Privacy budgets soared in 2020, doubling to an average of $2.4 million

93% of organizations turned to privacy teams to help navigate the COVID-19 pandemic, a new Cisco report finds.

cisco-privacy.jpg

Image: Cisco

Data privacy has become a top area of responsibility for security professionals, and 34% of respondents to a survey indicated privacy is one of their core competencies and responsibilities.

Ahead of Data Privacy Day on Jan. 28, Cisco's 2021 Data Privacy Benchmark Report also finds that 74% of more than 4,400 security professionals surveyed last summer from 25 countries saw a direct correlation between privacy investments and the ability to mitigate security losses.

Perhaps not surprisingly, privacy budgets doubled in 2020 to an average of $2.4 million, and organizations now have more resources focused on privacy, according to the Cisco report.

SEE: COVID-19 workplace policy (TechRepublic Premium)

As the shift to remote working and living brought new security challenges and requirements that most organizations were not prepared for, a whopping 93% of organizations turned to their privacy teams to help navigate and guide pandemic response, the report said.

Further, privacy skills have become a core capability among the security professionals, and more than one third said it's one of their primary areas of responsibility, the survey found.

The pandemic has had a significant impact on the way people work and do things, "which puts a lot of stress on organizations" in terms of how they think about and share information about the coronavirus, said Robert Waitman, Cisco's director of data privacy.

Ninety-one percent of respondents said at least a quarter of their employees were working remotely and 59% said they were unprepared for the shift, as well as privacy and security obligations, Waitman noted.

Further, 60% said they were concerned that privacy protection of tools they were being asked to use "are not up to snuff … so it's a heavy lift for organizations to get there and privacy teams were called on to get their act together."

The research also found that data privacy became a top area of responsibility for security professionals with 34% of respondents stating that privacy is one of their core competencies.

"The biggest surprise … is how strongly privacy has been maintained," Waitman said. "We had a fundamental threat during the pandemic and many people held onto privacy. They helped guide organizational response."

People wanted very little change in protections despite the challenges they faced, he said. "That is a big deal," and foretells what the future holds. "As we get through this, privacy protections have been maintained and will be with us for a long time."

Top privacy concerns

In terms of specific use cases, 57% of respondents said they were supportive of employers' need for health information to keep their workplaces safe, but most other use cases were only supported by a minority of respondents, the report said.

These included location tracking, contact tracing, relaxing medical restrictions, disclosing information about infected individuals, and using individual information for research.

"Individuals continued to want any use of their personal data to be very limited and strictly controlled," the report said. "Their top concerns were consistent with fundamental privacy principles—transparency, fairness, and accountability. Specifically, they were worried that their data would be used for undisclosed, unrelated purposes, that it would be sold or shared with third parties for marketing purposes, or that it would not be deleted when it is no longer needed."

In terms of sharing data during the pandemic, 31% of respondents said they were concerned it would be used for unrelated purposes, while 25% felt their data will be shared too broadly with third parties, and 24% said the data would not be deleted or anonymized when no longer needed to combat COVID-19.

SEE: How to review App Privacy data on your iPhone, iPad, or Mac (TechRepublic)

A top concern individuals have had over the past few years has been the lack of transparency when it comes to what data is being collected and how it's being used, according to the report.

"Businesses and governments have not been as clear as they could be, and even when they try to be transparent, the complexity of the analytics, algorithms, insights, and inferences are often too complex for the general public to understand."

Nearly one-third of consumers are now taking matters into their own hands and have stopped buying from a company over their data policies or practices, according to the report.

According to the report, more organizations recognize the challenge, and 90% said "their customers will not buy from them if they are not clear about data practices and protection."  

Consumers wield a lot of power

Software development, telecommunications, and financial services are among the industries that scored the highest in the Cisco privacy study. Previously, health care and retail were near the top in the previous year's study but dropped, the company said.

Consumers have sent a message that they "are willing to leave a retailer or healthcare or service provider" over privacy issues, Waitman said. "That's where impetus is coming from—consumers and buyers are making sure businesses are doing the right things."

Also see