Study: Personal Data Exposed Frequently

Eighty-five percent of privacy and security professionals say a reportable data breach occurred in their organizations in the last year

NEW YORK -- Personally identifiable information (PII) of customers and employees is being exposed -- frequently and repeatedly – potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey by Deloitte & Touche LLP (“Deloitte”) and the Ponemon Institute LLC.

A shocking 85 percent of privacy and security professionals in North America surveyed acknowledged having at least one reportable data breach of PII within their organizations during the last 12 months, according to the “[email protected]: 2007 Privacy & Data Protection Survey.” More alarming is the fact that 63 percent acknowledged multiple reportable data breaches occurred within their organizations during the same period. As a result, privacy and security professionals continue spending most of their privacy-focused time on incident response and relatively little time on more proactive activities, such as strategy, training and root cause analysis.

More than 800 North American privacy and security professionals responded to the online survey sponsored by Deloitte and the Ponemon Institute, which was conducted to better understand the emerging privacy function. The survey, now in its second year, analyzed the roles, activities and time allocation preferences of dedicated privacy and security professionals, as well as their organizational status and reporting relationships. Specifically, respondents were asked to describe actual versus “ideal” time spent on activities and requirements to effectively manage and protect personal data in the enterprise.

“Frankly, I’m shocked by the high percentage of PII data breaches we’re seeing occur within organizations. This survey provides insight into the scale of the problem and how enterprises are struggling to respond. It’s clear that both privacy and security professionals are caught in a reactive cycle, and they agree on the need to move to a more proactive stance,” said Rena Mears, Deloitte global and U.S. privacy and data protection leader.

Deloitte & Touche USA LLP