Last week ISACA, a professional association for IT professionals, released the results of their global Privacy Survey. The organization surveyed 780 IT professionals and found that more than half of the respondents did not believe that consumers should feel confident that companies are sufficiently protecting their sensitive information. Additionally, only 29 percent of survey respondents indicated their confidence in their company’s ability to ensure the privacy of sensitive data. The survey revealed the different stages of maturity within the participants’ respective privacy programs and the results were used to establish the requirements of an effective privacy program:

• Appropriate privacy-function staffing
• Positioning of privacy function at a high level in the enterprise organization chart
• Privacy-protection culture
• Privacy awareness training
• Globally accepted frameworks/standards
• Metrics and monitoring program effectiveness
• Compliance with data-protection legal requirements

There are numerous consequences for failures of privacy and security at the enterprise level. One of the most impactful consequences noted by survey participants was the decline in the reputation of the affected organization. Additional consequences noted by participants include legal action, regulatory action and unfavorable media coverage. More importantly, a commitment to protecting consumer data makes a mature privacy policy a greater necessity for organizations than ever before.