Microsoft sponsored a study, conducted by the Ponemon Institute, to gather data about how privacy and data protection risks are being managed by companies in the United States, UK, and Germany.
As one might easily suspect, the study revealed that better collaboration between people involved with security, privacy, and compliance concerns can reduce the risk of exposing private information.
However, based on the results of the study a whopping 70 percent of marketing personnel do not consult with their company's security and privacy executives before collecting or using personal information, even though 78 percent of security and privacy executives believed that their marketing colleagues do in fact consulting them. Compounding the problem further is data that shows that only 32 percent of people who collect and use private information believed that their company isn't well-coordinated in terms of safeguarding private information.
A spokesperson for Microsoft said that "74 percent of companies that admitted to poor collaboration said they had experienced one or more significant data breaches in the last two years. However, only 29 percent of companies that claimed to have good collaboration reported one or more breaches in the same period."
Given the poor collaboration practices revealed by the study, such statistics should come as no surprise. But the statistics should raise eyebrows considerably.
"A lot of companies are struggling with approaching data protection holistically, because security and privacy people often don't even speak the same language and often report to different parts of the company," said Rob Enderle, president and principal analyst at the Enderle Group. "Understanding the issues and getting security, privacy and business leaders together to discuss ways to approach this collaboratively is a good first step for organizations."
Ponemon's Institute's research, conducted in September 2007, was aimed at people working in both public and private industry, and some 3600 people participated in the study. A summary of key findings is available in a Word document, "Data Protection and Role Collaboration within Organizations," at Microsoft's Web site.