INFOSECURITY PRIVACY 25 30 40 50 60 70 80 90 100 87 92 85 84 78 89 75 88 72 84 53 53 50 64 46 61 46 50 35 30 35 37 34 46 Data minimization Data inventory/mapping Privacy policies Privacy impact assessments Vendor management programs Spend on information security-related technology DATA retention policies Employee monitoring Spend on privacy-related technology Website tracker scanning IT / INFOSECURITY PRIVACY 30 40 50 60 70 80 90 100 75 80 74 75 70 77 69 72 65 77 64 77 64 69 52 56 48 61 33 48 Highest overall perceived importance (as ranked by those selecting 4 or 5): Highest overall perceived importance (as ranked by those selecting 4 or 5):

Upload: truste

Post on 27-Jul-2016

218 views

Category:

Documents


0 download

Report

DESCRIPTION

Infographic on Privacy vs. security - based on the survey from TRUSTe and IAPP on how privacy and information security teams work inside an organization in order to minimize data breaches which has also led to increased privacy spends. Visit http://www.truste.com/blog/2016/03/01/new-iapptruste-study-privacy-brings-security-results/ to view the complete survey results.

TRANSCRIPT

Page 1: How IT and Info Sec value privacy? Infographic from TRUSTe & IAPP

How IT and Infosec

Value Privacy

Privacy and information security policy overlap and are also separate, as in a Venn diagram or like links in a chain.

These are the questions the IAPP and TRUSTe set out to explore in a recent survey of 550 privacy, IT, and

information security professionals.

What about in operations, though?

How do privacy and info security teams inside organizations actually work together?

How do their priorities and efforts align? ?

Communication between the privacy and security departments, alongside a strong data breach response

team, is most important for mitigating the risk of a data breach:

One thing they agree on?

In fact, more than half of infosecurity teams now have privacy representation, and nearly half of privacy teams

have infosecurity professionals involved. And you can see privacy beginning to make its way deep into the organization, just as IT and infosecurity have done

in the past.

PRIVACY INFOSEC ITNO

Information Technology

Information Security

Legal

Privacy

Reg Compliance / Ethics

Human Resources

Physical Security

Records Management

Finance / Accounting

Procurement

Marketing/ PR

Government Affairs

76%42% -

-52% 71%

43%95% 26%

46%- 33%

51%92% 57%

40%82% 34%

73%42% 53%

49%71% 41%

54%52% 50%

55%44% 57%

37%67% 47%

29%78% 31%

Department Discipline’s representation

Further, while high-profile breaches clearly have companies increasing their infosecurity budgets, so too are they

increasing privacy spend, and focusing that spend as much on privacy technology as personnel.

Those who reported increases:

Spend on infosecurity-related technology: 66

Overall infosecurity budget: 61

Employee privacy training: 53

Privacy employees on the infosecurity team: 50

Number of employees with privacy duties: 49

Spend on privacy-related technology: 42

Use of data inventory and classification: 42

Use of privacy impact assessments: 41

Use of data retention policies: 40

Overall privacy budget: 39

Spend on external privacy counsel: 34

Spend on external privacy audit: 26

%

However, when we look at what motivates behavior directly, it isn’t so much security incidents as contact from regulators that grabs the attention of companies:

How attitudes in importance for mitigating breach risk change following interaction with a regulator (percent of

Maturity of privacy program

Data minimization

Data retention policies

Data inventory/mapping

Privacy working group

Budget of privacy team

Spend on privacy-related technology

Relationships with regulators

Privacy certification, individuals

Size of privacy team

Privacy certification, organization

88%81% +7%

70%79% -9%

62%68% -6%

67%75% -8%

68%60% +8%

70%58% +12%

49%57% -8%

64%53% +11%

52%49% +3%

55%43% +12%

30%31% -1%

>

>>

>

>>

>

>>

>

>

Simply experiencing a security incident changed behavior almost not at all. Clearly, when the regulators are

watching, companies prioritize their privacy operations. Which can only serve to help the infosecurity department.

As long as they communicate.

As they seek to get a better handle on their data and the extent of corporate risk, they value core privacy functions

such as data minimization and data mapping:

Yes: 39% No: 53% Don’t Know: 8%

Have you experienced a significant security incident in the past two years?

Have you been notified of a regulator’s investigation in the past two years?

Yes: 14.5% No: 75.5% Don’t Know: 10%

Communications between privacy and security depts

Data breach response teams

Corporate training and education on privacy

Role of privacy pro on the incident response team

Maturity of privacy program

Relationships with regulators

Privacy working group

Budget of privacy team

Privacy certification, individuals

Privacy certification, organizational

Outside privacy counsel

Size of privacy team IT / INFOSECURITY

PRIVACY

25 30 40 50 60 70 80 90 100

87 92

85 84

78 89

75 88

72 84

53 53

50 64

46 61

46 50

3530

35 37

34 46

Data minimization

Data inventory/mapping

Privacy policies

Privacy impact assessments

Vendor management programs

Spend on information security-related technology

DATA retention policies

Employee monitoring

Spend on privacy-related technology

Website tracker scanning IT / INFOSECURITY

PRIVACY

30 40 50 60 70 80 90 100

75 80

74 75

70 77

69 72

65 77

64 77

64 69

52 56

48 61

33 48

Highest overall perceived importance (as ranked by those selecting 4 or 5):

Highest overall perceived importance(as ranked by those selecting 4 or 5):

Data Privacy Management (DPM) Solutions from TRUSTe

IAPP Accounts Payable Automation Presentation

iHelloCodeBased iApp [email protected]

How IT and Info Sec value privacy? Infographic from TRUSTe & IAPP

TRUSTe Online Security Guidelines v2.0

Privacy and Online Behavioral Advertising · 3 TRUSTe and Online Behavioral Adverting 2008 TRUSTe conducts first OBA consumer survey 2009 TRUSTe issues OBA best practices checklist

Global Privacy Enforcement Priorities | Webinar from TRUSTe

TRUSTe & Adap.tv OMMA Global NY

560 FEDERAL REPORTER. is, the, truste~

Truste Ppt

The Truste Proessiona - NYSSCPA

Weblogic Iapp Dg

Deploying the F5 Analytics iApp Template · Deploying the F5 Analytics iApp Template ... Click the Browse button, and then browse to the location you saved the iApp file. 11. Click

TRUSTe Data Privacy Management Solutions Overview Brochure

TRUSTe Assessment Manager

Steps to prepare for TRUSTe EU certification

TRUSTe APEC Privacy Framework Report

802.11f - IAPP

EU Cookie Directive Compliance By Truste October 2012

IAPP Application Workshop

2016 IAPP TRUSTe Privacy and Infosec Report

TRUSTe - Privacy Data management

TRUSTe Transparency Report 2013

DPS TRUSTE Pitch-a-Kucha

Online Behavioral Advertising (OBA) in EU from TRUSTe

TRUSTe Mobile Privacy Report

Overview of IAPP TA

2015 IAPP Briefing Binder

TRUSTe 2011 Consumer Behavioral Advertising Survey Results

TME TESTE NUSTR Y TRUSTE Transmission Report

TRUSTe Certification & APEC

Diameter Iapp Dg

TRUSTe Transparency Report 2011

Deploying the F5 Analytics iApp Template · 2020-04-01 · F5 Deployment Guide 6 F5 Analytics Getting Started with the iApp To begin the iApp Template, use the following procedure

IAPP Resources COVID-19€¦ · This infographic breaks down the major topics related to COVID-19 and privacy, while connecting back to the IAPP Resource Center to help you locate