New research from ISACA explores the latest trends in enterprise privacy—from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust.
The report, which examines responses from the global ISACA State of Privacy survey conducted in the third quarter of 2021, highlights the persistent understaffing that is impacting enterprise privacy teams. Respondents indicate that both legal/compliance (46 percent of respondents) and technical privacy roles (55 percent of respondents) at enterprises are understaffed, and the issue has only worsened since last year. Forty-one percent also report that the biggest challenge in forming a privacy program is a lack of competent resources.
However, just 25 percent note they have open privacy legal/compliance roles, and 31 percent indicate they have open technical privacy roles. Respondents also largely expect that privacy professionals will only become more in-demand, with 63 percent anticipating increased demand for legal/compliance roles and 72 percent expecting more demand for technical privacy roles.
In seeking professionals to fill these roles, respondents indicate they are looking for three key things: compliance/legal experience (62 percent), prior hands-on experience in a privacy role (56 percent) and technical experience (48 percent). A university degree is not necessarily a prerequisite—29 percent of respondents say that it is not an important factor when evaluating a candidate. However, respondents indicate that candidates do not always have the skills required for these roles, citing these common skills gaps:
- Experience with different technologies and/or applications (64 percent)
- Understanding the laws and regulations to which an enterprise is subject (50 percent) Experience with frameworks and/or controls (50 percent)
- Lack of technical experience (46 percent)
“People are an essential component of any privacy program, both the privacy professionals driving the work forward and employees across the enterprise who follow good data privacy practices,” says Safia Kazi, ISACA Privacy Professional Practice Advisor. “Enterprises need to sufficiently invest in their privacy programs and teams, not only to retain privacy staff and upskill talent to fill open roles, but to also prioritize privacy training efforts to ensure all employees are supporting privacy initiatives.”
Despite issues with staffing and skills gaps, 41 percent of respondents report they are very confident or completely confident in the ability of their privacy team to ensure data privacy and achieve compliance with new privacy laws and regulations. One in 10 respondents’ enterprises have experienced a material privacy breach in the last 12 months, consistent with last year’s results.
The survey report was discussed in depth in the free webinar, “The State of Privacy: 2022,” available on demand at http://store.yutb.net/s/community-event?id=a334w000004cmroAAA. A complimentary copy of the Privacy in Practice 2022 survey report and additional privacy resources and articles can be accessed at xhrj.yutb.net/dataprivacy. Additional information on ISACA’s privacy resources, including the Certified Data Privacy Solutions Engineer™ (CDPSE™) certification, is available at xhrj.yutb.net/cdpse. ISACA also hosts a Privacy group in its Engage online forums to discuss the topic and share best practices.