Data privacy has gotten its fair share of attention these days, what with the high-profile data breaches that have taken place in recent months. Fittingly, PricewaterhouseCoopers released the results of its 2013 data privacy survey late last year, in which the 370 participants represented both board level members responsible for oversight of privacy programs within their organization and practitioners involved in day to day operations.
While some of the statistics were reassuring and showed that data privacy is growing in importance, it would appear that there's still a ways to go before it gets the amount of attention it deserves.
For instance, one of the many statistics indicated that the majority of respondents considered consumer privacy a "medium priority." By PwC's definition, this means that it's a business concern that gets "some attention."
That being said, what the statistics did not necessarily indicate is that a lot depends on the sector being discussed, said Carolyn Holcomb, a partner and leader in PwC's Risk Assurance Data Protection and Privacy Practice. Different areas like the financial and healthcare sectors clearly prioritize consumer privacy more than others. One example Holcomb gave was B2B companies that are, in essence, not part of the front line like retailers are.
"People in [sectors like financial or healthcare] will tell you that privacy is among their top 10 risks," said Holcomb. "It's when you expand that to other sectors that don't collect as much consumer information that you don't see as high of a risk."
But it's difficult to deny that privacy awareness isn't quite where it should be. Study results said that 47 percent of board members felt that while they were aware of privacy issues, they weren't aware of the impact they have on their organization (while an additional 13 percent said that they weren't even aware of the issues at all).
One possible reason for the lack of awareness is that, according to the study, 54 percent of board members admitted to relying on internal communications rather than one-on-one meetings to stay informed on privacy issues.
"Some of that is still related to a lack of education. Board education still has a way to go," said Holcomb in reference to the lack of face-to-face meetings. "Board members still aren't sure what they're missing. It goes back to that confusion that security and privacy are the same, so they see a security presentation and think they don't need anything else."
Sign up for CIO Asia eNewsletters.