As technology continues to revolutionize the business landscape, data privacy risks have emerged as a critical concern for organizations worldwide. Malaysia too has not been spared as we witnessed reported incidents of data breach in the recent past involving major business organizations and even government agencies.
The International Association of Privacy Professionals (IAPP), in its latest study conducted this year in collaboration with KPMG, has highlighted that nearly 93% of participating organizations indicated privacy as a top-10 organizational risk, with 35% ranking it among the top five. This study delves into the primary privacy risks that organizations face and advocates proactive measures to effectively manage and mitigate these challenges. In this year’s survey, privacy leaders from around the world have identified geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations as some of the most significant challenges, revealing concerns about an increasingly fragmented and unpredictable world. The five highest priority privacy risk domains identified by participants were data breaches, non-compliant third-party data processing, ineffective privacy-by-design implementation, inappropriate personal data management and insufficient privacy training for employees.
Against this backdrop, the study found that organizations which took steps to manage enterprise privacy risks had considered the following to support the identification, assessment, evaluation and treatment of privacy risks: roles and responsibilities, methodology, technology, communications and continuous improvement.
About the Privacy risk study
Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics.
Beginning in 2017, analysis from Form 10-K submissions — annual public disclosures required by the U.S. Securities and Exchange Commission — was added to highlight the impact of privacy risk disclosures and the extent organizations publicly detail their personal data processing and privacy regulation methods.
The Privacy risk study 2023 represents the most comprehensive study of privacy risk undertaken by the International Association of Privacy Professionals (IAPP) in collaboration with KPMG. It explores the major privacy risks organizations face and identifies the proactive measures they should take to manage and mitigate them.
[1] Recurring Data Breaches in Malaysia - Plain Ignorance or Just Weak Enforcement, Cybersecurity Asean, 2022