Many organizations fear their privacy activities are insufficient: Gartner

Welcome Guest	Login \| Register \| Site Map \| \| Make TelecomTiger my homepage

Telecom News

Enterprise | Policy & Regulation | Mobiles & Tabs | Corporate | VAS | People Movement | Technology | LTE

Technology
Many organizations fear their privacy activities are insufficient: Gartner
TT Correspondent \| \| 26 Sep 2013

The perceived level of maturity attached to organizations' privacy activities has decreased since 2011, as many organizations deem their existing privacy activities to be inadequate, according to a survey by Gartner, Inc. (Whitepaper:- Cisco® ONE: Cut Costs, Boost Agility) The survey found that 43 percent of organizations have a comprehensive privacy management program in place, while 7 percent admitted to "doing the bare minimum" regarding privacy laws. "More than a third of organizations still 'consider privacy aspects in an ad hoc fashion' and it is surprising that so many companies are saying that they are not conducting privacy impact assessments before major projects. Sixty-two percent do not scan websites and applications, or conduct an organization-wide privacy audit every year. Organizations must put these activities on their to-do list for 2014," said Carsten Casper, research vice president at Gartner. (Whitepaper:- Cisco® ONE: Traffic Visualization and Control) These results are based on 221 respondent organizations surveyed in April and May 2013 in the U.S., Canada, the U.K. and Germany that are responsible for privacy, IT risk management, information security, business continuity or regulatory compliance activities. "Organizations continue to invest more in privacy due to ongoing public attention and a number of new or anticipated legal requirements," said Casper. "They also show that previous investments have not always paid off and that organizations need to refocus their privacy efforts if they want to raise the maturity level of their privacy programs back to that of 2011." (Whitepaper:- Cisco® ONE: The Value of Advanced Flow Control) Casper added that many organizations are looking to boost their privacy activities through increased staffing and budgets to initiate comprehensive privacy programs to deal with cloud, mobile, big data and social computing challenges. Creating the right staffing model is crucial to the long-term success of privacy programs and central to that is the role of a privacy officer. "Gartner's consistent observation is that privacy programs are only successful if someone is driving them. Almost 90 percent of organizations now have at least one person responsible for privacy. However, having privacy programs that are owned by this individual is still not the norm," said Casper. "Only 66 percent of survey respondents said they have a defined privacy officer role although the number is as high as 85 percent in Germany and similar countries where this role is a legal requirement." Casper added that a privacy officer should have broad expertise and solid relationship management and communication skills, because they must monitor a variety of (sometimes conflicting) business and IT requirements and collaborate with different internal and external business functions. In larger organizations, privacy officers will not only require a budget and a team, their success is also dependent on support from senior management. Fortunately, it seems that the need to address privacy concerns more decisively is already being reflected in the amount of investment by organizations. Thirty two percent of survey respondents said that their organizations have increased privacy-related staff from 2012 to 2013, the most significant increase since Gartner started its privacy surveys in 2008. Once the right team is in place, businesses must prioritize privacy programs as the number one objective. This will enable effective monitoring of privacy-related performance and allow suitable adjustments processes and technologies, particularly for data masking, encryption, data storage and document retention. The handling of personal information for employees, customers and citizens tops the list of requirements respondents believe should be included in a privacy program. Some organizations concerned about violating domestic privacy laws and the risk to their reputations, do not store personal data in locations where it can be seized by foreign authorities or is at great risk from cyber attacks. However, central global storage of personal data is becoming increasingly widespread. For the first time this year, more organizations stored their customer data in a central global place rather than in a regional or local data center, which was the dominant model previously. The survey found that 38 percent of organizations transform personal data before transmitting it abroad (with masking, encryption or similar), thus keeping sensitive data local, while allowing some functionality abroad. This is the preferred option compared to domestic storage (29 percent), remote storage with only local access (27 percent) and with a focus on legal protection (22 percent). "When storing and accessing personal data, organizations face a number of options. They can store data locally or in a low-cost country, allow access to domestic or remote staff, use a provider for application management or for infrastructure management, or implement legal and technical controls, such as data masking, tokenization and encryption," said Casper. "There is no right or wrong answer. Organizations have to decide which type of risk they want to mitigate, how much money they want to spend and how much residual risk they are willing to accept." Whitepaper:- Advanced Flow Control Whitepaper:-Traffic Virtualization and Control

mail this article

print this article

Show and Post comment

26 Sep 2013(IST)

Comments

Comment

Your comments are Welcomed.

Name (required)

Enter Name Please

Email address (required)

Enter Email Please Enter Valid Email

Enter Below Code :

Related Stories
64% of organizations have invested or plan to invest in big data in 2013: Gartner
Cabinet approves AP proposal for setting up Information Technology Investment Region in Hyderabad region
ZyXEL leads industry on DSL broadband technology
Mobile app stores annual downloads to reach $102 Billion in 2013: Gartner

Whitepaper

Maintain Business Continuity with Cisco ASR 9000 nV Technology
It is a virtual chassis solution where a pair of ASR 9000 routers acts as a single device by maintaining a single contr...read more


Simplify Your Network with Cisco ASR 9000 nV Technology
With the new Cisco Network Virtualization (nV) technology in the Cisco ASR 9000 Series Aggregation Services Routers, se...read more


Cisco Small Cell Solution: Reduce Costs, Improve Coverage
It is designed to address the challenge of mobile service coverage and to expand network capacity...read more