Author: ISACA
Date Published: 17 January 2023

ISACA’s 私隐实务2023 survey report releasing ahead of Data Privacy Day reveals that confidence in the ability to ensure the privacy of sensitive data is declining

Schaumburg, IL, USA—Faced with a web of complex and ever-evolving global data privacy regulations—including new ones that took effect at the year’s start—enterprises must stay compliant and protect the privacy of their data subjects or lose trust and take a hit to their reputation. ISACA’s Privacy in Practice 2023 research report, 于1月28日的资料私隐日公布, 发现一贯在设计上实践隐私的澳门赌场官方下载会获得回报, 但由于隐私预算问题,许多人在实现这一目标方面面临挑战, 人员配备和技能差距.

调查报告-反映1 .的见解,890 global respondents who currently work in data privacy or have detailed knowledge of the data privacy function within their organization—examines privacy staffing, organization structure, 框架和政策, budgets, training, and data breaches.

The survey found that organizations consistently practicing privacy by design (30 percent, 比2022年上升2个百分点)处于优势. They are one-and-a-half times more likely to be completely or somewhat confident in their organization’s ability to ensure the privacy of its sensitive data (65 percent vs. 40 percent of total respondents) and more likely to see their organization’s privacy strategy aligned with organizational objectives (92 percent vs. 73 percent total).


  • Say their board properly prioritizes privacy (76 percent compared to just 55 percent total)
  • Have more employees in privacy roles within their organization (the median privacy staff size is almost twice as large at 19 compared to 10 total) and are more likely to feel that their privacy department is adequately staffed (44 percent vs. 34 percent total).


  • 缺乏有能力的资源(42%)
  • 任务、角色和责任缺乏明确性(40%)
  • 缺乏行政或业务支持(39%)

While more than half of respondents believe that their board of directors adequately prioritizes privacy (55 percent), 22 percent do not, 20%的人不知道. This suggests that boards have an opportunity to improve their communication about their commitment to privacy efforts. Thirty-eight percent of respondents say that a lack of visibility and influence in the organization is a challenge in forming a privacy program, 这可能表明董事会没有充分重视隐私.  

在许多组织中,隐私预算仍然不足, 42 percent of respondents saying their privacy budget is underfunded and only 36 percent citing it as appropriately funded. Just over a third of respondents (34 percent) indicate their privacy budgets will increase in 2023.

While 75 percent of respondents are confident in their organization’s ability to ensure the privacy of its sensitive data, 这种信心正在下降,比去年下降了6个百分点.

当涉及到资源, privacy staff shortages persist and the demand for both technical and legal/compliance roles is expected to increase next year. 技术隐私角色仍然比法律/合规角色更人手不足, with 53 percent of respondents indicating they are somewhat or significantly understaffed, versus 44 percent, respectively. The survey also found that many enterprises have unfilled privacy positions (34 percent saying this is the case for technical privacy roles and 27 percent for legal/compliance roles). Additionally, technical privacy roles (69 percent) are more likely to have increased demand in the next year compared to legal/compliance roles (62 percent).

Most also indicated that the amount of time to fill roles increased or stayed the same as last year, 76%的人很难聘请到专家级的隐私专家. About one in 5 respondents say that less than one quarter of applicants for privacy roles at their enterprises were qualified for those positions.

“Organizations may desire to comply with privacy regulations and build a privacy by design culture, 但如果没有一个强大的隐私专家团队, 它们在实现这些目标方面面临重大障碍,” says Safia Kazi, ISACA principal, privacy practices. “With the increased need for these privacy practitioners’ technical and legal expertise to keep pace with the regulatory landscape, 培养和训练一个坚强的人比以往任何时候都更加重要, 熟练的隐私工作人员,以满足需求.”

Taking Action
来填补这个技能缺口, organizations are training to allow non-privacy staff to move into privacy roles (49 percent) and increasing their usage of contract employees or outside consultants (38 percent).

Respondents cited the most common causes of privacy failures as lack of training (49 percent), 数据泄露(42%), 没有有意识地保护隐私(42%). 解决隐私失败的最常见原因, 85 percent of respondents report that their organization provides privacy awareness training for employees, 59%的人至少每年审查和修订隐私意识培训. Though the metric used most often to measure training effectiveness is the number of employees completing training (65 percent) instead of a decrease in privacy incidents (54 percent), 73 percent believe that privacy training has had a positive impact on privacy awareness in the organization.

“Privacy, like security, 一开始就烤熟是最好的吗, 事后不固定,” says Anne Toth, trust, 隐私和技术政策顾问, ISACA数字信托咨询委员会成员. “This research underscores and validates what many practitioners know from experience to be true: privacy by design is a smart investment that pays dividends in customer trust.”

下载免费的副本 《澳门赌场官方软件》调查报告 visit 74mz.xjiu.net/privacy-month-2023. ISACA的认证数据隐私解决方案工程师(CDPSE)认证信息, 这展示了技术上的隐私技巧, is available at 74mz.xjiu.net/credentialing/certified-data-privacy-solutions-engineer. ISACA is a nonprofit, independent professional association with 165,000 members in 188 countries. Members 代表数字信任的所有领域,包括数据隐私.  


ISACA® (74mz.xjiu.net) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA为个人和澳门赌场官方下载提供了相关知识, credentials, education, 培训和澳门赌场官方下载发展他们的事业, 改变他们的组织, 建立一个更可信、更有道德的数字世界. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,在信息安全等数字信任领域工作的000名澳门赌场官方软件, governance, assurance, risk, privacy and quality. 它在188个国家设有分支机构,在全球设有225个分会. 通过其基金会One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

