Data protection has quietly passeda tipping point. Although someleading organizations—especiallyin Europe and North America—havemade signifcant strides in securingsensitive data, many other enter-prises are slowly awakening to thereality that they are lagging in their data protection eorts.Confdential data—including custom-er inormation, business plans andfnancials—has become one o everyorganization’s most important assets. Yet technology advancements, newbusiness models and increasinglysophisticated and globally intercon-nected business processes have out-paced not only regulations designedto ensure the privacy and protectiono personal and other data but alsomany organizations’ own ability toeectively secure sensitive businessinormation.The resulting shortcomings, incritical areas ranging rom em-ployee training to technologyinrastructure, have made orga-nizations in both the private andpublic sectors extremely vulner-able to security breaches and themisuse o sensitive data, even asawareness o data privacy and pro-tection issues has increased amongbusiness leaders, regulators andconsumers. And there’s more atstake or these organizations thanregulatory fnes; as several high-profle data breaches over the pastew years have shown, reputationsand businesses can be ruined byinadvertent disclosures o custom-er or other confdential data. As the volume o data businessescollect, store and analyze increasesexponentially, many executiveteams fnd themselves in a precari-ous position: They can no longer assure customers that their personalinormation is sae rom misuse.“No matter how good a company is[at protecting data], there’s always apossibility that inormation will leakout,” says Larry Ponemon, chairmanand ounder o the Ponemon Insti-tute, a US privacy and inormationsecurity research group. “Companiescan never say the data they collectabout you is perectly secure. Butthey can be good at managing or mitigating the risk.”
Intentions versus reality
Given the importance o the issue, Accenture set out to study the cur-rent state o corporate data protectionand privacy. In two separate globalsurveys, we polled 5,500 businessleaders and more than 15,000 adultconsumers in 19 countries. Our objective was to understand howperceptions about data protection andprivacy—rom both business leadersand individuals—inorm and inu-ence data protection practices. Our research revealed important fndingsin fve key areas.
There is a notable difference between organizations’ intentions regardingdata privacy and how they actually protect it. This discrepancy createsan uneven trust landscape, which makes it particularly difcult for thosedoing business to trust that their data is being used by their counterpartiesin accordance with their expectations.
Although approximately 70 percento business respondents in our survey agreed that organizationshave an obligation to take reason-able steps to secure consumers’personal inormation, there wereseveral inconsistencies in their stated obligations about doing so.