Sure, a lot of budgets are taking a hit during this pandemic. But, budgets in at least one area may be seeing a dramatic increase, if not now, then soon. Can you guess what it is?
According to Legaltech® News (Market Problems Aside, Companies Are Planning Privacy Spending Spree, written by Frank Ready), in-house privacy budgets may be seeing a dramatic increase as organizations look to safeguard against the regulatory and public scrutiny associated with data breaches.
Yesterday, FTI Consulting released a new report, titled Future Proofing Corporate Data Privacy, which indicated that many respondents were prognosticating a serious hike in privacy-related spending potentially directed toward underfunded initiatives such as employee training.
The FTI survey is comprised of responses from 500 leaders working inside large, U.S.-based companies, 97% of whom indicated they would be increasing their spend on data privacy over the next 12 months, with an average increase of 50%. Additionally, one-third of respondents indicated that they would be increasing data privacy budgets by a factor of between 90% and 100%.
While privacy regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are certainly upping the ante, there are other, less formal incentives in the mix as well. Chris Zohlen, a managing director at FTI Technology, referenced pressures stemming from the general public as another point of concern for organizations.
“Many of these companies obviously don’t want their name in the paper in a negative view or connotation. … The email [to consumers] that says ‘we may have had a breach of your information,’ no one wants to be that company,” Zohlen said.
Zohlen indicated that solutions designed to help departments organize and respond to data subject access requests are popular. However, some organizations may not average enough of those requests to make such an investment worthwhile. He also flagged data management tools that can help companies scan, track and locate personal data within its systems. “A lot of the work done thus far has been sort of surveys and interviews and questionnaires and asking people in the organization how the information flows,” Zohlen said.
Aside from tech, talent and staffing may be another common outlet for privacy-related spending. According to the survey, 57% said they had appointed in-house staff designated for privacy compliance and incident response. Still, COVID-19′s impact on the economy could potentially freeze any ongoing hiring efforts in their tracks.
So far, the money sent in that direction has been relatively sparse, with the survey claiming that only 17% of privacy-related spending is earmarked for training. Furthermore, 78% of respondents either strongly or slightly agreed that their organization needed to do more to communicate its data privacy compliance protocols.
“It’s probably one of the biggest sort of areas for improvement because so many breaches and exfiltrations of data, while not totally privacy related, are from insiders accidentally,” Zohlen said.
As I noted back during my discussion of considerations for those displaced by the pandemic, the privacy profession is, relatively speaking, a growth area for career development. Even the pandemic hasn’t changed that.
So, what do you think? Are you surprised that 97%(!) of companies surveyed expect to increase spending on data privacy over the next 12 months? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
Surprised only because I have never seen Legal be so responsive to changing technology, and I have been in Legal since 2000. More should be done, but I am very happy to learn that the conversation is being had. Good first step.
Thanks, Darius! It’s amazing what a few (or a lot of) privacy regulations around the world can do to motivate legal professionals to become current. Perhaps more than eDiscovery ever did.