IT disaster recovery, cloud computing and information security news

Organizations are still not doing enough to protect data privacy

Many organizations are not taking all the necessary steps to protect data privacy, according to new findings released from PwC’s 2018 Global State of Information Security Survey (GSISS).

Less than half of respondents (49 percent) say their organization limits collection, retention, and access of personal information to the minimum necessary to accomplish the legitimate purpose for which it is collected. Only 51 percent of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. And only 53 percent require employees to complete training on privacy policy and practices.

When it comes to third parties who handle personal data of customers and employees, less than half (46 percent) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46 percent) say their organization requires third parties to comply with their privacy policies.

The survey draws on responses of 9,500 senior business and technology executives from 122 countries.

Businesses in Europe and the Middle East generally lag behind those in Asia, North America, and South America in developing an overall information security strategy and implementing data-use governance practices.

PwC expects emerging improvements in authentication technology, including biometrics and encryption, to increasingly help business leaders build trusted networks.

PwC also expects increased pressure on industry to encrypt data for protection, which will drive related investments. Among financial sector respondents, 46 percent say they plan to increase investment in encryption this year.

Less than a third (31 percent) of 2018 GSISS respondents say their corporate board directly participates in a review of current security and privacy risks. For organizations worth more than $25 billion the figure is only slightly higher (36 percent).

Paul O'Rourke, PwC’s Asia Pacific Cybersecurity and Privacy Leader comments: “Organizations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management. Without a solid understanding of the risks, boards are not well positioned to exercise their oversight responsibilities for data protection and privacy matters.”

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.


A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.