Scribd Logo
Upload

Welcome to Scribd!

  • The State of Privacy 2023

    Uploaded by

    ttestxyz
    6 views42 pages
    The State of Privacy 2023

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The State of Privacy 2023

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views42 pages

    The State of Privacy 2023

    Uploaded by

    ttestxyz
    The State of Privacy 2023

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    THE STATE OF PRIVACY—2023

    JON BRANDT, CISM, CDPSE, CCISO, CISSP, PMP

    SAFIA KAZI, CIPT

    2
    2
    PLATFORM INFORMATION & QUICK TIPS

    • Download the presentation deck from the MATERIALS window.

    • Platform Windows can be hidden or expanded to fit your preference.

    • Submit questions in the Q&A window.

    • Use the HELP icon at the bottom for FAQ’s and system requirements.

    • Experiencing technical difficulties? Try REFRESHING your browser!

    3
    CPE CREDIT PROCESS
    LIVE EVENT & ON DEMAND RECORDING

    • You must view the live or recorded webinar for the required amount of time
    (50-minutes). Check the CPE Credit window to view the timer.

    • Your CPE Certificate will automatically appear in the ISACA CPE RECORDS
    tab on the MyISACA page after completing the required viewing time.

    • Please be patient. This process could take up to 48 hours for your CPE Certificate
    and the CPE credit to be applied to your account.

    • As a reminder, ALL ISACA webinars, the CPE credits and CPE certificates expire
    365 DAYS POST LIVE EVENT. Please make sure you save the appropriate
    documents to your personal records.

    4
    TODAY’S SPEAKERS

    Jon Brandt, Safia Kazi, CIPT


    CISM, CDPSE, CCISO, CISSP, PMP Principal, Privacy Professional
    Practices, ISACA
    Director, Professional Practices and
    Innovation, ISACA

    5
    AGENDA

    Learning objectives:
    - Understand the state of privacy staffing
    and strategies taken to address skill gaps
    - Explore privacy budgets and privacy
    program trends
    - Explain the role of privacy awareness
    training
    - Examine the impact of privacy laws and
    regulation
    - Describe trends in enterprises that practice
    6 privacy by design
    PRIVACY IN THE HEADLINES

    7
    PRIVACY HEADLINES

    Source: CNIL (French Data Protection Authority)

    Source: The New York Times

    Source: Security Week

    8
    SURVEY METHODOLOGY AND
    RESPONDENT DEMOGRAPHICS

    9
    DEMOGRAPHICS

    10
    DEMOGRAPHICS

    11
    PRIVACY STAFFING

    12
    PRIVACY STAFFING TRENDS

    13
    UNDERSTAFFING

    14
    TIME TO FILL OPEN PRIVACY POSITIONS

    Time to fill legal/compliance positions Time to fill technical privacy


    positions

    15
    FACTORS TO DETERMINE CANDIDATE’S QUALIFICATIONS

    16
    EXPERIENCE/SKILL DEFICITS
    - Lack of experience with different types of
    technologies and/or applications (63 percent)

    - Experience with frameworks and/or controls


    is a large skill gap (54 percent)

    - Understanding the laws and regulations to


    which an enterprise is subject (46 percent)

    - Lack of technical expertise (45 percent)

    17
    PRIVACY BUDGETS

    PRIVACY FUNDING
    Do not know
    14%

    Significantly or
    somewhat overfunded
    7% Somewhat or
    significantly
    underfunded
    43%

    Appropriately funded
    36%

    18
    PRIVACY PROGRAM TRENDS

    19
    ACCOUNTABILITY FOR PRIVACY

    20
    OBSTACLES TO FORMING A PRIVACY PROGRAM

    21
    PRIVACY’S INTERACTION WITH OTHER Frequency of meetings
    AREAS between technical and
    legal/compliance privacy
    Departments privacy teams interact with:
    professionals
    - Information security (32 percent)

    - Legal and compliance (29 percent)

    - Risk management (22 percent)

    22
    BOARDS OF DIRECTORS AND PRIVACY

    BOARDS' PRIVACY PRIORITIZATION


    Adequately prioritizes privacy
    Does not adequately priorize privacy
    Do not know
    Not applicable

    3%
    20%

    55%

    22%

    23
    MONITORING PRIVACY PROGRAMS

    24
    PRIVACY AWARENESS TRAINING

    25
    PRIVACY AWARENESS TRAINING

    26
    EVALUATING PRIVACY AWARENESS TRAINING

    27
    PRIVACY FRAMEWORKS, LAWS
    AND REGULATIONS

    28
    FRAMEWORKS USED TO MANAGE PRIVACY

    For 73 percent of respondents, it is mandatory to address privacy with documented


    privacy policies, standards and procedures.

    Top 3 frameworks and regulations most commonly used to manage privacy:

    • General Data Protection Regulation (GDPR): 50 percent

    • US National Institute of Standards and Technology (NIST) Privacy Framework: 46


    percent

    • ISO/IEC 27002:2013 Information technology—Security techniques—Code of


    practice for information security controls: 36 percent

    29
    DATA-SUBJECT REQUESTS

    34 percent say the number of data-


    subject requests has somewhat or
    significantly increased

    30
    PRIVACY BREACHES AND
    FAILURES

    31
    COMMON PRIVACY FAILURES

    32
    PRIVACY BREACHES

    Has your organization


    experienced a material
    privacy breach in the last 12
    months?

    9% 11%

    17%

    63%

    Yes No Do not know Prefer not to answer

    33
    PRIVACY BY DESIGN TRENDS

    34
    PRACTICING PRIVACY BY DESIGN

    42 percent of
    respondents identified
    not practicing privacy by
    design as a common
    privacy failure

    35
    TRENDS AMONG ENTERPRISES THAT ALWAYS PRACTICE
    PRIVACY BY DESIGN

    36
    THE FUTURE OF PRIVACY

    37
    DEMAND FOR PRIVACY PROFESSIONALS

    IN THE NEXT YEAR, DO YOU IN THE NEXT YEAR, DO YOU


    SEE THE DEMAND FOR SEE THE DEMAND FOR
    LEGAL/COMPLIANCE TECHNICAL PRIVACY ROLES
    PRIVACY ROLES INCREASING, DECREASING
    INCREASING, DECREASING OR REMAINING THE SAME?
    OR REMAINING THE SAME? Increasing No change Decreasing
    Increasing No change Decreasing Don't know Not applicable
    Don't know Not applicable

    7%1%
    2%
    9% 2%
    2%
    21%

    24%
    63% 69%

    38
    LIKELIHOOD OF EXPERIENCING A MATERIAL PRIVACY
    BREACH IN THE NEXT YEAR

    39
    PLANS TO USE AI FOR PRIVACY FUNCTIONS

    40
    QUESTIONS?

    41
    This training content (“content”) is provided to you without warranty, “as is” and “with
    all faults”. ISACA makes no representations or warranties express or implied, including
    those of merchantability, fitness for a particular purpose or performance, and non-
    infringement, all of which are hereby expressly disclaimed.

    You assume the entire risk for the use of the content and acknowledge that: ISACA
    has designed the content primarily as an educational resource for IT professionals and
    therefore the content should not be deemed either to set forth all appropriate
    procedures, tests, or controls or to suggest that other procedures, tests, or controls
    that are not included may not be appropriate; ISACA does not claim that use of the
    content will assure a successful outcome and you are responsible for applying
    professional judgement to the specific circumstances presented to determining the
    appropriate procedures, tests, or controls.
    Copyright © 2022 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced,
    modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).

    42
    THANK YOU FOR ATTENDING

    You might also like