- 41% of global respondents cite lack of competent resources as a major obstacle faced by an organization to form a privacy program
February 09 2022: At a time when data protection and data privacy are of paramount importance, new research from ISACA released during Data Privacy Month explores the latest issues and opportunities in enterprise privacy—from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust.
The report, which examines responses from the global ISACA State of Privacy survey conducted in late 2021, highlights the persistent understaffing that is impacting enterprise privacy teams. Respondents in India indicate that they have unfilled positions in both legal/compliance (31 percent) and technical privacy roles (43 percent). At a global level this issue has only worsened since last year. On the same note, among India-based respondents, 21 percent indicate that it takes anywhere between three and six months to fill positions for legal/compliance privacy roles, while 25 percent of the respondents have indicated a similar time frame for filling open technical privacy positions. To overcome the skill gap, 50% of the respondents in India have indicated they train non-privacy staff who are interested in moving into privacy roles.
A high percentage (41 percent) of the global respondents cite a lack of competent resources as a major obstacle faced by an organization in its ability to form a privacy program. Close on the heels (40 percent) was the lack of clarity on the mandate, roles and responsibilities.
Given the current emphasis and importance on data protection and privacy, respondents also largely expect that privacy professionals will only become more in-demand, with 72 percent of the global respondents anticipating increased demand for technical privacy roles and 63 percent expecting increased demand for legal/compliance roles. In seeking professionals to fill these roles, respondents worldwide indicate they are looking for three key things: compliance/legal experience (62 percent), prior hands-on experience in a privacy role (56 percent) and technical experience (48 percent). However, they indicate that candidates do not always have the skills required for these roles, citing these top three most common skills gaps:
- Experience with different technologies and/or applications (64 percent)
- Understanding the laws and regulations to which an enterprise is subject (50 percent)
Experience with frameworks and/or controls (50 percent)
- Lack of technical experience (46 percent)
“People are an essential component of any privacy program, both the privacy professionals driving the work forward and employees across the enterprise who follow good data privacy practices,” says Safia Kazi, ISACA Privacy Professional Practice Advisor. “Enterprises need to sufficiently invest in their privacy programs and teams, not only to retain privacy staff and upskill talent to fill open roles, but to also prioritize privacy training efforts to ensure all employees are supporting privacy initiatives.”
When it comes to privacy training at enterprises, most (71 percent) global respondents perceive privacy training to have a positive impact. However, the survey finds that many may approach it as a “check the box” exercise, with nearly 70 percent indicating that they evaluate the success of a privacy training program by looking at the number of employees who complete the training rather than measuring the efficacy of the training.
“An increased vulnerability to cybersecurity attacks and data breaches as more people work and interact online during the pandemic has put the spotlight even more on data privacy and data protection,” says RV Raghu, director at Versatilist Consulting India Pvt Ltd, and member of the ISACA Emerging Trends Working Group. “Data compromises can cost crores of rupees to an organization coupled with loss of customer trust and reputational damage, and it takes workforce skilled in technical privacy measures to stay ahead of these threats. The Privacy in Practice 2022 survey report illustrates just how vital it is for organizations to fill these positions and devote resources to data privacy.”
Regarding additional privacy controls that organizations use over and beyond what may be legally required, encryption tops the list with 76 percent of global respondents, followed by identity and access management (74 percent) and data security (71 percent).
A webinar discussing the survey findings will be available to access online for free for a year at https://store.isaca.org/s/community-event?id=a334w000004cmroAAA.
A complimentary copy of the Privacy in Practice 2022 survey report and additional privacy resources and articles can be accessed at www.isaca.org/dataprivacy. Additional information on ISACA’s privacy resources, including the Certified Data Privacy Solutions Engineer™ (CDPSE™) certification, is available at www.isaca.org/cdpse. ISACA also hosts a Privacy group in its Engage online forums to discuss the topic and share best practices.