Survey finds most organizations have at least one person responsible for privacy

Nearly one in three respondents to a recent survey said their organizations have increased “privacy-related staff” over the past year, but fewer than two-thirds “have a defined privacy officer role,” according to information technology research firm Gartner Inc.

Stamford, Conn.-based Gartner released Sept. 25 some results of its study, based on responses by 221 organizations surveyed in April and May. Those respondents — which are responsible for privacy, information technology risk management, information security, business continuity or regulatory compliance — were based in Canada, the United States, Britain and Germany.

“Thirty two percent of survey respondents said that their organizations have increased privacy-related staff from 2012 to 2013 — the most significant increase since Gartner started its privacy surveys in 2008,” Gartner stated, but added only 66% of respondents have a defined role of privacy officer.

“Gartner’s consistent observation is that privacy programs are only successful if someone is driving them,” Gartner research vice president Carsten Casper stated in a press release. “Almost 90 percent of organizations now have at least one person responsible for privacy. However, having privacy programs that are owned by this individual is still not the norm.”

The survey also found that 43% of respondents “have a comprehensive privacy management program in place” but 7% said they do “the bare minimum” regarding privacy laws.

“The handling of personal information for employees, customers and citizens tops the list of requirements respondents believe should be included in a privacy program,” Gartner stated. “Some organizations — concerned about violating domestic privacy laws and the risk to their reputations — do not store personal data in locations where it can be seized by foreign authorities or is at great risk from cyber attacks.

However, central global storage of personal data is becoming increasingly widespread. For the first time this year, more organizations stored their customer data in a central global place rather than in a regional or local data center, which was the dominant model previously.”

More than two thirds (38%) of respondents reported they “transform personal data before transmitting it abroad,” through encryption or similar technology, Gartner reported.