Privacy sweep shows big compliance gaps


By Dylan Bushell-Embling
Tuesday, 05 March, 2019
Privacy sweep shows big compliance gaps

A global sweep of data protection procedures and capabilities of organisations in 18 countries found that only half are compliant with legal requirements around maintaining data privacy policies.

In addition, only 52% of organisations indicated that they have a documented incident response procedure, while only 58% have clear measures in place to both deal with data breaches and other incidents as they arise and notify individuals and regulators.

The sweep was led by New Zealand's Office of the Privacy Commissioner and the UK's Information Commissioner's Office, and drew the participation of 16 other data protection authorities that have allied with these offices as part of the Global Privacy Enforcement Network.

It found that while less than 10% of organisations have no privacy policies governing how they handle personal data at all, only around 50% of organisations both maintain an internal data privacy consistent with legal requirements and would be able to demonstrate that the policy has been embedded into everyday practices.

Furthermore, over 20% of organisations have no programs in place to conduct self-assessments or internal audits of their data protection standards, and 14% were deemed to have poor internal privacy practices.

The survey also identified significant gaps in terms of transparency, with only 55% of organisations maintaining a clear privacy policy which is easily assessable to customers and the general public.

Meanwhile, only half of organisations conduct regular data protection training to all staff.

But the report (PDF) also identified signs of improvement, with 33% of respondents indicating that they are in the process of implementing a data privacy framework or had partially implemented internal policies.

In addition, 67% of respondents reported appointing a dedicated data privacy officer or a senior-level member of staff responsible for overall privacy governance, and only 6% either reported that they have nobody responsible for data protection or failed to specify.

Image credit: ©.shock/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Sophos launches security advisory services in Australia

Sophos has introduced a range of security advisory services designed to detect and remediate...

Macquarie Telecom announces integration with Netskope

Macquarie Telecom has arranged to integrate its SD-WAN offering with Netskope's Security...

Payment industry urged to act now on quantum threats

The Emerging Payments Association of Australia has released a paper urging the payment industry...

Content from other channels on our network

Wi-Fi can enhance emergency services comms, says WBA

Govt brings more base stations to North West WA

Wi-Fi routers turned into surveillance devices

Progress with purpose: a Comms Connect panel preview

DroneShield to open R&D facility in Adelaide

WA regulator issues new guidance for solar installations

Sydney to receive its first purpose-built electric bus depot

Honeywell and LS ELECTRIC form global partnership

AEMC announces final inertia determination

Designing a robust cable for aquaculture

TechnologyOne launches agentic AI platform

Datadog completes IRAP assessment

ASD offering two-way threat intelligence service

Sovereign AI for Australia: defining and delivering our future

MessageXchange reappointed as NSW e‍-‍invoicing provider

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd