Inside corporate privacy programs at Fortune 1000 companies
The International Association of Privacy Professionals (IAPP) released a survey of corporate privacy programs at Fortune 1000 companies. The survey found that while corporate investment in privacy is likely to increase, many privacy leaders feel their programs are relatively nascent and want greater influence over corporate decision-making.
Driven by exponential growth in cloud, mobility and big data analysis in the digital age, privacy has become an important issue companies must address as a core part of doing business. When faced with increasing levels of regulatory scrutiny on corporate privacy practices and growing consumer concern for protecting their personal information, companies find themselves grappling with managing a complex set of privacy requirements and expectations.
Just as companies evolve their business to take advantage of new technology trends, they are challenged with reconciling related privacy concerns.
“Understanding how several of the world’s largest companies are managing their privacy programs can help professionals across the board more effectively develop programs and advocate for the budget, tools and organizational influence they need to be successful,” said J. Trevor Hughes, CIPP, president and CEO of the IAPP. “The study showed that managing privacy in the ever-changing technological landscape with seemingly endless layers of regulation to comply with, cultural sentiments to accommodate and consumer expectations to satisfy requires strong privacy programs and leadership.”
Privacy budgets in the millions:
- Surveyed organizations had an annual privacy budget of $2.4 million, which equates to an average of $204 per $1 million in revenue. Privacy falls far short of the average security budget of $4.1 million in 2014 according to PwC’s Global State of Information Security Survey.
- Thirty-eight percent of respondents said they would likely increase their privacy budget an average of 34 percent with only 10 percent likely to experience budget contraction.
- Based on current spending levels and projected spending from respondents, privacy spending for the Fortune 1000 is expected to approach $3 billion in 2015.
- This projected increase in budget could be due in part to many programs being relatively nascent with only 26 percent of companies characterizing their programs as mature.
Privacy is a growing and lucrative profession at Fortune 1000:
- Privacy is a relatively lucrative profession with more than half of employees making more than $200,000 in base salary. Further, the profession is nearly equally split between women (48 percent) and men (52 percent), a ratio more rare in comparable technical fields.
- Many of the Fortune 1000 are looking to increase the number of employees focused on privacy issues. One third (33 percent) of organizations plan to increase fully dedicated privacy headcount or create positions with privacy as part of its responsibility in the next year.
- Extrapolating the average headcounts to the full Fortune 1000, then multiplying by the expected average increases, translates to a projected increase of 950 full-time privacy professionals with another 2,200 professionals with privacy as part of their responsibilities over the next year.
- Steep growth in the IAPP’s membership numbers – from 10,000 members in 2012 to a projected 20,000 at the end of 2014 – further shows this trend extends outside the Fortune 1000.
Increased CPO influence and integration with IT and security:
- There is a clear trend of privacy responsibilities being increasingly linked to security at companies.
- CPOs surveyed recognized the importance of integrating privacy with security. Ninety-three percent of respondents indicated having a close working relationship with information security colleagues and 79 percent report working with the broader IT organization.
- This close working relationship translates to significant influence over security and IT decision-making. A majority of respondents report satisfaction with their influence over IT (64 percent) and information security (61 percent) operations.