The need for legal and compliance to minimize data privacy risk

Employees are the biggest source of privacy risk. In fact, 59% of privacy incidents originate with an organization’s own employees. Worse still — 45% of employee-driven privacy failures come from intentional behavior.

Business leaders taking a reactive approach presents challenges to security and risk leaders, as privacy and data protection becomes more complex and organizations move more applications to cloud providers, adopt postmodern enterprise resource planning (ERP) strategies and start platform businesses.

Gartner research predicts that by 2021, more than 60% of large organizations will have a privacy management program fully integrated into the business, up from 10% in 2017. For many organizations, the responsibility for privacy is either unclear or misguided, or both. The answer: Leaders from across the organization have a role to play in translating requirements and prioritizing risk mitigation action.

Similar to how executives approached data security 10 years ago, privacy management is often addressed after the fact and not embedded into the application life cycle. Security and risk management leaders should look to legal and compliance leaders to ensure that all departments across the business use data correctly.

Gartner has identified four ways security and risk management leaders can partner with legal and compliance leaders to minimize risk and maximize trust;

  1. Create a culture of consistent, responsible data use with senior leaders across all areas of your organization by following the seven principles of privacy by design.
  2. Work with privacy professionals to build a base level of privacy knowledge and monitor the effectiveness of training.
  3. Work with application leaders to review your application portfolio and retain strategic application vendors that share your approach to responsible data use.
  4. Work with application leaders to use alpha and beta testers and focus groups (preferably composed of customers, partners and employees) in the development of new application functionality and in reviewing existing application functionality.