Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
The Costs, Causes and Consequences of Privacy Risk

The Costs, Causes and Consequences of Privacy Risk

Ratings: (0)|Views: 376|Likes:
Published by Edelman
Many companies are ignoring mounting consumer and regulatory concerns about data security and privacy.
Many companies are ignoring mounting consumer and regulatory concerns about data security and privacy.

More info:

Published by: Edelman on Nov 09, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





 Many companies are ignoring mounting consumer and regulatory concerns about data security and privacy.
Companies today are losing their customers,reputation and money because they are ailing toproperly manage data security and privacy in anenvironment ull o consumer expectations, securitythreats, critical media and regulatory action. Takentogether, now more than ever beore, a company’slicense to operate in the digital age is largelydependent on how it manages privacy and security.Consumers care more than ever about the securityand privacy o their personal data. As they areincreasingly asked to share more — and increasinglysensitive inormation — they are demanding to knowhow it is managed and protected. Eighty-ve percento consumers around the world eel businesses needto take data security and privacy more seriously,according to Edelman’s consumer privacy research.Seventy percent o consumers are more concernedabout these issues than they were ve years ago likelydue to the amount o inormation that is collected andshared about them online.Edelman’s study also demonstrated that thepremium on privacy is more than just a complianceor communications issue — it aects a company’sbottom line. Consumers say they would drop servicesi their personal inormation is accessed without theirpermission. Eight out o ten consumers would considerleaving a banking institution that did so, and nearly sevenin ten would leave a healthcare provider.I these mounting consumer concerns were notenough, companies nd themselves in increasinglycritical regulatory environments. Regulators aroundthe world are cracking down to ensure companiesare protecting customer inormation. In the UnitedStates, or example, the Federal Trade Commission isboosting enorcement o privacy and recently leveleda record $22.5 million ne or poor privacy practices.The Securities and Exchange Commission nowrequires all publically traded companies to disclosedata security or privacy incidents in their ilings,highlighting the signicant damage these incidentscan cause. In Europe, regulators are on the verge opassing legislation which will create a single regulatoryregime able to levy nes up to two percent o annualturnover or privacy violations.Further, not a week goes by without a company orentire industry in the news or an alleged privacyviolation. Every time a breach occurs the mediablasts it rom the headlines, questioning whetherconsumers can truly trust corporations to protecttheir inormation. The incident typically dominatesthe company’s media coverage or weeks, and
Three quarters of consuerswill stop usin an online shopif inforation was accessedwithout perissionLess than half of consuerstrust healthcare oranizationsto protect inforation
-Edelman DSP Group Study
causes many top news outlets to conduct in-depthinvestigations into the company’s business practices.This type o media scrutiny oten leads to attentionrom policymakers, which can spur additionalregulatory action or negative headlines.Despite all o these pressures and demands, companiesare struggling to manage the privacy practices thatcreate the most risk. Why?
“With the level o consumer, media and regulatory attentioncurrently ocused on privacy, businesses simply can’t aord to gamble with the reputational and fnancial damage that may result rom a security breach or other privacy incident.”  
-Pete Pedersen,Global Chair, Technology Practice, Edelman
To better understand how companies are managingprivacy, Edelman developed the Edelman PrivacyRisk Index
(ePRI) in partnership with the PonemonInstitute. This irst-o-its-kind study analyzed theleading actors o privacy risk and how 6,400 privacyand security executives in 29 countries and regionsacross 20 industries manage these issues.The ePRI ound that corporate proile (actors likeindustry and geographic ootprint) and a company’sprivacy practices were the best indicators o acompany’s risk or reputation or inancial damagedue to a privacy incident. It also ound that companiesin high-risk industries and markets are ailing toeectively implement strong privacy practices andmake the protection o consumer inormation acorporate priority.
A company’s prole contributes strongly to its privacyrisk. Companies ind themselves in very dierentstarting points based on the industry they are in,the markets where they operate, the size o theirorganization and the type o inormation they collect.The ePRI ound that companies operating in high-riskmarkets, inormation-intensive industries, or in morethan one country are particularly vulnerable to privacyincidents – much more so than their counterpartsoperating in low-data industries such as agricultureand in markets less ocused on privacy like Brazil.The ePRI ound that the eleven riskiest markets ordata privacy are all in Europe, due to its strong cultureo privacy and stringent regulations. Developingnations like Brazil and India, on the other hand, posesignicantly less concern. The ePRI also ound thatcompanies with a greater global ootprint tend to acehigher levels o privacy risk, since more markets meansincreased regulatory issues and cultural expectations.Thereore, even i a global company is based in a low-risk market, it could also have to manage privacy risksin a high-risk market where it has operations.The ePRI also shows that highly-regulated, consumer-acing industries such as nancial services, health andpharmaceuticals, and communications present thehighest levels o privacy risk. These industries acemore regulation and have a greater potential or losingsensitive inormation, as they collect so much more o it.While companies are not able to undamentallychange the risks caused by their business operations,it is essential or them to understand i they are athigher risk o an incident so they can change the riskactors they can control.
“Many o the ront line employees who are managingcompliance don’t believe that they have the necessary practices, protocols and behaviors in place to saeguard against fnancial or reputational damage.” -
Jules Polonetsky,Director and Co-chair of the Future of Privacy Forum
A company’s proile is just the start. What aremore important – and more easily altered – are acompany’s privacy practices. A business with a high-risk prole can signicantly impact its overall privacyrisk based on privacy practice management. Bestpractices include becoming more transparent aboutwhat a business does with employee and consumerinormation; prioritizing the privacy and the protectiono personal inormation; and, understanding thata data breach would adversely aect its reputationand nancial position – and then putting orth ampleresources to ensure it does not happen.Yet the ePRI ound that companies are not taking thesteps necessary to meet the privacy demands theyace. More than hal o the organizations surveyed orthe ePRI are not transparent about what they do withthe personal inormation they collect.Privacy departments at the organizations that madeup the ePRI lacked the resources and expertise neededto eectively address privacy concerns. An alarmingsixty-two percent say their organization does not havethe expertise or technology, and ty-ve percent saythey do not have adequate resources to eectivelymanage the privacy o personal inormation. This couldbe partially due to a lack o necessary leadership orbuy-in rom the top, but more than hal (60 percent)o respondents believe their organization does notconsider privacy a priority, and ty-three percent donot believe a data breach would not adversely impactcompany reputation.This lax attitude about privacy does not stop at thetop. The day-to-day employees, who oten handlesensitive inormation who are a major cause oincidents, are also not prepared. More than hal(57 percent) o companies think their employees donot understand the importance o security and privacy,while two-thirds do not proactively educate employeeson privacy issues.Despite calls rom regulators and consumersor companies to be more accountable or theinormation they collect and use, there is a major lacko transparency in many organizations. More than hal(57 percent) o respondents believe their companyis not transparent about what it does with employeeand customer inormation, and sixty-one percent areslow to respond to consumer and regulator complaintsabout privacy. 
“Senior business leaders need to assess their company privacy risk and avoid becoming a high profle example o the damage that results rom high profle misuse or loss o consumer data.” -
Jules Polonetsky,Director and Co-chair of the Future of Privacy Forum
Businesses can no longer shove data security andprivacy management to the side. Consumers, media andregulators simply won’t allow it, and the reputational and
Approxiately 2 out of 3copanies do NOT have theexpertise and technoloy toprotect personal inforationOver half do not have theresources needed to protect theinforation they collectAnd 61% say they are not quickto respond to custoer privacycoplaintsOver half of the oranizationssurveyed (57%) are nottransparent about what theydo with personal inforationcollected

Activity (17)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Leigh Nakanishi liked this
Edelman liked this
Edelman liked this
Leigh Nakanishi liked this
Leigh Nakanishi liked this
stephenkline liked this
Connor Lesniak liked this
Edelman liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->