Many organizations lack the business behaviors and compliance practices necessary to adequately address growing consumer and regulatory concerns about data security and privacy, according to Edelman.
The comprehensive study of 6,400 corporate privacy and security executives was conducted by the Ponemon Institute, a leading independent research organization. The analysis spans 29 countries around the world, and is believed to be one of the largest studies of its kind ever fielded.
The Edelman Privacy Risk Index reveals a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk.
Lack of emphasis: Over half (57 percent) of respondents think their organization does not consider privacy and the protection of personal information to be a corporate priority. Six out of ten (61 percent) companies do not strictly enforce all levels of compliance with laws and regulations.
Lack of resources: Meanwhile, 62 percent say their organization does not have the expertise, training or technology, and 55 percent say the adequate resources, to protect personal information.
Lack of transparency: Over half (57 percent) of respondents believe their company is not transparent about what it does with employee and customer information, and 61 percent are slow to respond to consumer and regulator complaints about privacy.
The results are in stark contrast to the growing consumer and regulatory pressure on companies to handle personal data responsibly and securely. Companies will see increased regulatory scrutiny due to new legislation in the European Union, Latin America and Asia, as well as increased enforcement by the Federal Trade Commission in the United States.
Even more concerning is the potential loss of consumer trust. According to research undertaken by Edelman earlier this year, 85 percent of consumers around the world feel companies need to take data security and privacy more seriously, while 70 percent said they are more concerned about these issues than they were five years ago.
“The Edelman Privacy Risk Index findings shine a light on the worrying void between business’ privacy practices and consumer expectations about how their personal data is handled. From a communications and stakeholder engagement point of view, what is most concerning is the lack of clarity and transparency about these practices,” says Pete Pedersen, global chair, Technology practice, Edelman.
“With the growing level of consumer, media and regulatory attention currently focused on privacy, businesses simply cannot afford to risk the reputational and financial damage that may result from a lack of attention to this business critical need. Rather, we see an opportunity for businesses to grow confidence and trust in their brands through thoughtful privacy and data management,” offered Ben Boyd, global chair, Corporate practice, Edelman.
The research also highlighted a lack of awareness of the potential risks related to data security and privacy incidents. Over half (53 percent) of respondents think a data breach would not adversely impact their reputation or financial position, despite nearly three quarters (71 percent) of consumers saying they would leave a company after a data breach. Additionally, 57percent of organizations believe that employees do not understand the importance of privacy and two thirds do not make an effort to educate employees about privacy and security issues.