Over 90% of organizations polled during the compilation of Cisco’s annual Data privacy benchmark study reported that their data privacy teams played a crucial role in helping them respond to the challenges brought on by Covid-19, such as the shift to remote work, adjusting data-sharing arrangements and implementing data access controls.
In findings that might seem at first glance somewhat counterintuitive, Cisco said that rather than being pushed aside, privacy advocates came to greater prominence over the past nine months or so.
“When any serious threat to our safety and well-being arises, many would think privacy protections would take a back seat,” said Robert Waitman, a director in Cisco’s privacy office, in an introductory blog post.
“After all, our personal data, including our health status, social contacts, and physical locations, have been needed to help control the spread of Covid-19. What’s more, the rapid shift to remote working has left organizations scrambling to keep their functions up and running, and privacy protections might well have been an afterthought.”
The report drew on responses from 4,400 organizations in 25 countries and found that across the board, businesses turned to their security teams to address the fact they mainly were entirely unprepared for such an event.
Some 87% of individuals said they had had concerns about the privacy protections of the tools they were being asked to use, particularly in light of high-profile coverage of issues arising from the breakout conferencing platform Zoom.
The newly mission-critical nature of privacy policies is reflected in the day-to-day work of CISOs and other security pros, with over a third who identified as such saying privacy, alongside risk assessment and management and threat response, was now one of their top areas of responsibility.
This also means privacy measures are attracting attention at board level – Cisco said 90% of organisations are now rolling-up and reporting privacy metrics to the C-suite and boardroom. This may also be reflected in privacy budgets, which have doubled year on year. Cisco’s report also noted that external certifications such as ISO 27701 became a critical buying factor.
Waitman said it was clear data privacy has come of age and is no longer considered just a consumer benefit. The report data revealed that over 66% of organizations realize business benefits from enhancing their data privacy postures, including reducing sales delays and other operational efficiencies, improved innovation, and more loyal, trusting customers. Perhaps needless to say, this translates into bottom-line value, he said – with the average organisation estimating a twofold return on their investment.
Going forward, the researchers found evidence of strong support for maintaining the privacy principles and protections established at the onset of the pandemic and for legal protections – 62% of respondents wanted little or no change to existing privacy laws.
However, while individuals tended to support their employers’ efforts to maintain a Covid-safe working environment, they were less optimistic about any mechanisms that track their location or collect or disclose information on one’s Covid-19 status, such as contact-tracing apps. People tended to agree that using their personal data for such purposes should be limited and strictly controlled transparently, reasonably, and accountably.
“The days of thinking about privacy as merely a compliance issue are over. Forged by the pandemic, privacy has become an essential priority for management, employees, and customers alike,” said Waitman.