SlideShare a Scribd company logo

Privacy Risk Study 2023 – Executive Summary.pdf

Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

risk

Technology
1 of 7
Download to read offline
PR!VACY R!SK STUDY 2023 EXECUTIVE SUMMARY
Privacy Risk Study 2023 | 3 Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics. Beginning in 2017, analysis from Form 10-K submissions — annual public disclosures required by the U.S. Securities and Exchange Commission — was added to highlight the impact of privacy risk disclosures and the extent organizations publicly detail their personal data processing and privacy regulation methods. Foreword This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Privacy Risk Study 2023 | 4 Table of Contents Foreword Previous Section | Next Section This year, instead of just relying on public disclosures, we asked senior privacy leaders to explain their risk management practices. We also highlighted the results of interviews held with senior privacy leaders through workshops and interviews. Ongoing regulatory change around the globe, new technologies (including artificial intelligence), and uncertainty from an inability to predict the future amplify privacy risks for organizations. This study explores some of the most significant privacy challenges faced by organizations and what those organizations do to manage enterprise privacy risks. We believe this study can aid in developing a roadmap for managing and mitigating many of the privacy risks identified. Sylvia Klasovec Kingsmill Global Cyber Privacy Leader, KPMG International Partner, KPMG Canada Saz Kanthasamy Principal Researcher, Privacy Management, IAPP
Privacy Risk Study 2023 | 5 Our analysis uses three discrete data sets: 1. Workshops held with senior privacy leaders in 2022. We asked participants to enumerate, rank, categorize and plot their privacy risks for the year. This information was then collected and analyzed to determine what kind of risks are top of mind for senior privacy professionals. 2. Interviews with privacy leadership from 14 variously sized organizations in 2022 and 2023. Participants, representing six different industry sectors and three continents, were asked a series of questions regarding four different domains of privacy risk. These answers were then entered into a standardized matrix to help us understand trends across participating organizations. 3. Annual reports, 10-K forms and other publicly available external disclosures from organizations from 2022 and 2023. Scope
Privacy Risk Study 2023 | 6 Executive Summary Whether it’s uncertainty in the ability to deliver on a privacy compliance program for the next year due to ongoing regulatory change, the challenge of obtaining and subsequently maintaining full compliance with proliferating, and even conflicting, privacy laws around the world, or uncertainty from inability to predict the future — organizations need to find ways to identify, assess, evaluate and treat privacy risk. In this climate, organizations increasingly have to grapple with a complex privacy risk environment fraught with regulatory and economic uncertainties. It is an environment replete with new and evolving harms through the proliferation of emerging technologies, changing consumer expectations on privacy, and increasing scrutiny on business initiatives and market trends. In this year’s report, privacy leaders identified geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations as some of the most significant challenges, revealing concerns about an increasingly fragmented and unpredictable world. Against this backdrop, we found organizations taking steps to manage enterprise privacy risks considered the following to support the identification, assessment, evaluation and treatment of privacy risk: Roles and responsibilities, methodology, technology, communications and continuous improvement. While the complexity, variety and scale may vary from organization to organization, all organizations that process personal data contend with privacy risk.
Privacy Risk Study 2023 | 7 Table of Contents Previous Section | Next Section Executive Summary → The five highest priority privacy risk domains identified by participants were data breaches, noncompliant third-party data processing, ineffective privacy by design implementation, inappropriate personal data management and insufficient privacy training for employees. → The most common and most emerging privacy risk identified by participants was difficulty maintaining compliance across various regulatory regimes with differing and/or evolving requirements. → Additional top-ranked emerging risks included balancing data localization requirements with EU business needs, unintended consequences due to immaturity in managing the privacy risks that occur through the use of AI and privacy risks resulting from efforts to monetize data. → Regulation/compliance, data management and governance were the top three most common risk domains identified by participants. Key takeaways 64% 64% of organizations have a privacy risk management program that is fully integrated into their overall enterprise risk management program. 21% Only about 21% of organizations empowered the third line of defense to undertake privacy audits. 50% Only 50% of organizations have an established privacy risk appetite. 30% Almost 30% of organizations use spreadsheet technology to help manage their privacy risk efforts. 83% 83% of organizations place some kind of privacy risk information in their annual report. 93% Almost 93% of organizations indicated privacy is a top-10 organizational risk, and 36% ranked it within the top five.
Privacy Risk Study 2023 | 40 Saz Kanthasamy Principal Researcher, Privacy Management, IAPP skanthasamy@iapp.org Brandon Lalonde Research and Insights Analyst, IAPP blalonde@iapp.org Joe Jones Director of Research & Insights, IAPP jjones@iapp.org Sylvia Klasovec Kingsmill Global Cyber Privacy Leader, KPMG International Partner, KPMG Canada skingsmill@kpmg.ca Follow the IAPP on social media D C Q E Published June 2023. IAPP disclaims all warranties, expressed or implied, with respect to the contents of this document, including any warranties of accuracy, merchantability or fitness for a particular purpose. Nothing herein should be construed as legal advice. © 2023 International Association of Privacy Professionals. All rights reserved. Contacts

Recommended

The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...Capgemini
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
The 2011 (ISC)2 Global Information
The 2011 (ISC)2 Global InformationThe 2011 (ISC)2 Global Information
The 2011 (ISC)2 Global Informationjtfoster
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity| paul young cpa, cga
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxjeanettehully
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxglendar3
 

Recommended

The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...Capgemini
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
The 2011 (ISC)2 Global Information
The 2011 (ISC)2 Global InformationThe 2011 (ISC)2 Global Information
The 2011 (ISC)2 Global Informationjtfoster
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity| paul young cpa, cga
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxjeanettehully
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxglendar3
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxtodd581
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016Edelman
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportTomas Imrich
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Let me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this yearLet me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this yearHernan Huwyler, MBA CPA
 
Sharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesSharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesThe Economist Media Businesses
 
Finding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in AsiaFinding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in AsiaThe Economist Media Businesses
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016Harmaldeep Cassam
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey Linedata
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Karlos Svoboda
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
cisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdfcisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdfAproximacionAlFuturo
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
Powering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth DataPowering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth Datadeepparekh3646
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
Insights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th editionInsights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th editionDeloitte United States
 
Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxEng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptxEng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 

More Related Content

Similar to Privacy Risk Study 2023 – Executive Summary.pdf

Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxtodd581
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016Edelman
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportTomas Imrich
 
Let me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this yearLet me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this yearHernan Huwyler, MBA CPA
 
Sharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesSharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesThe Economist Media Businesses
 
Finding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in AsiaFinding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in AsiaThe Economist Media Businesses
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016Harmaldeep Cassam
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey Linedata
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Karlos Svoboda
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
cisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdfcisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdfAproximacionAlFuturo
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONIJNSA Journal
 
Powering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth DataPowering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth Datadeepparekh3646
 
Insights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th editionInsights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th editionDeloitte United States
 

Similar to Privacy Risk Study 2023 – Executive Summary.pdf (20)

Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016
 
Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016Trust & Predictive Technologies 2016
Trust & Predictive Technologies 2016
 
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-ReportAccenture-2015-Global-Risk-Management-Study-Insurance-Report
Accenture-2015-Global-Risk-Management-Study-Insurance-Report
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
Let me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this yearLet me guess covid will be in all top risk studies this year
Let me guess covid will be in all top risk studies this year
 
Sharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesSharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breaches
 
Finding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in AsiaFinding their way: Corporates, governments and data privacy in Asia
Finding their way: Corporates, governments and data privacy in Asia
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
 
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
EY FIDS GLOBAL FORENSIC DATA ANALYTICS SURVEY 01142016
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
 
cisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdfcisco-privacy-benchmark-study-2023.pdf
cisco-privacy-benchmark-study-2023.pdf
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATIONQUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
 
Powering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth DataPowering Your ESG Ambitions WIth Data
Powering Your ESG Ambitions WIth Data
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
 
Insights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th editionInsights from the global risk management survey, 10th edition
Insights from the global risk management survey, 10th edition
 

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP (10)

Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
slide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdfslide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdf
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf
 
لعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdfلعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdf
 
Endpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdfEndpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdf
 
Ali Ababneh-CV.pdf
Ali Ababneh-CV.pdfAli Ababneh-CV.pdf
Ali Ababneh-CV.pdf
 
اداره 3.ppt
اداره 3.pptاداره 3.ppt
اداره 3.ppt
 
Privacy (1).pptx
Privacy (1).pptxPrivacy (1).pptx
Privacy (1).pptx
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Privacy Risk Study 2023 – Executive Summary.pdf

  • 2. Privacy Risk Study 2023 | 3 Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics. Beginning in 2017, analysis from Form 10-K submissions — annual public disclosures required by the U.S. Securities and Exchange Commission — was added to highlight the impact of privacy risk disclosures and the extent organizations publicly detail their personal data processing and privacy regulation methods. Foreword This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
  • 3. Privacy Risk Study 2023 | 4 Table of Contents Foreword Previous Section | Next Section This year, instead of just relying on public disclosures, we asked senior privacy leaders to explain their risk management practices. We also highlighted the results of interviews held with senior privacy leaders through workshops and interviews. Ongoing regulatory change around the globe, new technologies (including artificial intelligence), and uncertainty from an inability to predict the future amplify privacy risks for organizations. This study explores some of the most significant privacy challenges faced by organizations and what those organizations do to manage enterprise privacy risks. We believe this study can aid in developing a roadmap for managing and mitigating many of the privacy risks identified. Sylvia Klasovec Kingsmill Global Cyber Privacy Leader, KPMG International Partner, KPMG Canada Saz Kanthasamy Principal Researcher, Privacy Management, IAPP
  • 4. Privacy Risk Study 2023 | 5 Our analysis uses three discrete data sets: 1. Workshops held with senior privacy leaders in 2022. We asked participants to enumerate, rank, categorize and plot their privacy risks for the year. This information was then collected and analyzed to determine what kind of risks are top of mind for senior privacy professionals. 2. Interviews with privacy leadership from 14 variously sized organizations in 2022 and 2023. Participants, representing six different industry sectors and three continents, were asked a series of questions regarding four different domains of privacy risk. These answers were then entered into a standardized matrix to help us understand trends across participating organizations. 3. Annual reports, 10-K forms and other publicly available external disclosures from organizations from 2022 and 2023. Scope
  • 5. Privacy Risk Study 2023 | 6 Executive Summary Whether it’s uncertainty in the ability to deliver on a privacy compliance program for the next year due to ongoing regulatory change, the challenge of obtaining and subsequently maintaining full compliance with proliferating, and even conflicting, privacy laws around the world, or uncertainty from inability to predict the future — organizations need to find ways to identify, assess, evaluate and treat privacy risk. In this climate, organizations increasingly have to grapple with a complex privacy risk environment fraught with regulatory and economic uncertainties. It is an environment replete with new and evolving harms through the proliferation of emerging technologies, changing consumer expectations on privacy, and increasing scrutiny on business initiatives and market trends. In this year’s report, privacy leaders identified geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations as some of the most significant challenges, revealing concerns about an increasingly fragmented and unpredictable world. Against this backdrop, we found organizations taking steps to manage enterprise privacy risks considered the following to support the identification, assessment, evaluation and treatment of privacy risk: Roles and responsibilities, methodology, technology, communications and continuous improvement. While the complexity, variety and scale may vary from organization to organization, all organizations that process personal data contend with privacy risk.
  • 6. Privacy Risk Study 2023 | 7 Table of Contents Previous Section | Next Section Executive Summary → The five highest priority privacy risk domains identified by participants were data breaches, noncompliant third-party data processing, ineffective privacy by design implementation, inappropriate personal data management and insufficient privacy training for employees. → The most common and most emerging privacy risk identified by participants was difficulty maintaining compliance across various regulatory regimes with differing and/or evolving requirements. → Additional top-ranked emerging risks included balancing data localization requirements with EU business needs, unintended consequences due to immaturity in managing the privacy risks that occur through the use of AI and privacy risks resulting from efforts to monetize data. → Regulation/compliance, data management and governance were the top three most common risk domains identified by participants. Key takeaways 64% 64% of organizations have a privacy risk management program that is fully integrated into their overall enterprise risk management program. 21% Only about 21% of organizations empowered the third line of defense to undertake privacy audits. 50% Only 50% of organizations have an established privacy risk appetite. 30% Almost 30% of organizations use spreadsheet technology to help manage their privacy risk efforts. 83% 83% of organizations place some kind of privacy risk information in their annual report. 93% Almost 93% of organizations indicated privacy is a top-10 organizational risk, and 36% ranked it within the top five.
  • 7. Privacy Risk Study 2023 | 40 Saz Kanthasamy Principal Researcher, Privacy Management, IAPP skanthasamy@iapp.org Brandon Lalonde Research and Insights Analyst, IAPP blalonde@iapp.org Joe Jones Director of Research & Insights, IAPP jjones@iapp.org Sylvia Klasovec Kingsmill Global Cyber Privacy Leader, KPMG International Partner, KPMG Canada skingsmill@kpmg.ca Follow the IAPP on social media D C Q E Published June 2023. IAPP disclaims all warranties, expressed or implied, with respect to the contents of this document, including any warranties of accuracy, merchantability or fitness for a particular purpose. Nothing herein should be construed as legal advice. © 2023 International Association of Privacy Professionals. All rights reserved. Contacts