THE COSTS, CAUSES AND CONSEQUENCES OF PRIVACY RISK |
causes many top news outlets to conduct in-depthinvestigations into the company’s business practices.This type o media scrutiny oten leads to attentionrom policymakers, which can spur additionalregulatory action or negative headlines.Despite all o these pressures and demands, companiesare struggling to manage the privacy practices thatcreate the most risk. Why?
UNDERSTANDING PRIVACY RISK
“With the level o consumer, media and regulatory attentioncurrently ocused on privacy, businesses simply can’t aord to gamble with the reputational and fnancial damage that may result rom a security breach or other privacy incident.”
-Pete Pedersen,Global Chair, Technology Practice, Edelman
To better understand how companies are managingprivacy, Edelman developed the Edelman PrivacyRisk Index
(ePRI) in partnership with the PonemonInstitute. This irst-o-its-kind study analyzed theleading actors o privacy risk and how 6,400 privacyand security executives in 29 countries and regionsacross 20 industries manage these issues.The ePRI ound that corporate proile (actors likeindustry and geographic ootprint) and a company’sprivacy practices were the best indicators o acompany’s risk or reputation or inancial damagedue to a privacy incident. It also ound that companiesin high-risk industries and markets are ailing toeectively implement strong privacy practices andmake the protection o consumer inormation acorporate priority.
CORPORATE PROFILE RISK:WHAT DEFINES YOUR COMPANY
A company’s prole contributes strongly to its privacyrisk. Companies ind themselves in very dierentstarting points based on the industry they are in,the markets where they operate, the size o theirorganization and the type o inormation they collect.The ePRI ound that companies operating in high-riskmarkets, inormation-intensive industries, or in morethan one country are particularly vulnerable to privacyincidents – much more so than their counterpartsoperating in low-data industries such as agricultureand in markets less ocused on privacy like Brazil.The ePRI ound that the eleven riskiest markets ordata privacy are all in Europe, due to its strong cultureo privacy and stringent regulations. Developingnations like Brazil and India, on the other hand, posesignicantly less concern. The ePRI also ound thatcompanies with a greater global ootprint tend to acehigher levels o privacy risk, since more markets meansincreased regulatory issues and cultural expectations.Thereore, even i a global company is based in a low-risk market, it could also have to manage privacy risksin a high-risk market where it has operations.The ePRI also shows that highly-regulated, consumer-acing industries such as nancial services, health andpharmaceuticals, and communications present thehighest levels o privacy risk. These industries acemore regulation and have a greater potential or losingsensitive inormation, as they collect so much more o it.While companies are not able to undamentallychange the risks caused by their business operations,it is essential or them to understand i they are athigher risk o an incident so they can change the riskactors they can control.