Privacy & Cybersecurity Law Blog

On January 10, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP and Cisco’s Privacy Center of Excellence published a joint report on “Business Benefits of Investing in Data Privacy Management Programs” (the “Report”). The Report provides insights into how several leading global companies realize value from privacy management programs and demonstrates that organizations are experiencing a wide range of risk and compliance benefits as well as other tangible benefits from investing time, money, effort and other resources into building their privacy programs.

The findings of the Report are based on a study conducted among CIPL member companies. The study consisted of a 12-question survey and follow-up interviews to further discuss the responses. Approximately 36 CIPL member companies participated in the study.

Key findings of the Report include:

• Risk and compliance benefits, such as avoiding regulatory scrutiny and fines, experiencing fewer breaches, and avoiding damage to reputation, are the most significant benefits experienced by organizations implementing a privacy program.
• There is increasing recognition among organizations that a privacy program can enable a company to use data more broadly, set an organization apart from its competitors, and build trust and confidence with customers, business partners, investors, regulators, and the public.
• Over 50% of companies that participated in this study reported a benefit of at least $1 million from investing in a privacy program over the past year. 28% experienced a benefit of over $10 million.
• The majority of organizations are using some form of privacy maturity model to implement accountable privacy programs, including CIPL’s Accountability Framework, ISO Standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others.
• The average self-reported score of survey participants on implementing the seven elements of accountability outlined in CIPL’s accountability framework is 4.13 out of 5. This is significantly higher than the 3.68 average score among all companies surveyed in Cisco’s 2021 Data Privacy Benchmark Study.
• Corporate leadership, including the board, is increasingly focused on positive impacts of privacy programs and there is a need to develop the right Key Performance Indicators to measure and report on the performance and effectiveness of such programs.

For more about these findings and other insights of the study, please view the full Report.