Corporate America’s top tech officials favor a privacy law even if they aren’t sure how to adhere to it.
Nearly four in five of corporate America’s top technology officials support a federal privacy law despite compliance concerns, according to a study released Tuesday.
The 2019 Data Privacy Maturity Study, conducted by Integris Software, analyzed responses from 258 mid to senior executives in IT, management and risk and compliance shops from U.S. companies with at least 500 people—though 70 percent of those surveyed worked for firms with more than $1 billion in revenue.
Despite significant enthusiasm for an overarching federal privacy law to replace a patchwork of state laws, fewer than four in 10 said their organizations could even fully comply with the European Union’s General Data Protection Regulation.
Amid a series of high-profile data privacy incidents, such as inappropriate use of corporate data by third parties, the survey suggests a majority of companies still don’t have a good handle on where their data is. And when they do, it’s complicated: Approximately 45% of respondents said they had to access more than 50 data sources to get a full inventory of their sensitive data. Fewer than half of those surveyed said they take an inventory of personal data more than one per year, or only in response to an audit.
“If you’re not taking a real-time inventory of personal data across all data source types, then you’re going to have huge blind spots when it comes to knowing what sensitive data is sitting in your organization,” Integris CEO Kristina Bergman said in a statement. “Point-in-time knowledge is obsolete within a day due to the constantly changing nature of data in a hyper-connected world.”
However, the complexities of their IT environments, 40% of respondents said they were “very confident” or “extremely confident” they could know exactly where their sensitive data lies.
The survey broke data privacy initiatives into five key data sources: structured data, unstructured data, semi-structured data, cloud-based apps and data in motion. Fewer than 17% of respondents included all five data types in their company’s data privacy initiatives.
“Whether it’s complying with regulations, contracts, or internal use policies, continuous defensibility boils down to knowing where your sensitive data resides and your ability to map that data back to data handling obligations.” Bergman said. “These survey results highlight the urgent need for companies to operationalize and automate their data privacy management programs to handle their mass volumes of private data and an increasingly diverse and complicated set of obligations.”
There were bright spots in privacy, however. More than 80% of respondents reported data privacy management funding, and nine in 10 said they had a privacy awareness program in place. In the wake of scandals in organizations like Facebook, 88% of respondents said they are increasing their data privacy management budgets over 2019, with one-third of organizations increasing those budgets by 25% or more.
NEXT STORY: The Race to Code the Curb