· 1 min read · News

Internal data leaks more likely than external


The majority of privacy failures come from inside organisations, with the evolving role of the chief privacy officer key to combatting this, managing director at member-based advisory firm CEB Brian Lee has told HR magazine.

“In our research over the past year, it’s obvious the headlines in newspapers across the world really relate to external data leaks, like state-sponsored attacks and cyber hacking,” he said.

“However, what we saw in the majority of privacy failures is that they tended to come from inside the business, so from the employees themselves. That might come from employee misconduct, or maybe it comes from employees simply not knowing what to do with regards to information governance.”

Regarding how a different chief privacy officer skillset could help tackle this, Lee said: “The position is evolving. About 10 years ago, most privacy officers came from a legal or compliance background. But now, we need more skills related to senior positions. We need things like project management, the ability to work with multiple functions, collaboration, team-building, those sorts of softer skills.”

“It is closely related to HR, as the position usually involves an aspect of training employees to understand their responsibilities and the regulations related to privacy,” he added.

Lee told HR magazine that the privacy officer is still a nascent function. “We know from our research that a little less than 40% of companies have privacy officers to begin with,” he said. “The vast majority of organisations usually have somebody within legal or compliance who also has privacy responsibilities off the side of their desk, if they have anyone working on privacy at all.”

CEB’s research found that educating the workforce on data protection is a tricky balancing act. According to CEB’s research, half (50%) of employees surveyed believe that data policies slow the business down.

It also found that 89% of employees aren’t consulting the self-help tools provided in order to gauge privacy risks.

Lee said the role of the chief privacy officer would continue to evolve over the next five years. “The prevalence of the privacy officer will increase within companies," he said. "There are two drivers of that: the first is the regulatory complexity and the increase in regulations in all jurisdictions, whether that’s local, federal or international."

He added: “The second is the role of big data and the use of information that companies collect.  The data that companies need to gain a market advantage is increasing the risk of a misuse of information.”