Organizations are expected to invest more money to protect personal information in response to increased government regulation and enforcement and to stem the rising tide of risk, according to a new report released Wednesday by Ernst & Young.
The report, “Privacy Trends 2011: Challenges to Privacy Programs in a Borderless World,” found that companies will spend money in 2011 to hire highly skilled certified privacy professionals and invest in technical controls that monitor and manage external attacks and internal leaks from within the organization.
Stricter privacy laws are prompting more accounting firms to safeguard their clients' data (see Serious about Security).
“In an increasingly borderless business environment, protecting personal and professional information is a paramount concern,” said Bernie Wedge, who heads the Americas information technology risk and assurance practice at Ernst & Young. “New technologies associated with mobile communication, social networking and cloud computing have erased the boundaries of how we do business today, but while these new technologies provide tremendous opportunities, they also present new privacy risks for organizations and employees alike.”
In addition to increased investment, the report details several inter-related trends that affect organizational privacy. These include:
• Gradual transitioning to cloud computing that demands robust vendor risk management and third-party reporting capabilities to address privacy risks;
• Increasing use of mobile devices that should require organizational management of geo-location abilities;
• More and deeper internal audits and an increasing desire for an organization to obtain an external assessment against generally accepted privacy principles;
• Growing demands for service providers to obtain an independent assessment of their privacy and security practices;
• Social networking between the organization and customers, employees and job candidates, resulting in the development of further privacy protection policies; and,
• Evolving professional expectations, leading to privacy certifications in specific jurisdictions or industries.
The report also notes that as regulations concerning data protection and privacy are expected to
proliferate, companies must be certain their enterprise-wide privacy protection strategies meet current needs and anticipate future challenges.
The full report is available at www.ey.com.