Landmark privacy employee research project publishes first annual report

2021-04-29T09:00:00+01:00

No comments

Data risk management, retention and deletion have emerged as some of the areas that require additional awareness, education and training in the first annual report of the Global Privacy Culture Survey.

The landmark research project, developed by Privacy Culture in conjunction with law firm Dentons, Queen Mary University and consultancy Capgemini, seeks to understand employee attitudes, knowledge and behaviour towards data privacy and protection.

A total of 3,500 employees across 10 international cross-sector organisations in 52 different countries took part in a pilot enabled by Privacy Culture’s Culture Horizon platform.

The first annual report published today, shows data sharing and deletion “still causes confusion” among employees, particularly when dealing with third parties and the ability to recognise and report an individual data rights request is “not always clear.”

The five areas identified as lowest performing were risk management, records of processing, retention and deletion, transparency and policies, training, awareness and culture.

The report said: “It’s notable that these themes include more technical aspects of data protection, privacy, security, and governance, and knowledge and behaviour will be heavily dependent on the maturity of an organisation’s data protection and privacy programme, as well as whether concepts such as the Data Protection Impact Assessment feature in general on-boarding and annual compliance training.”

The top three highest performing themes across all industries were data breach and incident management, governance and accountability and compliance and monitoring.

“This is heartening for Data Protection Officers and Chief Information Security Officers alike as our follow-on workshops indicate that some of the foundational elements of privacy and security i.e. how to recognise and report a potential data incident, are landing with 97% of respondents feeling confident that they can recognise the consequences of not reporting a data incident,” the report said.

Participating organisations were provided with a comprehensive report that includes best and worst performing themes, deep insights into specific issues at function and country level, as well as high-level recommendations around how to address them. Individual results were then compared against an overall benchmark.

The 10-minute survey covers 12 themes including Governance & Accountability, Retention & Deletion, Data Security, and Data incident reporting, with questions relevant to GDPR, and other global privacy standards and laws from around the world.

Respondents completed 50 questions using the psychometric Likert scale, that records employee views anonymously from “strongly agree” to “strongly disagree”. Survey findings are supplemented with conversations with individuals in different areas of the organisation to highlight key insights into why employees may not be behaving in the expected privacy-compliant way.

Headline reports are likely to be published annually for 10 years, to allow the tracking of attitudes and patterns of behaviour over time.

The project was first announced to mark Data Privacy Day in January and launched alongside the Culture Horizon subscription product that allows people to compare, sort and extract survey data relating to different functions, geography, location, jurisdiction and industry sectors. The aim is to provide tools to enable organisations to identify skills and training gaps.

To find out more about the survey and the Culture Horizon subscription product click here.

Topics

No comments

Article
US utilities struggling to meet demand of energy-thirsty AI

2024-04-19T11:53:00Z

In the US, demands for power are outstripping availability as energy-thirsty technologies such as generative AI pile pressure on national electrical systems.
Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from Data Protection & Privacy

News
Tech companies in India must get official nod before using “risky” AI

2024-03-07T09:49:00Z By GRC World Forums

The Indian government has issued a directive to the country’s technology firms, urging them to obtain approval before publicly releasing artificial intelligence (AI) tools that may be unreliable, or still in trial phases.
News
Euro politicians question UK’s Data Protection Bill compatibility with GDPR

2024-02-28T09:25:00Z By GRC World Forums

Paul Tang, a Member of the European Parliament, has raised concerns about the UK’s new Data Protection and Digital Information Bill (DPDI) and its potential to undermine elements of the GDPR.
News
Italian city first to receive fine for AI privacy violations

2024-01-29T15:27:00Z By GRC World Forums

The data privacy regulator in Italy has imposed a €50,000 fine on Trento for violating laws regarding the northern city’s use of artificial intelligence (AI) in urban surveillance schemes.