Organisations are not doing enough to protect data privacy

Investments in advanced authentication and encryption set to rise in 2018

• Only 51% of executives have an accurate inventory of employee and customer personal data
• 53% conduct compliance audits of third parties who handle customer and employee data
• 48% say advanced authentication has helped reduce fraud; 46% plan to boost investment in this area in 2018
• Only 31% say corporate board directly participates in a review of current security and privacy risks
• 32% of respondents had started a GDPR assessment in 2017

In today’s data-driven society, privacy, security and trust are more vital and intertwined than ever before. But many organisations are not doing all they can to protect data privacy, according to new findings released today from PwC PwC’s 2018 Global State of Information Security® Survey (GSISS).

Less than half of respondents (49%) say their organisation limits collection, retention, and access of personal information to the minimum necessary to accomplish the legitimate purpose for which it is collected. Only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. And only 53% require employees to complete training on privacy policy and practices.

The survey draws on responses of 9,500 senior business and technology executives from 122 countries.

Says Sean Joyce, PwC’s US Cybersecurity and Privacy Leader: