IAPP and EY published their 2021 Annual Privacy Governance Report

Every year, the IAPP (International Association of Privacy Professionals) and EY publish their finding resulting from surveys relating to privacy governance received. This report is always a valuable tool for benchmarking privacy governance practices and understanding the current trends.

The 2021 Annual Privacy Governance Report based on 473 surveys conducted was recently released. It examines issues such as the ongoing effects of the COVID-19 pandemic on privacy professionals (including issues relating to employee remote working) as well as legal compliance issues related to the recently enacted privacy laws on the global landscape (i.e. the EU General Data Protection Regulation and the California Consumer Privacy Act). This report also addresses the structure of privacy teams, their reporting structure as well as budgets dedicated to privacy compliance and risk management. This report also discusses what type of assurances and warranties are typically required by businesses from service providers handling personal information on their behalf.

Some of the key findings which are relevant for Canadian businesses are:

• The type of cyber or privacy related topics most commonly reported to board of directors include: security incidents, the level of compliance with data protection laws and the progress achieved relating to privacy compliance initiatives
• More than half of the businesses surveyed have a team dedicated to handling data subject request (i.e. access request, request for deletion, withdraw of consent, etc.)
• Privacy budgets have increased significantly since last year with almost half of organizations planning to hire additional privacy professionals in the short term
• Complying with cross-border data transfer laws is listed as one of the top challenging issue for most businesses

Read the IAPP and EY 2021 Annual Privacy Governance Report.

This content has been updated on November 13, 2021 at 10 h 46 min.