Robert Waitman (rwaitman@cisco.com) is Director for Data Privacy at Cisco in New York, New York, USA.
Like security, protecting privacy has become mission critical for organizations around the world. Ninety percent of respondents to Cisco’s recent 2022 Data Privacy Benchmark Study say their customers would not buy from them if they did not adequately protect customer data.[1] And 91% say that external privacy certifications, like ISO 27701, have become an important factor in their buying process.
Privacy requirements receive overwhelming support
Today, over two-thirds of the world’s countries have enacted privacy laws regulating how personal data can be collected, stored, and used. Organizations have embraced the new privacy laws, even with the added cost and effort required. With more than 120 geographies now having privacy laws in place, organizations continue to be overwhelmingly supportive. Eighty-three percent say these laws have had a positive impact, whereas only 3% say the impact has been negative. This also has translated into a management priority, as 94% of respondents reported one or more privacy metrics to their board of directors.
Of course, you can’t have privacy without security. If you can’t control who has access to your data, you won’t be able to enforce your privacy protections. While security focuses primarily on keeping information safe, privacy focuses on all aspects of the data life cycle, including collection, processing, access, and retention. It is worth noting that security professionals are increasingly responsible for protecting privacy as well. Nearly one-third of security professionals now identify “data privacy” as core to their jobs.
