Study: Personal Data Exposed Frequently

Eighty-five percent of privacy and security professionals say a reportable data breach occurred in their organizations in the last year

Dark Reading Staff, Dark Reading

December 11, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

NEW YORK -- Personally identifiable information (PII) of customers and employees is being exposed -- frequently and repeatedly – potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey by Deloitte & Touche LLP (“Deloitte”) and the Ponemon Institute LLC.

A shocking 85 percent of privacy and security professionals in North America surveyed acknowledged having at least one reportable data breach of PII within their organizations during the last 12 months, according to the “Enterprise@Risk: 2007 Privacy & Data Protection Survey.” More alarming is the fact that 63 percent acknowledged multiple reportable data breaches occurred within their organizations during the same period. As a result, privacy and security professionals continue spending most of their privacy-focused time on incident response and relatively little time on more proactive activities, such as strategy, training and root cause analysis.

More than 800 North American privacy and security professionals responded to the online survey sponsored by Deloitte and the Ponemon Institute, which was conducted to better understand the emerging privacy function. The survey, now in its second year, analyzed the roles, activities and time allocation preferences of dedicated privacy and security professionals, as well as their organizational status and reporting relationships. Specifically, respondents were asked to describe actual versus “ideal” time spent on activities and requirements to effectively manage and protect personal data in the enterprise.

“Frankly, I’m shocked by the high percentage of PII data breaches we’re seeing occur within organizations. This survey provides insight into the scale of the problem and how enterprises are struggling to respond. It’s clear that both privacy and security professionals are caught in a reactive cycle, and they agree on the need to move to a more proactive stance,” said Rena Mears, Deloitte global and U.S. privacy and data protection leader.

Deloitte & Touche USA LLP

Read more about:

2007

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights