All organizations that handle personal data face privacy risks.
Organizations face a challenging privacy risk environment that is becoming more complex due to regulatory and economic uncertainties. This environment is filled with new and evolving risks that arise from emerging technologies like artificial intelligence, changing consumer expectations on privacy, uncertainty over future predictions, and increasing scrutiny of business initiatives and market trends.
The Privacy risk study 2023 represents the most comprehensive study of privacy risk undertaken by the International Association of Privacy Professionals (IAPP) in collaboration with KPMG. It explores the major privacy risks organizations face and identifies the proactive measures they should take to manage and mitigate them.
In this year’s report, privacy leaders identified geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations as some of the most significant challenges. These challenges reveal the concerns about an increasingly fragmented and unpredictable world.
However, organizations are taking proactive steps to manage enterprise privacy risks. They are considering roles and responsibilities, methodology, technology, communications and continuous improvement to support the identification, assessment, evaluation and treatment of privacy risk.
About the Privacy risk study
Since 2015, the IAPP has published an annual Privacy Risk Study to help determine trends in privacy risk management across demographics. Beginning in 2017, analysis from Form 10-K submissions — annual public disclosures required by the U.S. Securities and Exchange Commission — was added to highlight the impact of privacy risk disclosures and the extent organizations publicly detail their personal data processing and privacy regulation methods.
This year, instead of just relying on public disclosures, we asked senior privacy leaders to explain their risk management practices. We also highlighted the results of interviews held with senior privacy leaders through workshops and interviews.