Ethics Newsline®

A weekly digest of worldwide ethics news
Published by the Institute for Global Ethics®

“Reportable and Multiple Privacy Breaches Rising at Alarming Rate”

Dec 31st, 2007 • Posted in: Research Report

Survey finds 85 percent of privacy and security professionals ‘acknowledge a reportable data breach occurred within their organizations in the last year’

From Deloitte & Touche and the Ponemon Institute:

“Personally identifiable information (PII) of customers and employees is being exposed — frequently and repeatedly — potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey by Deloitte & Touche LLP (’Deloitte’) and the Ponemon Institute LLC.

“A shocking 85 percent of privacy and security professionals in North America surveyed acknowledged having at least one reportable data breach of PII within their organizations during the last 12 months, according to the ‘Enterprise@Risk: 2007 Privacy & Data Protection Survey.’ More alarming is the fact that 63 percent acknowledged multiple reportable data breaches occurred within their organizations during the same period. As a result, privacy and security professionals continue spending most of their privacy-focused time on incident response and relatively little time on more proactive activities, such as strategy, training and root cause analysis….

” ‘The astonishingly high rate of data breaches is undermining public trust in both commercial and governmental organizations and points to an urgent need for privacy and security to be elevated as a coordinated, strategic imperative within all organizations,’ said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. ‘Our research suggests that privacy and security are still largely reactive, siloed functions; this mindset needs to change immediately if we are to stem the swelling tide of data breaches plaguing consumers and enterprises.’

“Additional key findings and analysis include:

  • “Only slightly more than 7 percent of a professional’s time is allocated to employee training and no more than 10 percent is allocated to establishing an incident response team, management reporting and conducting root cause analysis….

“The survey pointed out a couple of realities. The privacy function is siloed between legal and compliance on one hand, and IT security on the other hand. The privacy program itself is still immature. And, there does not appear to be real integration with the risk function and business processes of the enterprise. Until that integration occurs, it is likely that privacy incidents and reportable data breaches will continue….”

For the full press release, Dec. 11, click here.

Editor’s Note: Deloitte is a corporate sponsor of Ethics Newsline®.

Print This Story Print This Story Email This Story Email This Story