Over 90% of organisations polled during the compilation of Cisco’s annual Data privacy benchmark study reported that their data privacy teams played a key role in helping them respond to the challenges brought on by Covid-19, such as the shift to remote work, adjusting data-sharing arrangements and implementing data access controls.
In findings that might seem at first glance somewhat counterintuitive, Cisco said that rather than being pushed aside, privacy advocates came to greater prominence over the past nine months or so.
“When any serious threat to our safety and well-being arises, many would think privacy protections would take a back seat,” said Robert Waitman, a director in Cisco’s privacy office, in an introductory blog post.
“After all, our personal data, including our health status, social contacts and physical locations, have been needed to help control the spread of Covid-19. What’s more, the rapid shift to remote working has left organisations scrambling to keep their functions up and running, and privacy protections might well have been an afterthought.”
The report drew on responses from 4,400 organisations in 25 countries, and found that across the board, businesses turned to their security teams to address the fact they were mostly entirely unprepared for such an event.
Some 87% of individuals said they had had concerns about the privacy protections of the tools they were being asked to use, particularly in light of high-profile coverage of issues arising from the breakout conferencing platform Zoom.
The newly mission-critical nature of privacy policies is being reflected in the day-to-day work of CISOs and other security pros, with over a third who identified as such saying privacy, alongside risk assessment and management and threat response, was now one of their top areas of responsibility.
This also means privacy measures are attracting attention at board level – Cisco said 90% of organisations are now rolling-up and reporting privacy metrics to the C-suite and boardroom. This may also be reflected in privacy budgets, which have doubled year on year. Cisco’s report also noted that external certifications such as ISO 27701 were now becoming a critical buying factor.
Waitman said it was clear data privacy has come of age and is no longer considered just a consumer benefit. The report data revealed that over 66% of organisations are realising business benefits from enhancing their data privacy postures, including a reduction in sales delays and other operational efficiencies, improved innovation, and more loyal, trusting customers. Perhaps needless to say, this translates into bottom-line value, he said – with the average organisation estimating a twofold return on their investment.
Going forward, the research found evidence of strong support for maintaining the privacy principles and protections established at the onset of the pandemic, and for legal protections – 62% of respondents wanted little or no change to existing privacy laws.
However, while individuals tended to support their employers’ efforts to maintain a Covid-safe working environment, they were less positive about any mechanisms that track their location, or collect or disclose information on one’s Covid-19 status, such as contact-tracing apps. People tended to agree that use of their personal data for such purposes should be limited and strictly controlled transparently, fairly and accountably.
“The days of thinking about privacy as merely a compliance issue are over. Forged by the pandemic, privacy has become an essential priority for management, employees and customers alike,” said Waitman.