New study shows global privacy investments increasing

Organizations are investing more in privacy protection globally, according to research published today by privacy management software company TrustArc. Nevertheless, it still found significant room for improvement in key areas, including cookie consent management.

The company surveyed people worldwide for its 2021 Global Privacy Benchmarks Report, including executives, managers, full-time non-managerial employees, and members of the privacy team. It found performance improving on the privacy front and that companies were eager to do more. The proportion of companies planning big-ticket privacy investments of $1 million or more grew to 48% in 2021. This is up from 28% in 2020.

This increased focus on privacy showed up in internal programs. The number of companies with dedicated privacy offices jumped 17 percentage points to 83%. More companies also said that privacy was now a core part of their business strategy. That proportion increased 7 percentage points from 37% to 44%.

TrustArc also noted a marked improvement in attitudes to privacy on its privacy index, which it compiles based on respondents' answers to core privacy questions. These include whether their board of directors regularly reviewed privacy matters and whether they sufficiently trained employees in privacy issues. It also assessed confidence in key privacy outcomes among their customers, employees, and partners.

The median score on the privacy index jumped from 62% to 70% during the last year, while the 75th percentile score — the average score for companies getting an "A" grade — jumped from 79% to 85%.

Organizations in the US are more confident in protecting employee and customer data, at 82% compared to 74% in Europe. This could be a sign that stateside companies have upped their game following the imposition of the wide-ranging California Consumer Privacy Act, which came into force on January 1, 2020.

Companies might be paying more attention to privacy, but there is still work to be done. Over a third of respondents said they had suffered a breach in the last three years, while 27% reported their company suffered a large-scale cyber security attack.

One area where companies must try harder is cookie consent. This regulatory requirement mandates that companies collect visitor consent when serving cookies via a website. Only 23% of companies work with stakeholders across all departments to ensure that their consent solution meets regulatory requirements and business objectives. Just 46% of respondents said their cookie consent solution was "fully done."