Integris Software 2019 Data PrivacyMaturity Study
Government mandates, data sharing agreements and spreadsheets sow confusion amid an avalanche of private data
1525 4th Avenue | 5th floor Seattle, WA 98101-1607 | +1 (206) 539-2145 | [email protected] integris.io
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Table of Contents
2
Executive Summary
Study Background and Methodology
Demographics
Firmographics
Data Privacy Management Budgets
Projects Impacted by Data Privacy Concerns
Data Sharing Agreements
Technical Data Privacy Maturity
Organizational Data Privacy Maturity
Regulatory Preparedness
Opinions on Federal Privacy Law, and Trust
About Integris Software
3
4
5
9
13
19
22
25
34
42
44
47
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Executive Summary
Companies are being inundated with data. A single bank transaction may get replicated across a hundred data repositories. Companies are constantly purchasing data from third parties to build better customer profiles. In addition, as companies consolidate through mergers and acquisitions, they acquire completely unknown datasets and data transfer agreements between business partners. In this environment, it’s no wonder that respondents’ data privacy programs scored much lower on technical maturity than on organizational maturity.
Key Findings:
Data privacy management overconfidence: 40% were Very or Extremely Confident in knowing exactly where sensitive data resides despite only taking inventory once a year or less; and a mere 17% of respondents are able to access sensitive data across five common data source types.
Data privacy impacts much more than regulatory compliance: Enforcing internal data handling policies like classification and retention was cited 69% of the time. Proving compliance with business obligations like data sharing agreements was cited by 63% of respondents. About one third of respondents cited the impact on M&A due diligence (34%) and data lake hygiene (32%). About a quarter of respondents (24%) viewed data privacy as impacting the delivery of AI / ML projects.
The proliferation of data sharing agreements: In the wake of the misuse of data sharing agreements like the one between Facebook and Cambridge Analytica, enterprises seem to be more aware of such agreements. 40% of respondents had 50 or more of these data sharing agreements in place. However, respondents reported being 43% more confident in their ability to be compliant compared to how they perceived their partners.
Data privacy management budgets reside in IT departments: About 50% of data privacy budgets are concentrated in IT departments. Technology leaders are increasingly being tasked with operationalizing their companies’ data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.
3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Study Background and MethodologyThis study seeks to understand how mid to large-sized US enterprises manage data privacy within their organizations, as well as their future plans. In February 2019 a web survey was emailed to members of an exclusive community of top business executives and IT decision makers. 258 respondents completed the survey, each of whom had to meet the following minimum criteria:
• Reside in the USA
• At least “Somewhat Knowledgeable” on how data privacy and data security are managed at their current company
• Mid to senior level professionals and executives
• 500 employees or more (62.4% had over 5,000 employees)• $25 million or more in annual revenue (69.38% had over $1
billion in annual revenue)• Functional roles/areas had to be in IT, general management,
or risk and compliance
Note: unless otherwise noted, N = 258
24.42%Extremely KnowledgeableIt’s part of my primary role
36.82%Somewhat Knowledgeable
38.76%Very KnowledgeableIt’s part of my role
What is your personal level of knowledge on how data privacy
and data security are managed at your current company?
4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
9.69%VP, SVP, EVP
23.26%Director, Sr. Director
28.29%Manager, Sr. Manager
Which one of these is the best fit to your current seniority level?
28.68%Senior Professional
DemographicsRespondents had to be, at a minimum, mid-level professionals.
10.08%C-Level Executives
5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsRespondents came from three key areas of the business:
1. Information Technology/Engineering (66.57%),
2. General Management/Strategy (18.41%) and3. Legal/Compliance/Risk Management (15.01%).
18.41%General Management / Strategy
66.57%Information Technology / Engineering
15.01%Legal / Compliance / Risk Management
Which one of the following is the best fit to your functional area /
department at your current company?
6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsRespondents saw themselves as taking on a range of roles with most having multiple roles as part of their mandate.
Over a third of respondents claimed privacy management fell into their primary role.
1.94%
28.29%
34.11%
28.29%
46.90%
48.84%
43.41%
36.05%
10.47%
38.37%
46.90%
Other
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 10% 20% 30% 40% 50% 60%
Which of the following falls into your primary role?Please select all that apply.
7
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsWithin their primary roles, most respondents had either primary/final decision making authority, or were on the decision making committee/had significant influence.
10.10%
25.93%
6.45%
7.14%
7.14%
9.09%
6.85%
9.09%
8.22%
8.26%
67.68%
55.56%
80.65%
73.21%
70.63%
68.60%
60.27%
71.59%
73.97%
72.73%
22.22%
18.52%
12.90%
19.64%
22.22%
22.31%
32.88%
19.32%
17.81%
19.01%
Risk and compliance
Legal
Business management
Software development
IT operations
Data infrastructure
InfoSec
Privacy management
Digital transformation
Data governance
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
I have little or no influence
I’m on the decision-making committee or have significant influence
You’ve mentioned that the following are a part of your primary role. Please indicate your personal decision making involvement for each within your current company:
I am the primary / final decision maker
8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Multiple departments impact decisions related to data privacy. Data privacy management is clearly a multidisciplinary endeavor.
1.55%
0.39%
28.29%
50.00%
43.35%
49.22%
58.91%
31.78%
31.01%
56.98%
60.47%
46.90%
Other
None of the above
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 10% 20% 30% 40% 50% 60% 70%
Which of the following roles / departments have an impact on decisions related to data privacy within your current company?
Firmographics
9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Firmographics
13.95%
16.67%
36.43%
32.95%
$25 to $250 Million
$250 Million to $1 Billion
$1 to $10 Billion
Over $10 Billion
0% 5% 10% 15% 20% 25% 30% 35% 40%
What was your company’s revenue in 2018?
1 0
Large enterprises were well represented with 69.38% of firms having over $1 billion in annual revenues.
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
10.46%
Work at organizations with between 500 – 1,000 employees
62.40%
Work at enterprises with 5,000 or more employees
27.13%
Work at companies with 1,000 to 5,000 employees
Approximately how many full-time
employees are employed by your
company at all sites and
locations? If unsure, please
provide your best estimate.
Firmographics
11
89.53% of firms had over 1,000 employees.
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
1.55%
6.59%
13.95%
15.89%
17.83%
20.93%
23.26%
None of the above
Government
B2B
B2C
Healthcare
Financial Services
Information Technology
0% 5% 10% 15% 20% 25%
What is your company’s primary industry?
FirmographicsHighly regulated industries were well represented:
• Financial Services (FinServ, Banking & Insurance) at 20.93%
• Healthcare (Healthcare, Pharma, or Medical Devices) at 17.83%
• Government at 6.59%
The remaining industries were:
• Information Technology at 21.32%
• Predominantly B2C industries at 17.03%(spread across automotive, consumer goods, hospitality & travel, e-commerce, food & beverage, media & entertainment, retail, utilities, and telecom/wireless)
• Predominantly B2B industries at 16.03%(spread across advertising, manufacturing, professional services, energy, mining & minerals, logistics, transportation, and distribution)
1 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsCompanies are dedicating serious resources to data privacy management. Although 24.03% of respondents didn’t know if there was a data privacy management budget, of those that did know, 80.10% had budgets dedicated to data privacy management.
80.10%Yes19.90%
No
Does your current company have a data privacy management
budget?
1 3
N = 196
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsAlmost a third of respondents (29.30%) didn’t know what their data privacy management budget was in 2018.
For those that did, budgets varied widely, from less than $100,000 to $5 million or more per year.
6.31%
32.43%
20.72%
18.02%
6.31%
16.22%
Less than $100k $100k to $500k $500k to $1M $1M to $2M $2M to $5M $5M or more0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
How much did you spend on data privacy management in 2018?Note: This includes spend on people, technology, consulting, etc.
1 4
N = 157
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsAbout half (49.68%) of data privacy budgets are concentrated in IT departments (InfoSec, data infrastructure, IT operations, and software development). 18.47% of budgets are concentrated in legal, risk, and compliance departments. Only 11.46% of data privacy budgets are concentrated in the privacy management department. In 10.19% of organizations, it’s not clearly defined.
Technology leaders are increasingly being tasked with operationalizing their companies’ data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.
1.27%
10.19%
1.27%
11.46%
17.20%
5.73%
24.20%
2.55%
0.64%
5.73%
12.74%
7.01%
Other
It is not clearly defined
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 5% 10% 15% 20% 25% 30%
In which department does the majority of data privacy budget reside?
1 5
N = 157
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsFinancial Services Cohort
Financial services had the majority of their data privacy budgets in InfoSec 25% of the time vs 14.88% for non financial services companies, and also had over double the proportion of respondents citing data infrastructure (11.11%) vs only 4.15% of the time for other industries.
13.89%
11.11%
25.00%
11.11%
8.33%
5.56%
2.78%
12.74%
11.11%
Other
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 5% 10% 15% 20% 25% 30%
In which department does the majority of data privacy budget reside?
1 6
N = 36
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsNon Financial Services Cohort
Non-financial services had their data privacy budgets in IT operations 28.93% of the time.
1.65%
1.65%
11.57%
14.88%
4.13%
28.93%
1.65%
7.44%
13.22%
5.79%
Other
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 5% 10% 15% 20% 25% 30% 35%
In which department does the majority of data privacy budget reside?
1 7
N = 121
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Budgets
0.78%
1.56%
4.69%
5.47%
54.69%
21.09%
7.81%
13.22%
1.56%
50% to 75% decrease
25% to 50% decrease
1% to 25% decrease
0% (no change)
1% to 25% increase
25% to 50% increase
50% to 75% increase
75% to 100% increase
Over 100%
0% 10% 20% 30% 40% 50% 60%
What approximate spend changes do you foresee in 2019?
Unsurprisingly, most organizations (87.49%) are increasing their data privacy management budgets in 2019. Almost one third (32.8%) of respondents are increasing their data privacy management budgets by 25% or more.
1 8
N = 157
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
2.22%
4.44%
23.89%
32.22%
33.33%
52.22%
52.22%
56.67%
60.56%
67.78%
69.44%
Other (please specify)
None of the above
Accelerating AI / ML projects
Scanning & tagging data flowing in and out of data lakes
Assessing risk in M&A transactions
Responding rapidly to breaches
Responding to data subject access requests
Staying in compliance when migrating apps to the cloud
Proving compliance with business obligations like data sharing
agreements
Proving regulatory compliance
Enforcing data retention and classification policies
0% 10% 20% 30% 40% 50% 60% 70% 80%
Which, if any, of your current company's projects are currently impacted
by privacy concerns? Please select all that apply.
Projects impacted by Data PrivacyThe current regulatory environment is driving urgency around
projects to prove regulatory compliance (67.44%), which
includes responding to what GDPR calls data subject access
requests or DSAR (51.55%), enforcing data retention and
classification policies (66.28%), and responding rapidly to
breaches (54.26%).
But data privacy impacts much more than regulatory
compliance efforts. When done right, data privacy
management supports the broader enterprise control
framework— regulations, policies, and contracts. For example,
proving compliance with business obligations like data sharing
agreements was cited by 62.79% of respondents.
1 9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Projects impacted by Data PrivacyData lakes ingest disparate pieces of customer data from a variety of sources. When combined, this data has the potential to reveal customer identities along with highly sensitive personal information. So, it’s no surprise that almost a third of respondents (32.95%) cited the impact of privacy for projects that scan and tag data flowing in and out of data lakes.
As data is acquired through the M&A process, data lakes and other datasets can become contaminated with unexpected, inappropriate, or problematic data. Increasingly (34.11%), M&A due diligence includes the inspection of the data being acquired. This allows organizations to properly evaluate the risk prior to merging large datasets.
Finally, when data is locked down for fear of misuse, data scientists don’t get timely access to the streams and feeds they rely on for their machine learning models.
So, it’s no surprise that AI / ML projects were cited by almost one in four respondents (24.03%).
2 0
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Now Integral to Data Protection
2 1
Privacy
What data is important and why
Security
How those policies get enforced
Data Protection
ProtectedUsableData
Discovery & Classification DSARs Alerting
Contracts PoliciesRegulations
Encryption NetworkSecurity Access Control
ActivityMonitoring Breach Response DLP/CASB
Forward looking organizations are treating privacy as part of a broader data protection strategy where privacy tells you what’s important and why, and security is the how.
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
40.33%
30.94%
23.76%
4.97%
50 or more 10 to less than 50 Less than 10 None0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
How many data sharing agreements does your current company have where data is either entering or leaving your organization?
Data SharingAgreementsAs noted previously, privacy issues on data sharing agreements, like the one that existed between Cambridge Analytica and Facebook, was a concern for 62.79% of respondents.
40.33% of respondents had 50 or more data sharing agreements in place.
Healthcare Industry Cohort
An analysis of the healthcare industry cohort (N = 46) revealed that 50% of healthcare firms had 50 or more data sharing agreements. That’s a variance of 28.93% more than the non-healthcare cohort (38.78%). This is probably due to the highly intertwined nature of the healthcare industry (EHRs, insurance, etc.).
2 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data SharingAgreementsRespondents were much more confident in their own ability to respect data sharing agreements than their partners’ ability to reciprocate in kind (there was a 43.08% increase in Very confident and Extremely confident levels in their own compliance efforts vs their partners).
Lack of confidence had an even higher variance with 84.08% more respondents being Not at all confident or Not so confident in their partners abiding by the terms of data sharing agreements vs their own compliance levels.
21.58%
43.98%
28.22%
5.81%
0.41%
Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
50.00%
How confident are you that your current company is using data in compliancewith the terms of your data sharing agreements?
2 3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data SharingAgreementsThere’s often a disconnect between what has been agreed to on paper by lawyers and what’s happening with the actual data, because the people who negotiate the contract differ from those shipping the data and/or there are no controls in place.
Also, the way contracts are written is not necessarily the way data is represented. The word "location" might appear in a contract, but the data set contains latitude and longitude values. Therefore, businesses must account for how data elements might be combined to fit the legal terms on their data sharing agreements.
14.10%
31.72%
42.73%
11.01%
0.44%
Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
How confident are you that your partners are using the data that you provideto them in compliance with your data sharing agreements?
2 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
0.78%
1.16%
4.26%
24.03%
37.98%
22.89%
I don't know
Not at all confident
Not so confident
Somewhat confident
Very confident
Extremely confident
0% 5% 10% 15% 20% 25% 30% 35% 40%
How confident are you in your current company’s ability toaccurately define what constitutes personal information?
Data Privacy ManagementTechnical MaturitySurprisingly, few surveyed (5.42%) expressed a lack of confidence in their company’s ability to define what is personal information. 37.98% said they were very confident and 31.78% said they were extremely confident.
Are respondents falling victim to overconfidence? We think so. Sensitive data has an evolving nature. What's considered a sensitive category or piece of data today may not be considered sensitive tomorrow, and vice versa.
Understanding derivative personal data is important, yet challenging. For example, food choices on a flight can infer religion.
Data flowing in and out of data lakes is also a blind spot for many respondents. Data lakes ingest disparate pieces of customer data from a variety of sources. When combined, this data has the potential to reveal customer identities along with highly sensitive personal information.
2 5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
87% of the US population can be identified using only their Zip Code, Gender, and Birthdate. *
*Source: https://dataprivacylab.org/projects/identifiability/paper1.pdf
2 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
13.43%
10.45%
20.90%
32.34%
22.89%
200 or more
100 to less than 200
50 to less than 100
10 to less than 50
1 to less than 10
0% 5% 10% 15% 20% 25% 30% 35%
How many company data sources does your current company need toaccess to get a defensible picture of where all sensitive data resides?
Data Privacy ManagementTechnical MaturityCompanies are being inundated with data. A single bank transaction may get replicated across a hundred data repositories. Companies are constantly purchasing data from third parties to build better customer profiles. In addition, as companies consolidate through mergers and acquisitions, they acquire completely unknown datasets and data transfer agreements between business partners.
In this environment it’s not surprising that almost half (44.78%) of respondents said they needed to access 50 or more data sources to get a defensible picture of where their sensitive data resides.
2 7
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
6.20%
6.20%
10.08%
1.16%
27.13%
49.22%
Other
We don't take an inventory of personal data
If audited, or in reaction to an event like GDPR
Once every 2 years
Once a year
Real-time
0% 10% 20% 30% 40% 50% 60%
How often do you update your inventory of
personal data and where it resides?
Data Privacy ManagementTechnical MaturityYet 44.57% of respondents take inventory of
personal data less than once a year or in reaction to
an audit.
2 8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
3.89%
8.40%
32.06%
43.51%
11.45%
2.29%
I don't know
Extremely confident
Very confident
Somewhat confident
Not so confident
Not at all confident
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
How confident are you in your current company’s understandingof exactly where personal data resides?
Cohort Analysis | NO real-time inventory
Manual, survey-based approaches don’t work in an environment of exploding, ever-changing data.
This cohort doesn’t take a real-time inventory of personal data or where it resides, yet 40.46% of them were Very Confident or Extremely Confident that they knew exactly where personal data resides.
This same group claimed that privacy concerns impacted projects typically characterized by data in-motion:
• 58.78% cited Proving compliance with business obligations like data sharing agreements
• 29.77% cited Scanning and tagging data flowing in and out of data lakes
• 19.08% cited Accelerating AI / ML projects
Data in-motion is going to be a blind spot for them on these projects, and their current levels of high confidence on knowing where personal data resides is likely unmerited.
Data Privacy ManagementTechnical Maturity
2 9
N = 131
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
0.79%
39.37%
41.73%
17.32%
11.45%
I don't know
Extremely confident
Very confident
Somewhat confident
Not so confident
Not at all confident
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
How confident are you in your current company’s understandingof exactly where personal data resides?
Cohort Analysis | Real-time inventory
Those that did take a real-time inventory were much more confident. 81.1% were Very Confident or Extremely Confident of their company’s understanding of exactly where personal data resides.
The bottom line? If you’re not taking a real-time inventory of personal data then how can you know what data is sitting in your organization? Point-in-time knowledge is obsolete within a day due to the constantly changing nature of data in a hyper-connected world.
Data Privacy ManagementTechnical Maturity
3 0
N = 127
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
50.66%
71.60%
53.13%
66.47%
86.86%
31.58%
21.89%
29.38%
24.55%
12.57%
2.15%
6.51%
17.50%
8.98%
0.57%
Data in motion (data flowing into a data lake, out of a Hadoopcluster, etc.)
Cloud-based Applications (Salesforce, Workday, etc.)
Semistructured data (XML and JSON)
Unstructured data (Google Drive, Email, etc.)
Structured data (Oracle, SQL, etc.)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Which, if any, of the follow data types are included in yourcurrent company’s data privacy initiatives?
Data Privacy ManagementTechnical MaturityContinuous defensibility to meet compliance requirements boils down to doing two things well:
1. Understanding where sensitive data resides across all data source types.
2. Mapping data back to existing data handling obligations.
Point one was a mixed bag among survey respondents. Traditional data sources like relational databases are included in most (85.84%) data privacy initiatives. Cloud-based applications had good coverage (70.48%), as did unstructured data (65.35%). But data in-motion appears to be the laggard at 50.25%.
Analyzed another way, an alarmingly low 16.67% of respondents were including all five data types in their company’s data privacy initiatives.
No plan in place to access Plan in place to access Accessible Today
3 1
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
51.90%
63.21%
81.14%
77.06%
61.14%
58.77%
61.14%
77.06%
39.05%
26.42%
16.67%
20.35%
28.91%
27.01%
28.91%
20.35%
9.05%
10.38%
2.19%
2.60%
9.95%
14.22%
9.95%
2.60%
Automated data discovery
Metadata management
Data loss prevention or other data security tools
Data governance
Data catalog
Automated survey and workflow
Homegrown scripts
All manual (e.g. surveys or spreadsheets)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
What tools/software do you use to discover and track thelocation of personal information? Please select all that apply.
Data Privacy ManagementTechnical MaturityThe vendor landscape for discovering and tracking the location of personal information is crowded, diverse, and confusing for buyers. Despite lots of tooling, only 16.67% of respondents are currently incorporating all five data types in their data privacy initiatives.
With so many DLP and other IT security vendors claiming to solve for regulations like GDPR it’s no wonder that respondents (81.14%) view these tools as helping them discover and track personal information. However, DLP is more about stopping insider threats and stopping end users from leaking out sensitive data (emailing it out).
77.06% of respondents reported using methods such as manually updated spreadsheets and surveys to track and inventory personal information while 61.14% rely on custom-written computer code.
Not in use nor plan Planning to use Currently Using
3 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Surveys:Inaccurate and Time Consuming
3 3
Regulations Contracts Internal
• Point in time
• Doesn’t scale
• Evolving definition of PI
• Streaming data is blind spot
Challenges
Oracle, MSSQL, MySQL, DB2
Hadoop, Snowflake
Microsoft 0365, Salesforce
Kafka, Amazon Kinesis
JDBC Connectors,RESTful API’s
Unstructured File SharesGoogle Drive,
Microsoft OneDrive
StructuredDatabases
Big Data SaaS Data-in-MotionAdditional Sources
Business Obligations
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityOrganizational maturity for data privacy management is higher and more consistent than technical maturity.
90% of respondents had a data privacy and awareness program in place.
90.00%Yes
10.00%No
Does your current company have a data privacy training and
awareness program?
3 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational Maturity81.62% had a process in place to evaluate the sensitivity of different datasets.
81.62%Yes
18.38%No
Does your current company have a process in place to evaluate the sensitivity of different data sets?
3 5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityAnd 93.36% have a process in place to identify and mitigate privacy risk.
93.36%Yes
06.64%No
Does your organization have a process in place to identify and
mitigate privacy risk??
3 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityOrganizations are also mature when it comes to handling customer consent, and communicating when things go wrong. 82.73% have policies, procedures, and mechanisms in place to track customer consent across channels.
82.73%Yes
17.27%No
Does your organization have policies, procedures, and
mechanisms in place to track customer consent across
channels?
3 7
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityAnd almost all of those surveyed (96%) have policies and procedures in place to respond to a data breach.
04.00%Yes
96.00%No
Does your current company have policies and procedures in place
to respond to a data breach involving personal data?
3 8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityYet when technology is reintroduced to the equation, numbers begin to drop. 67.74% have an automated way to discover whose data was breached. Not surprising given the lower levels of data privacy technical maturity as reviewed in the previous section.
67.74%
32..26%No
Does your organization have an automated way to discover whose
data was breached?
3 9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Team Size
An impressive 94.27% of respondents had data privacy teams in place, and over a quarter of respondents (28.19%) had data privacy teams of 25 or more.
20.70%
7.49%
19.38%
22.47%
15.42%
8.81%
5.73%
50 or more
25 to less than 50
10 to less than 25
5 to less than 10
3 to less than 5
Less than 3
We don't have a data privacy team
0% 5% 10% 15% 20% 25%
How many employees are a part of your data privacy team? Note: Teamcan include full-time, part-time employees as well as consultants.
Data Privacy Management Organizational Maturity
4 0
N = 227
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityTeam Meeting Cadence
About a third of data privacy teams (32.65%) meet at least once a week. About a fifth (20.41%) admitted to meeting once a quarter or less. Infrequent collaboration could be a leading indicator to data privacy vulnerability, especially given that so many departments/roles have a stake in data privacy management.
8.80%
1.39%
12.04%
18.98%
25.46%
11.57%
It is not fixed
Once a year
Once every quarter
Once every 2 weeks
Once a week
More than once a week
0% 5% 10% 15% 20% 25% 30%
How often do team members meet to discuss data privacy?
4 1
N = 216
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
InternationalRegulatoryPreparednessOf companies that agreed that these international regulations applied to them, respondents were best prepared for GDPR with 35.85% scoring themselves as Fully Prepared. Very few respondents scored themselves as unprepared (1.42%).
Respondents were fully prepared for GDPR at more than double the rate than for the Australian (14.71%), Japanese (16.67%), and Chinese (14.04%) privacy laws. Levels of unpreparedness were also much higher here as well.
Basic Only Well Prepared Fully PreparedUnprepared
How prepared are you for each of the following regulations?
4 2
35.95%
27.78%
31.37%
19.81%
31.58%
32.41%
34.31%
42.92%
14.04%
16.67%
14.71%
35.85%
19.30%
23.15%
19.61%
1.41%
China's Cyber Security Law
Japan's Personal…
Australia's Privacy Act
General Data Protection
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% 45.00% 50.00%
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
23.40%
22.38%
19.90%
27.13%
20.00%
25.87%
43.62%
55.24%
50.25%
5.85%
2.38%
3.98%
Colorado's Consumer Data
California Consumer
New York State Department
0% 10% 20% 30% 40% 50% 60%
DomesticRegulatoryPreparednessOf companies that agreed these US regulations applied to them, respondents has similar levels of preparedness for California, New York State, and Colorado laws. Very few respondents scored themselves as unprepared for any of these US laws.
Basic Only Well Prepared Fully PreparedUnprepared
How prepared are you for each of the following regulations?
4 3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Perspectives79.46% thought there should be a federal privacy law.
79.46%Yes
07.36%No Do you think there should be a
federal privacy law in the United States?
13.18%Unsure
4 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Perspectives80.62% of respondents thought businesses risk losing customers due to inadequate data privacy practices.
80.62%Yes
13.57%No
Do you think that businesses risk losing customers due to inadequate data privacy
practices?
05.81%Unsure
4 5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
PerspectivesAnd well over half (55.81%) thought that employers risk losing employees due to inadequate data privacy practices.
55.81%Yes
20.93%No
Do you think that employers risk losing employees due to inadequate data privacy
practices?
23.26%Unsure
4 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
About Integris SoftwareIntegris Software, the global leader in data privacy automation, helps enterprises discover and control the use of sensitive data in a way that protects privacy and fuels innovation. Regulations like GDPR and the California Consumer Privacy Act (CCPA) are triggering knee-jerk reactions as companies lock down their data for fear of misuse. Integris empowers security, privacy, and data governance leaders to make fact-based decisions about the use and transfer of customer data.
By working securely, at scale, no matter where data resides, Integris provides customers with an accurate and continuous pictureof their data privacy landscape. With Integris, there is finally a way to use your data without fear.
For more information on Integris, visit www.integris.io or follow @Integrisio on Twitter.
1525 4th Avenue | 5th floor Seattle, WA | 98101-1607
+1 (206) 539-2145
4 7