It’s been more than three years since the EU’s General Data Protection Regulation (GDPR) went into effect, and over two-thirds of the world’s countries have now enacted privacy laws. The ongoing COVID-19 pandemic has presented challenges in keeping personal data safe, and most have reaffirmed their commitment to privacy’s requirements and principles. Even more importantly, customer requirements and business value have driven organizations to ensure data is well protected as privacy has become mission critical for organizations around the world.
Today, Cisco released its 2022 Data Privacy Benchmark Study, our fifth annual review of key privacy issues and their impact on business. Drawing on responses from more than 4900 organizations in 27 geographies, the findings show that organizations have increasingly integrated privacy into many of their most important processes, including sales motions, management metrics and review, and certain employee responsibilities.
Customers Driving the Need for Privacy
Privacy has become table stakes for business today. Ninety percent of organizations say their customers would not buy from them if they did not adequately protect customer data. And 91% say that external privacy certifications, like ISO 27701, have become an important factor in their buying process. This also has translated into a management priority, as 94% of organizations are reporting one or more privacy metrics to their Board of Directors.
Privacy laws provide important reassurances for companies doing business together. While the new privacy regulations come with added cost and effort, organizations are increasingly recognizing the value of these protections and are overwhelmingly supportive of these laws. Amazingly, 83% of respondents around the world believe the privacy laws have had a positive impact, versus only 3% who believe they’ve had negative impact.
Privacy responsibilities are also no longer limited to lawyers and privacy professionals. Nearly one-third of security professionals now identify “data privacy” as a core area of their responsibility, second only to “Detecting and Responding to Threats.”
Business Value: Budgets Higher and ROI Remain Strong
Accelerated by the needs of the pandemic and new legislation, privacy budgets increased 13% last year to $2.7 million from $2.4 million for the average organization. Estimated benefits from privacy also increased from $2.9 million to $3.0 million, and the increases were particularly strong with small- to medium-sized businesses. On average, organizations are getting benefits worth 1.8 times their privacy investment. Thirty-two percent of respondents are getting benefits at least 2 times their privacy investments, and only 19% are estimating they are not breaking even.
Interestingly, organizations who see themselves as more privacy mature are getting higher returns than others. The most privacy-mature organizations are averaging returns of 1.97 times, compared with 1.53 for the least privacy-mature organizations.
Responsible Artificial Intelligence (AI)
Organizations recognize they have a responsibility to use data ethically and appropriately, and most say they have processes in place to ensure any use of personal data, including automated decision making, meets customer expectations. On the other hand, over half of consumers express concerns about how their data is being used in AI today, with many saying they will trust organizations less that use automated decision-making with personal data. Hence, it’s an area to which organizations need to pay close attention.
This research suggests organizations should continue to invest in building privacy capabilities, particularly among security and IT professionals, and those who work with personal data. Transparency is particularly important to customers, and organizations need responsible frameworks and governance over their use of personal data, especially when applied in AI.
Also see our New Trust Standard – a framework for demonstrating and communicating trust and accountability with respect to data.
All this and more can be found on the Cisco Trust Center.
Author Robert Waitman is director, data privacy, security & trust organization, at Cisco Systems. Read more Cisco guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.