Many organizations lack the business behaviors and compliance practices necessary to adequately address growing consumer and regulatory concerns about data security and privacy, according to the Edelman Privacy Risk Index, a new global study, conducted by the Ponemon Institute, a leading independent research organization, across 29 countries.

The Edelman study reveals a lack of preparedness in managing the potential financial and reputational damage relating to the loss or misuse of personal information. Businesses, particularly at a senior level, are not reacting quickly enough to data and security risk.

Over half (57 percent) of respondents think their organization does not consider privacy and the protection of personal information to be a corporate priority. Six out of ten (61 percent) companies do not strictly enforce all levels of compliance with laws and regulations.

Meanwhile, 62 percent say their organization does not have the expertise, training or technology, and 55 percent say the adequate resources, to protect personal information. And over half (57 percent) of respondents believe their company is not transparent about what it does with employee and customer information, and 61 percent are slow to respond to consumer and regulator complaints about privacy.

The results come at a time when there is growing consumer and regulatory pressure on companies to handle personal data responsibly and securely. Companies will see increased regulatory scrutiny due to new legislation in the European Union, Latin America and Asia, as well as increased enforcement by the Federal Trade Commission in the United States.


According to research undertaken by Edelman earlier this year, 85 percent of consumers around the world feel companies need to take data security and privacy more seriously, while 70 percent said they are more concerned about these issues than they were five years ago.

“The Edelman Privacy Risk Index findings shine a light on the worrying void between business’ privacy practices and consumer expectations about how their personal data is handled,” says Pete Pedersen, global chair of the technology practice at Edelman. “From a communications and stakeholder engagement point of view, what is most concerning is the lack of clarity and transparency about these practices.”

The research also highlighted a lack of awareness of the potential risks related to data security and privacy incidents. Over half (53 percent) of respondents think a data breach would not adversely impact their reputation or financial position, despite nearly three quarters (71 percent) of consumers saying they would leave a company after a data breach. Additionally, 57percent of organizations believe that employees do not understand the importance of privacy and two thirds do not make an effort to educate employees about privacy and security issues.