Published OnOctober 30, 2019The IAPP recently released their data protection and privacy survey results for 2019. Here are some important highlights on data breach reporting.
Cyberattacks and data breaches top the list of data protection and privacy concerns among organizations today. New data privacy regulations, including GDPR and CCPA now require timely reporting when data breaches occur. Although reporting is on the rise, not all organizations account for their data breaches, according to the latest Annual Privacy Governance Report for 2019.
GDPR’s Influence on Reporting
The effect the General Data Protection Regulation has had can be clearly seen in the report’s statistics, with twice as many firms subject to GDPR reporting a data breach this year as compared to 2018. In 2018, 69% of firms surveyed indicated that they had not reported a data breach after it occurred, while only 16% indicated that they had reported a data breach. Compare that to this year with 38% of firms indicating that they had a data breach reporting and 54% saying they had not. This is a significant reversal and shows that these firms are beginning to take compliance with GDPR very seriously.
Median Data Signals Successful Efforts
Another interesting point is that 63% of firms reporting a data breach say they reported fewer than five incidents, with 22% reporting 10 or more. Breaking that data out puts the median number of data breaches at four for regulated organizations, two for non-regulated organizations, and seven in the government sector. These figures are a testament to the successful efforts of all information technology departments in keeping their organizations secure in the face of the massive and constant efforts to hack into their systems.
Data protection and privacy has become an ever-increasing awareness item for every organization. The International Association of Privacy Professionals’ Annual Privacy Governance Report for 2019 has documented that important progress has been made, but has also shown that there is still much work to be done. Ensuring that an organization’s board of directors is fully informed about the risks surrounding data protection and privacy governance is critical to ensuring their support and, ultimately, the program’s success.