IAPP & TrustArc Research: Part IV – Privacy has a Strong Influence on Purchase Decisions

Part I of this blog post series discussed background, goals, and research methodology of the research report: How Privacy Tech is Bought and Deployed.

Part II illustrated how Privacy Tech Adoption has reached the tipping point: based on purchase plans, it is projected that companies will adopt privacy technology in eight of the ten privacy technology categories.

Part III highlighted some interesting data from the report that shows what the three fastest growing solutions are: data mapping, assessment management, and data discovery.

Part IV will discuss an interesting finding in the research: that privacy has a strong influence on purchase decisions.

Even where budget may not be available for privacy pros, they do have influence over the decision-making. Only a few categories of technology are relatively purely the domain of privacy, but many of the categories where we saw budgets in the hands of IT and infosec show that privacy has valuable input in which technology to acquire or whether to acquire it at all.

For Incident Response, 69 percent of respondents said privacy had input into the decision-making, even more so than the IT team, despite only 28 percent of privacy teams actually having budget authority. Similarly, 57 percent of privacy teams had influence over the Website Scanning and Cookie Management tools, though only 12 percent had the purchase made from their budget. Privacy teams have the most say over purchasing Privacy Program Assessment/ Management tech.

Even though we found some differences whose budget is being used, and who has influence over the buy, we found that most teams derive value from privacy tech. An organization is clearly more likely to be happy with a purchase if it sees use throughout the enterprise. The more teams who get value out of the technology, the more likely those teams are to support its adoption.

All of these technologies reportedly offer at least some value outside of the core privacy team, and a few are used as much or more by privacy champions throughout the organization and other teams like marketing, HR, IT and others.

Overall, this research demonstrates that privacy tech has become an important part of many companies’ privacy programs. To find out additional insight into this growing trend, read the full report.

IAPP & TrustArc Research: Part III – Three Fastest Growing Solutions

Part I of this blog post series discussed background, goals, and research methodology of the research report: How Privacy Tech is Bought and Deployed.

Part II illustrated how Privacy Tech Adoption has reached the tipping point: based on purchase plans, it is projected that companies will adopt privacy technology in eight of the ten privacy technology categories.

Part III will highlight some interesting data from the report that shows what the three fastest growing solutions are: data mapping, assessment management, and data discovery.

By showing what percentage of organizations are actually already buying and implementing these various technologies, we are providing a way to roughly assess the market penetration. While we don’t have a way to assess whether these organizations truly need each of the 10 categories of identified privacy technology, we can see what organizations are buying and implementing.

Data mapping, assessment management, and data discovery among fastest growing solutions

This chart shows that:

  • 24% have already purchased Data Mapping and Flow technologies and 21% have purchased Personal Data Discovery tools. These two technologies also top the chart for what organizations are planning to implement at 33%.
  • Privacy Program Assessment and Management software has made significant headway, with 33% of organizations surveyed having purchased it or implemented it and another 32% either planning to purchase this technology in the future or have already purchased it but have yet to implement.

Not illustrated above is an interesting difference based upon geography. EU companies also are slightly more engaged with Data Mapping and Flows tools (43 percent have purchased) than U.S. companies (35 percent) and Canadian companies (15 percent).

Also of note are Network activity monitoring and Security enterprise communications, two technologies represented in the graph above that most companies have already purchased. As shown, core security technologies that might also serve a privacy function are more frequently implemented, as is the case for many of what we call Enterprise Privacy Management solutions.

Network Activity Monitoring is something many security operations are likely to have on board, so they can understand traffic loads, watch out for DDoS attacks, and watch out for unauthorized access to certain organizational data.

Similarly, it is now relatively standard practice for security teams to use some kind of Secure Enterprise Communications — such as enterprise solutions that are increasingly being developed to allow for encrypted business conversations, or even simple personal messaging apps — to correspond after a security incident that may have compromised the network, so as not to alert intruders that the team is aware of their presence.

You can read the full report for more analysis of the results, including why some technologies seem to have less investment. In our next blog post we will discuss privacy’s strong influence on purchase decisions.

IAPP & TrustArc Research: Part II – Privacy Tech Adoption Approaching the Tipping Point

Part I of this blog post series discussed the background, goals, and research methodology of the research report: How Privacy Tech is Bought and Deployed.

This blog post, Part II, will illustrate how Privacy Tech Adoption has reached the tipping point. Based on purchase plans, it is projected that companies will adopt privacy technology in eight of the ten privacy technology categories.

This chart shows the percentages of companies surveyed that have already purchased and implemented privacy technology:

Of the 10 categories of privacy technology, it’s no surprise that Network Activity Monitoring technology is the most in-use, being that the infosecurity marketplace and its range of solutions is mature and robust. Core security technologies that might also serve a privacy function are more frequently implemented, as is the case for many of what we call Enterprise Privacy Management solutions.

Privacy Program Assessment and Management software has made significant headway, considering it was essentially unknown as a product as recently as five years ago. Even more indicative of Privacy Assessment/Management’s nascent status is that yet another 32 percent of organizations are either planning to purchase this technology in the future or have already purchased it (11 percent) but have yet to implement.

This chart shows the percentages of companies surveyed that are planning to purchase, or have purchased but not implemented privacy technology:

Both the Data Mapping and Flow and Personal Data Discovery categories have either already been purchased or are in the plans for another 33 percent of organizations, which shows how in-demand these solutions are as the GDPR and other laws require a deep knowledge of what personal information and organization holds, where it lives, and how it travels through an organization.

This chart shows the percentages of companies surveyed that have already purchased, or plan to purchase privacy technology:

The data shows that technologies with security applications and general enterprise use are clearly more mature and in-use than newer, privacy office-specific technologies, but the data shows a clear wave of uptake coming. The most likely new technologies to be adopted by privacy offices are Data Mapping and Flow, Personal Data Discovery, and Privacy Program Assessment/Management technologies, all of which are in the plans for purchase by roughly a quarter of companies.

In our next blog post we will discuss the three fastest growing solutions. To read the entire report now, click here.

IAPP & TrustArc Research: Part I – Baseline for Privacy Tech Adoption has Been Established

 

Today technology solutions are needed to efficiently manage and operationalize privacy. Many organizations have an increasing reliance on data to drive business, there is an influx of new technologies into the workplace, and there are regulatory requirements to demonstrate ongoing compliance.

To help companies navigate the influx of solutions, the IAPP created the Privacy Tech Vendor Report. That report was initially released 18 months ago, and this year the report has grown to encompass 10 product categories and more than 150 companies. The report contains information from privacy practitioners that is meant to help companies that are acquiring new technology. Specifically, it is meant to answer questions such as: With more than 100 vendors out there, and growing by the day, how can a practitioner know which vendor will be the best fit?

While the Privacy Tech Vendor Report is very helpful when acquiring new technology, there were still questions left unanswered, so the IAPP teamed up with TrustArc to find the answers. “How Privacy Tech is Bought and Deployed” takes it a step farther. It provides insight into who is using these privacy tech solutions, what they’ve bought, who had the budget, who had influence over the decision making, and current and future plans for purchasing to help companies benchmark versus the industry. This new research provides a baseline by which we can measure changes over time to monitor progress in the industry.

For this research, 328 privacy professionals from around the globe were asked several questions related to these privacy tech categories:

Privacy Program Management: solutions designed specifically for the privacy office

Enterprise Privacy Management: solutions designed to service the needs of the privacy office alongside the overall business needs of an organization

Most respondents came from the US, technology and telecom industries, and were managers or directors:

They were asked demographic questions first. Then, with regard to the 10 basic privacy technology categories in the IAPP Privacy Tech Vendor Report, they were asked how they would describe their organizations status in the purchase process: not purchased; planning to purchase in the future; have purchased but still testing; or purchased, tested, and implemented. They were also asked who was involved in the decision to acquire the technology, whose budget was or would be used to acquire the technology, who would, or does use the technology, and from whom the privacy technology was acquired.

We will be writing about the findings in a series of blog posts:

  • Part II: Privacy Tech Adoption Approaching the Tipping Point
  • Part III: Three Fastest Growing Solutions
  • Part IV: Privacy has a Strong Influence on Purchase Decisions

To read the entire report now, click here.

Privacy Insight Series Webinar Highlights GDPR Benchmarking Research

GDPR Benchmarking Research

The European Union’s (EU) General Data Protection Regulation (GDPR) is the most sweeping change to data protection in the past 20 years, and will go into effect in less than a year. Its impact will be felt by every organization that does business in the EU, or handles personal information of EU citizens in any manner.

We benchmarked the status of 200 U.S. companies’ efforts to meet privacy mandates in general, and in particular to meet the May 25, 2018 deadline for the GDPR. The survey was conducted by Dimensional Research on behalf of TrustArc.

On July 26, as the first webinar in the Summer/Fall TrustArc Privacy Insight Series, we had privacy experts talk about what they’ve been seeing as the causes behind some of the key statistics in our research.

The study results showed that 95% of organizations say that the need for technology to help manage privacy is growing. Why the shift from privacy being primarily a policy issue handled by the legal office toward privacy becoming an operational issue requiring sophisticated solutions to manage? Digital Accountability.

Now privacy is a business issue, and compliance requires the entire organization to participate. New requirements around things like Verifiable Consent, the Right to be Forgotten, and Privacy by Design touch departments such as marketing and product. Because accountability now goes beyond the legal team, organizations need solutions to verify and demonstrate that GDPR requirements are being met.

Results also demonstrated that 83% of organizations expect their GDPR spending to exceed $100,000 dollars. While larger organizations plan to spend even more, most organizations are prepared to spend a lot. The deadline is approaching fast and many organizations have a shortage of internal resources. Although the cost may seem  high, companies can maximize their investment by taking an integrated approach by having all teams work together toward compliance. Additionally, ensuring that the technology used for compliance is integrated into a long term plan will help get the most out of the investment.

You can read the full report  or listen to the webinar on demand. If your organization needs help building, implementing, or demonstrating GDPR compliance, TrustArc offers solutions to help, no matter where your organization stands against the GDPR requirements. Contact us today.

div>