integris software 2019 healthcare data privacy maturity study · 2020-05-07 · software...
TRANSCRIPT
Integris Software 2019 HealthcareData PrivacyMaturity Study
Government mandates, data sharing agreements and spreadsheets sow confusion amid an avalanche of private data
1525 4th Avenue | 5th floor Seattle, WA 98101-1607 | +1 (206) 539-2145 | [email protected] integris.io
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Table of Contents
2
Executive Summary
Study Background and Methodology
Demographics
Firmographics
Data Privacy Management Budgets
Projects Impacted by Data Privacy Concerns
Data Sharing Agreements
Technical Data Privacy Maturity
Organizational Data Privacy Maturity
Regulatory Preparedness
Opinions on Federal Privacy Law, and Trust
About Integris Software
3
4
5
9
11
15
18
21
28
35
37
40
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Executive Summary
Companies are being inundated with data. A single healthcare transaction may get replicated across a hundred data repositories. Healthcare companies are constantly consuming and sharing information to build better patient profiles and improve outcomes. In addition, as healthcare companies consolidate through mergers and acquisitions, they acquire unknown datasets and data transfer agreements with new business partners. In this environment, it’s no wonder that respondents’ data privacy programs scored much lower on technical maturity than on organizational maturity.
Key Findings:
Data privacy management overconfidence: 70% were Very or Extremely Confident in knowing exactly where sensitive data resides yet 50% of them update their inventory of personal data once a year or less; and a mere 17% of respondents are able to access sensitive data across five common data source types.
Data privacy impacts much more than regulatory compliance: Proving compliance with business obligations like data sharing agreements was cited by 67% of respondents. Enforcing internal data handling policies like classification and retention was cited 61% of the time. About a quarter of respondents cited the impact on M&A due diligence (28%) and the delivery of AI / ML projects (22%). About one third saw privacy concerns impacting data lake hygiene (35%).
The proliferation of data sharing agreements: In the wake of the misuse of data sharing agreements like the one between Facebook and Cambridge Analytica, enterprises seem to be more aware of such agreements. But data sharing agreements are nothing new to the healthcare industry. 50% of healthcare industry respondents had 50 or more of these data sharing agreements in place (20% more than the entire set of respondents). However, respondents reported being 61% more confident in their ability to be compliant compared to how they perceived their partners.
Data privacy management budgets reside in IT departments: 52% of data privacy budgets are concentrated in IT departments. Technology leaders are increasingly being tasked with operationalizing their companies’ data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.
3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Study Background and MethodologyThis study seeks to understand how mid to large-sized US enterprises manage data privacy within their organizations, as well as their future plans. In February 2019 a web survey was emailed to members of an exclusive community of top business executives and IT decision makers. 258 respondents completed the survey. This version of the study provides a deep dive into healthcare industry cohort which included 46 companies. However, each of the 258 respondents had to meet the following criteria:
• Reside in the USA
• At least “Somewhat Knowledgeable” on how data privacy and data security are managed at their current company
• Mid to senior level professionals and executives
• 500 employees or more (62.4% had over 5,000 employees)• $25 million or more in annual revenue (69.38% had over $1
billion in annual revenue)
• Functional roles/areas had to be in IT, general management, or risk and compliance
Note: unless otherwise noted, N = 46
26.09%Extremely KnowledgeableIt’s part of my primary role
23.91%Somewhat Knowledgeable
50.00%Very KnowledgeableIt’s part of my role
What is your personal level of knowledge on how data privacy
and data security are managed at your current company?
4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
6.52%VP, SVP, EVP
23.91%Director, Sr. Director
23.91%Manager, Sr. Manager
Which one of these is the best fit to your current seniority level?
23.91%Senior Professional
DemographicsRespondents had to be, at a minimum, mid-level professionals.
23.91%C-Level Executives
5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsRespondents came from three key areas of the business:
1. Information Technology/Engineering (67.39%),
2. General Management/Strategy (21.74%) and3. Legal/Compliance/Risk Management (10.87%).
21.74%General Management / Strategy
67.39%Information Technology / Engineering
10.87%Legal / Compliance / Risk Management
Which one of the following is the best fit to your functional area /
department at your current company?
6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsRespondents saw themselves as taking on a range of roles with most having multiple roles as part of their mandate.
Over a third of respondents claimed privacy management fell into their primary role.
32.61%
50.00%
28.26%
47.83%
50.00%
36.96%
36.96%
17.39%
45.65%
60.87%
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 10% 20% 30% 40% 50% 60% 70%
Which of the following falls into your primary role?Please select all that apply.
7
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
DemographicsWithin their primary roles, most respondents had either primary/final decision making authority, or were on the decision making committee/had significant influence.
42.86%
37.50%
17.65%
17.65%
39.13%
36.36%
53.85%
21.74%
13.33%
32.14%
52.38%
37.50%
76.47%
76.47%
56.52%
54.55%
38.46%
65.22%
80.00%
53.57%
4.76%
25.00%
5.88%
5.88%
4.35%
9.09%
7.69%
13.04%
6.67%
14.29%
Risk and compliance
Legal
Business management
Software development
IT operations
Data infrastructure
InfoSec
Privacy management
Digital transformation
Data governance
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
I have little or no influence
I’m on the decision-making committee or have significant influence
You’ve mentioned that the following are a part of your primary role. Please indicate your personal decision making involvement for each within your current company:
I am the primary / final decision maker
8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Multiple departments impact decisions related to data privacy. Data privacy management is clearly a multidisciplinary endeavor.
Among healthcare industry respondents, data governance was was cited the most often (66.67%) as having an impact on decisions related to data privacy vs. 46.9% for all respondents. Perhaps not surprising given the critical role data governance plays in healthcare information management— making sure that health information is accurate, private, and secure.
28.29%
50.00%
43.35%
49.22%
58.91%
31.78%
31.01%
56.98%
60.47%
66.67%
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 10% 20% 30% 40% 50% 60% 70% 80%
Which of the following roles / departments have an impact on decisions related to data privacy within your current company?
Firmographics
9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
13.04%
250 to less than 1,000 employees
28.26%
1,000 to less than 5,000 employees
58.70%
5,000 employees or more
Approximately how many full-time
employees are employed by your
company at all sites and
locations? If unsure, please
provide your best estimate.
Firmographics
1 0
71.74% of firms had over 1,000 employees.
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsCompanies are dedicating serious resources to data privacy management. 77.50% had budgets dedicated to data privacy management.
77.50%Yes22.50%
No
Does your current company have a data privacy management
budget?
11
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsAlmost half (47.83%) of healthcare data privacy management budgets in 2018 were between $100K and $500K, which is a much higher concentration than the 32.43% concentration for all respondents.
This variance may be partly due to the fact that the healthcare industry has had to operationalize data privacy much earlier than other industries.
47.83%
8.70%
21.74%
8.70%
13.04%
Less than $100k $100k to $500k $500k to $1M $1M to $2M $2M to $5M $5M or more0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
How much did you spend on data privacy management in 2018?Note: This includes spend on people, technology, consulting, etc.
1 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management BudgetsOver half (51.62%) of data privacy budgets are concentrated in IT departments (InfoSec, data infrastructure, IT operations, and software development). 29.03% of budgets are concentrated in legal, risk, and compliance departments. A mere 3.23% of data privacy budgets are concentrated in the privacy management department. In 6.45% of organizations, it’s not clearly defined.
Healthcare technology leaders are increasingly being tasked with operationalizing their data privacy management program. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.
6.45%
3.23%
16.13%
3.23%
29.03%
3.23%
6.45%
22.58%
9.68%
Other
It is not clearly defined
Digital Transformation
Privacy Management
InfoSec
Data Infrastructure
IT Operations
Software Development
Business Management
Legal
Risk and Compliance
Data Governance
0% 5% 10% 15% 20% 25% 30% 35%
In which department does the majority of data privacy budget reside?
1 3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Budgets
6.90%
3.45%
62.07%
17.24%
3.45%
3.45%
3.45%
1% to 25% decrease
0% (no change)
1% to 25% increase
25% to 50% increase
50% to 75% increase
75% to 100% increase
Over 100%
0% 10% 20% 30% 40% 50% 60% 70%
What approximate spend changes do you foresee in 2019?
Unsurprisingly, most healthcare organizations (86.21%) are increasing their data privacy management budgets in 2019. Over a quarter (27.59%) of respondents are increasing their data privacy management budgets by 25% or more.
1 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
2.17%
6.52%
28.26%
21.74%
34.78%
56.52%
60.87%
60.87%
58.70%
67.39%
76.09%
Other (please specify)
None of the above
Assessing risk in M&A transactions
Accelerating AI / ML projects
Scanning & tagging data flowing in and out of data lakes
Staying in compliance when migrating apps to the cloud
Responding rapidly to breaches
Enforcing data retention and classification policies
Responding to data subject access requests
Proving compliance with business obligations like data sharing
agreements
Proving regulatory compliance
0% 10% 20% 30% 40% 50% 60% 70% 80%
Which, if any, of your current company's projects are currently impacted
by privacy concerns? Please select all that apply.
Projects impacted by Data PrivacyThe regulatory environment continues to drive urgency around
projects to prove regulatory compliance (76.09%), which
includes responding data subject access requests (58.70%),
enforcing data retention and classification policies (60.87%),
and responding rapidly to breaches (60.87%).
But data privacy impacts much more than regulatory
compliance efforts. When done right, data privacy
management supports the broader healthcare information
management control framework— regulations, policies, and
contracts. For example, proving compliance with business
obligations like data sharing agreements was cited by 67.39%
of respondents.
1 5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Projects impacted by Data PrivacyData lakes ingest disparate pieces of patient data from a variety of sources. When combined, this data has the potential to reveal customer identities along with highly sensitive personal information. So, it’s no surprise that over a third of respondents (34.78%) cited the impact of privacy for projects that scan and tag data flowing in and out of data lakes.
As data is acquired through the M&A process, data lakes and other datasets can become contaminated with unexpected, inappropriate, or problematic data. Increasingly (28.26%), M&A due diligence includes the inspection of the data being acquired. This allows healthcare organizations to properly evaluate the risk prior to merging large datasets.
Finally, when data is locked down for fear of misuse, data scientists don’t get timely access to the streams and feeds they rely on for their machine learning models.
So, it’s no surprise that AI / ML projects were cited by over one in five respondents (21.74%).
1 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Now Integral to Data Protection
1 7
Privacy
What data is important and why
Security
How those policies get enforced
Data Protection
ProtectedUsableData
Discovery & Classification DSARs Alerting
Contracts PoliciesRegulations
Encryption NetworkSecurity Access Control
ActivityMonitoring Breach Response DLP/CASB
Forward looking healthcare organizations are treating privacy as part of a broader data protection strategy where privacy tells you what’s important and why, and security is the how.
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
50.00%
30.56%
19.44%
50 or more 10 to less than 50 Less than 10 None0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
How many data sharing agreements does your current company have where data is either entering or leaving your organization?
Data SharingAgreements
50% of respondents had 50 or more data sharing agreements in place. That’s a variance of 20% more than all respondents. This is probably due to the highly intertwined nature of the healthcare industry (EHRs, insurance, etc.).
1 8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data SharingAgreementsRespondents were much more confident in their own ability to respect data sharing agreements than their partners’ ability to reciprocate in kind (there was a 60.91% increase in Very confident and Extremely confident levels in their own compliance efforts vs their partners).
20.93%
44.19%
27.91%
6.98%
Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
50.00%
How confident are you that your current company is using data in compliancewith the terms of your data sharing agreements?
1 9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data SharingAgreementsThere’s often a disconnect between what has been agreed to on paper by lawyers and what’s happening with the actual data, because the people who negotiate the contract differ from those shipping the data and/or there are no controls in place.
Also, the way contracts are written is not necessarily the way data is represented. The word "location" might appear in a contract, but the data set contains latitude and longitude values. Therefore, businesses must account for how data elements might be combined to fit the legal terms on their data sharing agreements.
7.14%
33.33%
52.38%
7.14%
Extremely confident Very Confident Somewhat confident Not so confident Not at all confident0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
How confident are you that your partners are using the data that you provideto them in compliance with your data sharing agreements?
2 0
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
32.61%
32.61%
34.78%
I don't know
Not at all confident
Not so confident
Somewhat confident
Very confident
Extremely confident
32% 32% 33% 33% 34% 34% 35% 35%
How confident are you in your current company’s ability toaccurately define what constitutes personal information?
Data Privacy ManagementTechnical MaturitySurprisingly, non of the healthcare industry respondents expressed a lack of confidence in their company’s ability to define what is personal information. 32.61% said they were very confident and 34.78% said they were extremely confident.
Are respondents falling victim to overconfidence? Perhaps. Sensitive data has an evolving nature. What's considered a sensitive category or piece of data today may not be considered sensitive tomorrow, and vice versa.
Understanding derivative personal data is important, yet challenging. For example, notes on patient’s diet can infer religion.
Data flowing in and out of data lakes is also a blind spot for many respondents. Data lakes ingest disparate pieces of customer data from a variety of sources. When combined, this data has the potential to reveal customer identities along with highly sensitive personal information.
2 1
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
87% of the US population can be identified using only their Zip Code, Gender, and Birthdate. *
*Source: https://dataprivacylab.org/projects/identifiability/paper1.pdf
2 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
10.53%
7.89%
34.21%
31.58%
15.79%
200 or more
100 to less than 200
50 to less than 100
10 to less than 50
1 to less than 10
0% 5% 10% 15% 20% 25% 30% 35% 40%
How many company data sources does your current company need toaccess to get a defensible picture of where all sensitive data resides?
Data Privacy ManagementTechnical MaturityA single healthcare transaction may get replicated across a hundred data repositories. Healthcare companies are constantly consuming and sharing information to build better patient profiles and improve outcomes. In addition, as healthcare companies consolidate through mergers and acquisitions, they acquire unknown datasets and data transfer agreements with new business partners.
In this environment it’s not surprising that over half (52.63%) of respondents said they needed to access 50 or more data sources to get a defensible picture of where their sensitive data resides.
2 3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
4.35%
2.17%
47.83%
45.65%
Other
We don't take an inventory of personal data
If audited, or in reaction to an event like GDPR
Once every 2 years
Once a year
Real-time
0% 10% 20% 30% 40% 50% 60%
How often do you update your inventory of personal data and where it resides?
Data Privacy ManagementTechnical MaturityYet 50% of respondents take inventory of personal data less than once a year or in reaction to an audit.
2 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
52.78%
71.43%
54.05%
66.67%
88.37%
22.22%
21.43%
29.73%
23.81%
9.30%
25.00%
7.14%
16.22%
9.52%
2.33%
Data in motion (data flowing into a data lake, out of a Hadoopcluster, etc.)
Cloud-based Applications (Salesforce, Workday, etc.)
Semistructured data (XML and JSON)
Unstructured data (Google Drive, Email, etc.)
Structured data (Oracle, SQL, etc.)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Which, if any, of the follow data types are included in yourcurrent company’s data privacy initiatives?
Data Privacy ManagementTechnical MaturityContinuous defensibility to meet compliance requirements boils down to doing two things well:
1. Understanding where sensitive data resides across all data source types.
2. Mapping data back to existing data handling obligations.
Point one was a mixed bag among survey respondents. Traditional data sources like relational databases are included in most (88.37%) data privacy initiatives. Cloud-based applications had good coverage (71.43%), as did unstructured data (66.67%). But data in-motion appears to be the laggard at 50.78%.
Analyzed another way, an alarmingly low 17% of respondents were including all five data types in their company’s data privacy initiatives.
No plan in place to access Plan in place to access Accessible Today
2 5
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
52.63%
62.16%
90.48%
80.49%
62.16%
55.56%
62.50%
63.41%
42.11%
27.03%
9.52%
17.07%
27.03%
27.78%
10.00%
0.00%
5.26%
10.81%
0.00%
2.44%
10.81%
16.67%
27.50%
36.59%
Automated data discovery
Metadata management
Data loss prevention or other data security tools
Data governance
Data catalog
Automated survey and workflow
Homegrown scripts
All manual (e.g. surveys or spreadsheets)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
What tools/software do you use to discover and track thelocation of personal information? Please select all that apply.
Data Privacy ManagementTechnical MaturityThe vendor landscape for discovering and tracking the location of personal information is crowded, diverse, and confusing for healthcare industry buyers. Despite lots of tooling, only 17% of respondents are currently incorporating all five data types in their data privacy initiatives.
With so many DLP and other IT security vendors claiming to solve for regulations like the California Consumer Privacy Act, it’s no wonder that respondents (90.48%) view these tools as helping them discover and track personal information. However, DLP is more about stopping insider threats and stopping end users from leaking out sensitive data (emailing it out).
63.41% of respondents reported using methods such as manually updated spreadsheets and surveys to track and inventory personal information while 62.50% rely on custom-written computer code.
Not in use nor plan Planning to use Currently Using
2 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Surveys:Inaccurate and Time Consuming
2 7
Regulations Contracts Internal
• Point in time
• Doesn’t scale
• Evolving definition of PI
• Streaming data is blind spot
Challenges
Oracle, MSSQL, MySQL, DB2
Hadoop, Snowflake
Microsoft 0365, Salesforce
Kafka, Amazon Kinesis
JDBC Connectors,RESTful API’s
Unstructured File SharesGoogle Drive,
Microsoft OneDrive
StructuredDatabases
Big Data SaaS Data-in-MotionAdditional Sources
Business Obligations
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityOrganizational maturity for data privacy management is higher and more consistent than technical maturity.
91.30% of respondents had a data privacy and awareness program in place.
91.30%Yes
08.70%No
Does your current company have a data privacy training and
awareness program?
2 8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational Maturity78.05% had a process in place to evaluate the sensitivity of different datasets.
78.05%Yes
21.95%No
Does your current company have a process in place to evaluate the sensitivity of different data sets?
2 9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityAnd 97.62% have a process in place to identify and mitigate privacy risk.
97.62%Yes
02.38%No
Does your organization have a process in place to identify and
mitigate privacy risk??
3 0
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityOrganizations are also mature when it comes to handling customer consent, and communicating when things go wrong. 85% have policies, procedures, and mechanisms in place to track customer consent across channels.
85.00%Yes
15.00%No
Does your organization have policies, procedures, and
mechanisms in place to track customer consent across
channels?
3 1
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityYet when technology is reintroduced to the equation, numbers begin to drop. 60% have an automated way to discover whose data was breached. Not surprising given the lower levels of data privacy technical maturity as reviewed in the previous section.
60.00%
40..00%No
Does your organization have an automated way to discover whose
data was breached?
3 2
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Team Size
An impressive 95.12% of respondents had data privacy teams in place, and over a quarter of respondents (26.83%) had data privacy teams of 25 or more.
17.07%
9.76%
17.07%
21.95%
24.39%
4.88%
4.88%
50 or more
25 to less than 50
10 to less than 25
5 to less than 10
3 to less than 5
Less than 3
We don't have a data privacy team
0% 5% 10% 15% 20% 25% 30%
How many employees are a part of your data privacy team? Note: Teamcan include full-time, part-time employees as well as consultants.
Data Privacy Management Organizational Maturity
3 3
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Data Privacy Management Organizational MaturityTeam Meeting Cadence
Almost a third of data privacy teams (28.27%) meet at least once a week. 41.46% admitted to meeting once a month or less. Infrequent collaboration could be a leading indicator to data privacy vulnerability, especially given that so many departments/roles have a stake in data privacy management.
8.80%
14.63%
26.83%
14.63%
19.51%
9.76%
It is not fixed
Once a year
Once every 6 months
Once every quarter
Once a month
Once every 2 weeks
Once a week
More than once a week
0% 5% 10% 15% 20% 25% 30%
How often do team members meet to discuss data privacy?
3 4
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
InternationalRegulatoryPreparednessHealthcare companies were best prepared for GDPR with 35.14% scoring themselves as Fully Prepared. No one scored themselves as unprepared.
Respondents were fully prepared for GDPR at much higher rates than the Australian (9.09%), Japanese (14.29%), and Chinese (14.29%) privacy laws. Levels of unpreparedness were also much higher here as well.
Basic Only Well Prepared Fully PreparedUnprepared
How prepared are you for each of the following regulations?
3 5
14.29%
14.29%
9.09%
35.14%
35.71%
35.71%
36.36%
48.65%
35.71%
28.57%
36.36%
16.22%
14.29%
21.43%
18.18%
0.00%
China's Cyber Security Law
Japan's Personal…
Australia's Privacy Act
General Data Protection
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00%
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
10.53%
16.00%
9.52%
47.37%
48.00%
52.38%
36.84%
36.00%
28.57%
5.26%
0.00%
9.52%
Colorado's Consumer Data
California Consumer
New York State Department
0% 10% 20% 30% 40% 50% 60%
DomesticRegulatoryPreparednessRespondents appear to be behind when it comes to domestic regulatory preparedness. Only 16% said the were fully prepared for the California Consumer Privacy Act.
Basic Only Well Prepared Fully PreparedUnprepared
How prepared are you for each of the following regulations?
3 6
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Perspectives78.26% thought there should be a federal privacy law.
78.26%Yes
06.52%No Do you think there should be a
federal privacy law in the United States?
15.22%Unsure
3 7
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
Perspectives80.43% of respondents thought businesses risk losing customers due to inadequate data privacy practices.
80.43%Yes
15.22%No
Do you think that businesses risk losing customers due to inadequate data privacy
practices?
04.35%Unsure
3 8
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
PerspectivesAnd well over half (58.70%) thought that employers risk losing employees due to inadequate data privacy practices.
58.70%Yes
23.91%No
Do you think that employers risk losing employees due to inadequate data privacy
practices?
17.39%Unsure
3 9
Integris Software 2019 Data Privacy Maturity Study | Copyright 2019 Integris Software, Inc.
About Integris SoftwareIntegris Software, the global leader in data privacy automation, helps enterprises discover and control the use of sensitive data in a way that protects privacy and fuels innovation. Regulations like GDPR and the California Consumer Privacy Act (CCPA) are triggering knee-jerk reactions as companies lock down their data for fear of misuse. Integris empowers security, privacy, and data governance leaders to make fact-based decisions about the use and transfer of customer data.
By working securely, at scale, no matter where data resides, Integris provides customers with an accurate and continuous pictureof their data privacy landscape. With Integris, there is finally a way to use your data without fear.
For more information on Integris, visit www.integris.io or follow @Integrisio on Twitter.
1525 4th Avenue | 5th floor Seattle, WA | 98101-1607
+1 (206) 539-2145
4 0