Outlook 2020: Integris FinServ Data Privacy Maturity Study · 2020. 5. 7. · Staying in compliance...

Outlook 2020: Integris FinServ Data Privacy Maturity Study

Government mandates, data sharing agreements and spreadsheets sow confusion amid an avalanche of private data

1525 4th Avenue | 5th floor Seattle, WA 98101-1607 | +1 (206) 539-2145 | [email protected] integris.io

Integris Software Data Privacy Maturity Study | Copyright 2020 Integris Software, Inc.

Table of Contents

2

Executive Summary

Study Background and Methodology

Demographics

Firmographics

Data Privacy Management Budgets

Projects Impacted by Data Privacy Concerns

Data Sharing Agreements

Technical Data Privacy Maturity

Organizational Data Privacy Maturity

Regulatory Preparedness

Opinions on Federal Privacy Law, and Trust

About Integris Software

3

4

5

9

11

15

18

26

36

39

41

44


Executive Summary

Companies are being inundated with data. A single bank transaction may get replicated across a hundred data repositories. Financial services companies are constantly consuming and sharing information to build better customer profiles and enable financial transactions. In addition, as financial services companies consolidate through mergers and acquisitions, they acquire unknown datasets and data transfer agreements with new business partners. In this environment, it’s no wonder that respondents’ data privacy programs scored much lower on technical maturity than on organizational maturity.

Key Findings:

Data privacy management overconfidence: 37% were Very or Extremely Confident in knowing exactly where sensitive data resides despite only taking inventory once a year or less; and a mere 11% of respondents are able to access sensitive data across five common data source types.

Data privacy impacts much more than regulatory compliance: Proving compliance with business obligations like data sharing agreements was cited by 67% of respondents. Enforcing internal data handling policies like classification and retention was cited 76% of the time. 41% of respondents cited the impact on M&A due diligence and 25% said privacy impacts the delivery of AI / ML projects. One third saw privacy concerns impacting data lake hygiene (33%).

The proliferation of data sharing agreements: In the wake of the misuse of data sharing agreements like the one between Facebook and Cambridge Analytica, enterprises seem to be more aware of such agreements. But data sharing agreements are nothing new to the financial services industry. 45% of financial services industry respondents had 50 or more of these data sharing agreements in place. However, finance organizations were also much more confident in their ability to comply with data sharing agreements than in their partners’ ability to reciprocate in kind – 75 percent of respondents were “Very confident” or “Extremely Confident” in their compliance efforts vs. 50 percent in their partners.

Data privacy management budgets reside in IT departments: 50% of data privacy budgets are concentrated in IT departments. Technology leaders are increasingly being tasked with operationalizing their companies’ data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.

3


Study Background and MethodologyThis study seeks to understand how mid to large-sized US enterprises manage data privacy within their organizations, as well as their future plans. In February 2019, a web survey was emailed to members of an exclusive community of top business executives and IT decision makers. 258 respondents completed the survey. This version of the study provides a deep dive into financial services industry cohort which included 56 companies. However, each of the 258 respondents had to meet the following criteria:

• Reside in the USA

• Mid to senior level professionals and executives

• 500 employees or more (62% had over 5,000 employees)

• $25 million or more in annual revenue (69% had over $1 billion in annual revenue)

• Functional roles/areas had to be in IT, general management, or risk and compliance

Note: unless otherwise noted, N = 56

26%Extremely KnowledgeableIt’s part of my primary role

33%Somewhat Knowledgeable

41%Very KnowledgeableIt’s part of my role

What is your personal level of knowledge on how data privacy and data security are managed at your current company?

4


13%VP, SVP, EVP

33%Director, Sr. Director

24%Manager, Sr. Manager

Which one of these is the best fit to your current seniority level?

28%Senior Professional

2%C-Level Executives

5

Demographics

Respondents had to be, at a minimum, mid-level professionals with some level of decision-making authority over their organization’s privacy initiatives.


16%General Management / Strategy

67%Information Technology / Engineering

17%Legal / Compliance / Risk Management

Which one of the following is the best fit to your functional area /

department at your current company?

6

DemographicsRespondents came from three key areas of the business:

1. Information Technology/Engineering (67%),

2. General Management/Strategy (16%) and3. Legal/Compliance/Risk Management (17%).


6.00%

19.00%

19.00%

24.00%

43.00%

46.00%

43.00%

43.00%

6.00%

43.00%

44.00%

Other

Digital Transformation

Privacy Management

InfoSec

Data Infrastructure

IT Operations

Software Development

Business Management

Legal

Risk and Compliance

Data Governance

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Which of the following falls into your primary role?Please select all that apply.

7

DemographicsRespondents saw themselves as taking on a range of roles with most having multiple roles as part of their mandate.

Over a third of respondents claimed privacy management fell into their primary role.


13.00%

67.00%

17.00%

17.00%

16.00%

22.00%

8.00%

20.00%

10.00%

8.00%

65.00%

33.00%

78.00%

74.00%

76.00%

74.00%

62.00%

50.00%

60.00%

83.00%

22.00%

0.00%

4.00%

9.00%

8.00%

4.00%

31.00%

30.00%

30.00%

8.00%

Risk and compliance

Legal

Business management

Software development

IT operations

Data infrastructure

InfoSec

Privacy management

Digital transformation

Data governance

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

I have little or no influence

I’m on the decision-making committee or have significant influence

You’ve mentioned that the following are a part of your primary role. Please indicate your personal decision-making involvement for each within your current company:

I am the primary / final decision maker

8

DemographicsWithin their primary roles, most respondents had either primary/final decision-making authority or were on the decision-making committee/had significant influence for their companies.


2.00%

26.00%

50.00%

46.00%

54.00%

65.00%

41.00%

30.00%

67.00%

70.00%

74.00%

None of the above

Digital Transformation

Privacy Management

InfoSec

Data Infrastructure

IT Operations


Business Management

Legal

Risk and Compliance

Data Governance

0% 10% 20% 30% 40% 50% 60% 70% 80%

Which of the following roles / departments have an impact on decisions related to data privacy within your current company?

9

FirmographicsMultiple departments impact decisions related to data privacy. Data privacy management is clearly a multidisciplinary endeavor.

Among financial industry respondents, data governance was was cited the most often (74%) as having an impact on decisions related to data privacy vs. 47% for all respondents. Perhaps not surprising given the critical role data governance plays in financial information management—making sure that financial information is accurate, private, and secure.


7.00%

7.00%

39.00%

46.00%

$25 to $250 Million

$250 Million to $1 Billion

$1 to $10 Billion

Over $10 Billion

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

What was your company’s revenue in 2018?

1 0

Firmographics

A total of 85% of firms had over $1 billion in revenue.

Additionally, nearly half of respondents (46%) worked for organizations with more than $10 billion in revenue.


92%Yes8%

No

Does your current company have a data privacy management

budget?

11

Data Privacy Management BudgetsCompanies are dedicating serious resources to data privacy management. 92% had budgets dedicated to data privacy management.


4.00%

12.00%

24.00% 24.00%

8.00%

28.00%

Less than $100k $100k to $500k $500k to $1M $1M to $2M $2M to $5M $5M or more0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

How much did you spend on data privacy management in 2018?Note: This includes spend on people, technology, consulting, etc.

1 2

Data Privacy Management BudgetsOver a quarter (28%) of finance data privacy management budgets in 2018 were over $5 million, and the majority (60%) were allocating over $1 million a year.


14.00%

11.00%

25.00%

11.00%

8.00%

6.00%

3.00%

11.00%

11.00%

It is not clearly defined

Privacy Management

InfoSec

Data Infrastructure

IT Operations


Business Management

Risk and Compliance

Data Governance

0% 5% 10% 15% 20% 25% 30%

In which department does the majority of data privacy budget reside?

1 3

Data Privacy Management BudgetsHalf of data privacy budgets are concentrated in IT departments (InfoSec, data infrastructure, IT operations, and software development). 11% of budgets are concentrated in risk and compliance departments, and a mere 11% of data privacy budgets are concentrated in the privacy management department. In 14% of organizations, it’s not clearly defined.

InfoSec leaders are increasingly being tasked with operationalizing their data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.


69.00%

23.00%

8.00%

1% to 25% increase

25% or more

1% to 25% decrease

0% 10% 20% 30% 40% 50% 60% 70% 80%

What approximate spend changes do you foresee in 2019?

1 4

Data Privacy Management BudgetsUnsurprisingly, most FinServ organizations (92%) are increasing their data privacy management budgets in the coming year. Almost a quarter (23%) of respondents are increasing their data privacy management budgets by 25% or more.


2.00%

4.00%

26.00%

33.00%

41.00%

52.00%

59.00%

50.00%

67.00%

76.00%

76.00%

Other (please specify)

None of the above

Accelerating AI / ML projects

Scanning & tagging data flowing in and out of data lakes

Assessing risk in M&A transactions

Responding rapidly to breaches

Responding to data subject access requests

Staying in compliance when migrating apps to the cloud

Proving compliance with business obligations like data sharingagreements

Proving regulatory compliance

Enforcing data retention and classification policies

0% 10% 20% 30% 40% 50% 60% 70% 80%

Which, if any, of your current company's projects are currently impactedby privacy concerns? Please select all that apply.

1 5

Project impacted by Data PrivacyThe regulatory environment continues to drive urgency around projects to prove regulatory compliance (76%), which includes enforcing data retention and classification policies (76%) and responding rapidly to breaches (52%) and data subject access requests (59%).

But data privacy impacts much more than regulatory compliance efforts. When done right, data privacy management supports the broader information management control framework— regulations, policies, and contracts. For example, proving compliance with business obligations like data sharing agreements was cited by 67% of respondents as a key privacy concern.


Projects impacted by Data PrivacyData lakes ingest disparate pieces of patient data from a variety of sources. When combined, this data has the potential to reveal customer identities along with highly sensitive personal information. So, it’s no surprise that a third of respondents cited the impact of privacy for projects that scan and tag data flowing in and out of data lakes.

As data is acquired through the M&A process, data lakes and other datasets can become contaminated with unexpected, inappropriate, or problematic data. Increasingly (41%), M&A due diligence includes the inspection of the data being acquired. This allows FinServ organizations to properly evaluate the risk prior to merging large datasets.

Finally, when data is locked down for fear of misuse, data scientists don’t get timely access to the streams and feeds they rely on for their machine learning models.

So, it’s no surprise that AI / ML projects were cited by over one in four respondents (26%) as being impacted by privacy concerns.

1 6


Data Privacy Now Integral to Data Protection

1 7

Privacy

What data is important and why

Security

How those policies get enforced

Data Protection

ProtectedUsableData

Discovery & Classification DSARs Alerting

Contracts PoliciesRegulations

Encryption NetworkSecurity Access Control

ActivityMonitoring Breach Response DLP/CASB

Forward looking FinServ organizations are treating privacy as part of a broader data protection strategy where privacy tells you what’s important and why, and security is the how.


96%Yes

4%No

Does your current company have a data privacy training and

awareness program?

1 8

Data Privacy Management Organizational MaturityOrganizational maturity for data privacy management is higher and more consistent than technical maturity.

96% of respondents had a data privacy and awareness program in place.


40.00%

8.00%

15.00%

17.00%

10.00%

10.00%

50 or more

25 to less than 50

10 to less than 25

5 to less than 10

1 to less than 5

We don't have a data privacy team

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

How many employees are a part of your data privacy team? Note: Teamcan include full-time, part-time employees as well as consultants.

1 9

Data Privacy Management Organizational MaturityData Privacy Team Size

An impressive 90% of respondents had data privacy teams in place, and almost half (48%) had data privacy teams of 25 or more which was more than double for that of the non-FinServ industry cohort (23%).


14.00%

2.00%

12.00%

19.00%

19.00%

19.00%

It is not fixed

Once a year

Once every quarter

Once every 2 weeks

Once a week

More than once a week

0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20%

How often do team members meet to discuss data privacy?

2 0

Data Privacy Management Organizational MaturityTeam Meeting Cadence

38% of privacy teams meet at least once a week. 47% admitted to only meeting bi-monthly or much less. Infrequent collaboration could be a leading indicator to data privacy vulnerability, especially given that so many departments/roles have a stake in data privacy management.


88%Yes

13%No

Does your current company have a process in place to evaluate the sensitivity of different data sets?

2 1

Data Privacy Management Organizational Maturity88% had a process in place to evaluate the sensitivity of different datasets.


96%Yes

4%No

Does your organization have a process in place to identify and

mitigate privacy risk??

2 2

Data Privacy Management Organizational MaturityAnd 96% have a process in place to identify and mitigate privacy risk.


84%Yes

16%No

Does your organization have policies, procedures, and

mechanisms in place to track customer consent across

channels?

2 3

Data Privacy Management Organizational MaturityOrganizations are also mature when it comes to handling customer consent and communicating when things go wrong. 84% have policies, procedures and mechanisms in place to track customer consent across channels.


100%Yes

0%No

Does your current company have policies and procedures in place

to respond to a data breach involving personal data?

2 4

Data Privacy Management Organizational MaturityAll respondents claimed to have policies and procedures in place to respond to a data breach.


26%No

Does your organization have an automated way to discover whose

data was breached?

2 5

74%Yes

Data Privacy Management Organizational MaturityYet when technology is reintroduced to the equation, numbers begin to drop. 74% have an automated way to discover whose data was breached.

There also appears to be a strong correlation between a firm's ability to do real-time data inventory and their ability to do automated discovery of whose data was breached.


2.00%

33.00%

41.00%

20.00%

2.00%

2.00%

I don't know

Not at all confident

Not so confident

Somewhat confident

Very confident

Extremely confident

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

How confident are you in your current company’s ability toaccurately define what constitutes personal information?

2 6

Surprisingly, FinServ respondents showed a major lack of confidence in their company’s ability to accurately define what constitutes personal information with 74% feeling either not at all confident or not so confident.

This is in stark contrast to healthcare industry respondents who expressed no lack of confidence in their company’s ability to define what is personal information. Perhaps this is because healthcare companies are primarily concerned with HIPAA. HIPAA defines PHI as any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity. FinServ must deal with ambiguity and a patchwork of regulations.

For example, CCPA defines personal information that “could reasonably be linked, directly or indirectly, with a particular consumer or household.” It implies that personal information doesn’t have to be tied to a specific name or individual (think home address, home devices, geolocation data, home network IP addresses, and the like).

Data Privacy ManagementTechnical Maturity


2 7

Beware of Toxic Data Combinations

Studies have also shown that only a few separate data points are needed to identify someone – 87 percent of the U.S. population can be identified by a combination of their gender, date of birth and zip code alone.

Therefore, FinServ must consider how individual pieces of data can be combined purposely or accidentally to reveal someone’s identity. This immense challenge also includes tracking data in-motion as it travels throughout an organization, or that is acquired from partners through data sharing agreements.


Not all discoverable sensitive information is linked to an identity87% of the US population can be uniquely identified with their Zip Code, Gender, and Birthdate*

*Source: https://dataprivacylab.org/projects/identifiability/paper1.pdf

https://dataprivacylab.org/projects/identifiability/paper1.pdf

Name: John SmithLikes: Mobile bankingHistory: Visits local branch 2x yearPattern: Credit card used for business and personal purchases

Data analysts

GENDER ZIP DATE OF BIRTH

De-Identified Data Repository? Not Necessarily.28


20.00%

17.00%

27.00%

17.00%

20.00%

200 or more

100 to less than 200

50 to less than 100

10 to less than 50

1 to less than 10

0% 5% 10% 15% 20% 25% 30%

How many company data sources does your current company need toaccess to get a defensible picture of where all sensitive data resides?

2 9

Data Privacy ManagementTechnical MaturityA single bank transaction may get replicated across a hundred data repositories. FinServ companies are constantly consuming and sharing information to build better customer profiles and enable transactions. In addition, as FinServ companies consolidate through mergers and acquisitions, they acquire unknown datasets and data transfer agreements with new business partners.

In this environment it’s not surprising that almost two-thirds (64%) of respondents said they needed to access 50 or more data sources to get a defensible picture of where their sensitive data resides. The FinServ industry needed to search more locations to find sensitive customer information than any other surveyed sector.


9.00%

7.00%

13.00%

24.00%

46.00%

Other

We don't take an inventory of personal data

If audited, or in reaction to an event like GDPR

Once a year

Real-time

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

How often do you update your inventory of personal data and where it resides?

3 0

Data Privacy ManagementTechnical MaturityYet, 54% of respondents don’t update their data inventory in real-time. Even more concerning, 13% percent only compile sensitive data when audited or in response to regulation requests.


4.00%

52.00%

32.00%

12.00%

0.00%

0.00%

I don't know

Extremely confident

Very confident

Somewhat confident

Not so confident


0% 10% 20% 30% 40% 50% 60%

How confident are you in your current company’s understandingof exactly where personal data resides?

3 1

Cohort Analysis | Real-time inventory

Those that did take a real-time inventory were much more confident, with 84% being Very Confident or Extremely Confident of their company’s understanding of exactly where personal data resides.

The bottom line? If you’re not taking a real-time inventory of personal data, then how can you know what data is sitting in your organization? Point-in-time knowledge is obsolete within a day due to the constantly changing nature of data in a hyper-connected world.



3.00%

3.00%

34.00%

55.00%

3.00%

0.00%

I don't know

Extremely confident

Very confident

Somewhat confident

Not so confident


0% 10% 20% 30% 40% 50% 60%

How confident are you in your current company’s understandingof exactly where personal data resides?

3 2

Cohort Analysis | NO real-time inventory

Manual, survey-based approaches don’t work in an environment of exploding, ever-changing data.

This cohort doesn’t take a real-time inventory of personal data or where it resides, and they were much less confident. Only 37% were Very Confident or Extremely Confident that they knew exactly where personal data resides.

This same group claimed that privacy concerns impacted projects typically characterized by data in-motion:

• 59% cited proving compliance with business obligations like data sharing agreements

• 28% cited scanning and tagging data flowing in and out of data lakes

• 24% cited accelerating AI / ML projects

Data in-motion is going to be a blind spot on these projects. For those with high confidence on knowing where personal data resides (35%) their confidence is probably not merited.



53.00%

69.00%

49.00%

66.00%

88.00%

40.00%

22.00%

36.00%

19.00%

12.00%

8.00%

9.00%

16.00%

15.00%

0.00%

Data in motion (data flowing into a data lake, out of a Hadoopcluster, etc.)

Cloud-based Applications (Salesforce, Workday, etc.)

Semistructured data (XML and JSON)

Unstructured data (Google Drive, Email, etc.)

Structured data (Oracle, SQL, etc.)

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Which, if any, of the follow data types are included in yourcurrent company’s data privacy initiatives?

No plan in place to access Plan in place to access Accessible Today

3 3

Data Privacy ManagementTechnical MaturityContinuous defensibility to meet compliance requirements boils down to doing two things well:

1. Understanding where sensitive data resides across all data source types.

2. Mapping data back to existing data handling obligations.

Point one was a mixed bag among survey respondents. Traditional data sources like relational databases are included in most (88%) data privacy initiatives. Cloud-based applications had good coverage (69%), as did unstructured data (66%). But data in-motion appears to be the laggard at 53%.

Analyzed another way, an alarmingly low 11% of respondents were covering all five data types in their company’s data privacy initiatives.


50.00%

57.00%

85.00%

80.00%

67.00%

64.00%

74.00%

59.00%

43.00%

39.00%

15.00%

20.00%

31.00%

26.00%

2.00%

9.00%

7.00%

5.00%

0.00%

0.00%

2.00%

10.00%

24.00%

32.00%

Automated data discovery

Metadata management

Data loss prevention or other data security tools

Data governance

Data catalog

Automated survey and workflow

Homegrown scripts

All manual (e.g. surveys or spreadsheets)

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

What tools/software do you use to discover and track thelocation of personal information? Please select all that apply.

Not in use nor plan Planning to use Currently Using

3 4

Data Privacy ManagementTechnical MaturityThe vendor landscape for discovering and tracking the location of personal information is crowded, diverse and confusing for FinServ buyers. Despite lots of tooling, only 11% of respondents are currently incorporating all five data types in their data privacy initiatives.

With so many Data Loss Prevention (DLP) and other IT security vendors claiming to solve for regulations like the California Consumer Privacy Act, it’s no wonder that respondents (85%) view these tools as helping them discover and track personal information. However, DLP is more about stopping insider threats and stopping end users from leaking out sensitive data (emailing it out).

59% of respondents reported using methods such as manually updated spreadsheets and surveys to track and inventory personal information while 74% rely on custom-written computer code.


Surveys:Inaccurate and Time Consuming

3 5

Regulations Contracts Internal

• Point in time

• Doesn’t scale

• Evolving definition of PI

• Streaming data is blind spot

Challenges

Oracle, MSSQL, MySQL, DB2

Hadoop, Snowflake

Microsoft 0365, Salesforce

Kafka, Amazon Kinesis

JDBC Connectors,RESTful API’s

Unstructured File SharesGoogle Drive,

Microsoft OneDrive

StructuredDatabases

Big Data SaaS Data-in-MotionAdditional Sources

Business Obligations


45.00%

30.00%

18.00%

6.00%

50 or more 10 to less than 50 Less than 10 None0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

50.00%

How many data sharing agreements does your current company have where data is either entering or leaving your organization?

3 6

Data Sharing Agreements45% of respondents had 50 or more data sharing agreements in place. That’s a variance of 18% more than all respondents. This data sprawl is probably due to the highly intertwined nature of the financial services industry which relies on third party ant-fraud systems, credit checks, multi-party transactions, etc.).

Importantly, the more data sharing agreements an organization has, the more challenging it is to enforce its terms and manage all personal information held across companies on a customer.


22.00%

53.00%

24.00%

2.00%0.00%

Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

How confident are you that your current company is using data in compliancewith the terms of your data sharing agreements?

3 7

Data Sharing AgreementsRespondents were much more confident in their own ability to respect data sharing agreements than their partners’ ability to reciprocate in kind (there was a 50% increase in Very confident and Extremely confident levels in their own compliance efforts vs. their partners).


17.00%

33.00%

44.00%

6.00%

0.00%

Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

50.00%

How confident are you that your partners are using the data that you provideto them in compliance with your data sharing agreements?

3 8

Data Sharing AgreementsThere’s often a disconnect between what has been agreed to on paper by lawyers and what’s happening with the actual data, because the people who negotiate the contract differ from those shipping the data and/or there are no controls in place.

Also, the way contracts are written is not necessarily the way data is represented. The word "location" might appear in a contract, but the data set contains latitude and longitude values. Therefore, businesses must account for how data elements might be combined to fit the legal terms on their data sharing agreements.


Basic Only Well Prepared Fully PreparedUnprepared

How prepared are you for each of the following regulations?

3 9

14.00%

27.00%

24.00%

37.00%

14.00%

18.00%

29.00%

35.00%

59.00%

36.00%

38.00%

26.00%

14.00%

18.00%

10.00%

2.00%

China's Cyber Security Law

Japan's Personal…

Australia's Privacy Act

General Data Protection

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00%

InternationalRegulatoryPreparednessFinServ companies were best prepared for GDPR with 37% scoring themselves as Fully Prepared.

Respondents were fully prepared for GDPR at higher rates than the Australian (24%), Japanese (27%), and Chinese (14%) privacy laws. Levels of unpreparedness were also much higher here as well.


21.00%

23.00%

33.00%

36.00%

28.00%

18.00%

39.00%

50.00%

50.00%

3.00%

0.00%

0.00%

Colorado's Consumer Data

California Consumer

New York State Department

0% 10% 20% 30% 40% 50% 60%

Basic Only Well Prepared Fully PreparedUnprepared

How prepared are you for each of the following regulations?

4 0

DomesticRegulatoryPreparednessRespondents appear to be behind when it comes to domestic regulatory preparedness. Only 23% said the were Fully Prepared for the California Consumer Privacy Act.


93%Yes

0%No Do you think there should be a

federal privacy law in the United States?

7%Unsure

4 1

Perspectives93% would like to have a federal privacy law, pointing to an industry desire to comply with one overarching regulation rather than a patchwork of state mandates.


81%Yes

13%No

Do you think that businesses risk losing customers due to inadequate data privacy

practices?

6%Unsure

4 2

PerspectivesThe FinServ industry understands the importance of protecting personal information for organizational reputations. 81% of respondents thought businesses risk losing customers due to inadequate data privacy practices.


56%Yes

24%No

Do you think that employers risk losing employees due to inadequate data privacy

practices?

20%Unsure

4 3

PerspectivesMeanwhile, respondents also see the need to secure sensitive information to protect and retain their team members. 56% thought businesses risk losing employees due to inadequate data privacy practices.


About Integris SoftwareIntegris Software, the global leader in data privacy automation, helps enterprises discover and control the use of sensitive data in a way that protects privacy and fuels innovation.

Privacy is now critical to an effective data protection strategy. By sitting upstream from security, Integris tells you what data is important and why so you can be precise in your InfoSec controls.

Integris works securely, at scale, no matter where sensitive data resides. You get a live map of your sensitive data where you can apply policies, surface issues, fulfill DSAR requests, and automate remediations via your broader ticketing and InfoSec ecosystem.

Regulations like GDPR and the California Consumer Privacy Act (CCPA) are triggering knee-jerk reactions as companies lock down their data for fear of misuse. With Integris, there is finally a way to use your data without fear.For more information on Integris, visit www.integris.io or follow @Integrisio on Twitter.

1525 4th Avenue | 5th floor Seattle, WA | 98101-1607

+1 (206) 539-2145

4 4

Outlook 2020: Integris FinServ Data Privacy Maturity Study · 2020. 5. 7. · Staying in compliance...

Documents

Transcript of Outlook 2020: Integris FinServ Data Privacy Maturity Study · 2020. 5. 7. · Staying in compliance...