Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Global privacy advisory market topping US$3 billion

Jay Cline | Aug. 13, 2015
The first-known estimate of corporate spending on privacy lawyers and consultants projects strong gains driven by regulatory and technology change.

data privacy

How much do companies around the world spend each year on data privacy services to fix the problems we read about in the headlines every day? Nobody as far as I can tell has published an answer to this question. So this month I set out to pull together the best available data points on the market.

What did I find out?

The first discovery was that you need to define what you're estimating. Because no one before Computerworld has sized up the privacy sector, that task falls to us.

Defining the market

For starters, I think three segments comprise the sector: privacy advisory services, privacy operations and security of personal information.

  • The privacy advisory market includes what law firms and consultancies do: help organizations identify their privacy risk and compliance gaps, build their privacy programs and defend against privacy legal claims.
  • The privacy operations market includes what software and managed services firms do to help govern a privacy program: governance risk and compliance software; subscriptions for privacy training, news and information; privacy seals; and platforms for harmonizing privacy opt-ins and opt-outs.
  • The personal-data security market includes the tools and technologies used to protect the confidentiality of personally identifiable information (PII), such as encryption, masking and content scanning.

All three subsectors are related, but different providers serve each one and they're at different stages of maturity and market-data availability. Among them, the privacy advisory market offers the best data, so that's where I focused this estimate.

Getting to the numbers

There are at least three ways you can size up the dollars in the privacy advisory market:

  • The tally method. Add up the number of privacy lawyers and consultants via LinkedIn, firm websites and the directory of the International Association of Privacy Professionals (IAPP) -- and make assumptions about average rate-per-hour and billed hours per year;
  • The survey method. Survey the buyers for what they're spending each year on these services; or
  • The market-share method. Use the known revenues of a leading provider or two, and use market-share assumptions from market activity to extrapolate a full-market estimate.

In my March 2006 column, I only used the first method and put the U.S. privacy consulting market at $400 million. It was a sufficient and reliable method back then because the pool of providers was limited and knowable. This time, now that I have access to more information in my new role, I used all three methods. And, what a relief. They all pointed to the same ballpark number: $3 billion.

Here are some key assumptions and interesting factoids:

  • Roughly 85% of the global revenues originate from the U.S. market, a share that is poised to decline as Europe nears completion of its massive privacy-law overhaul and European spending increases.
  • Legal services account for two-thirds of the total, a portion that also appears to be declining as companies increasingly operationalize their privacy legal advice.
  • Market share is highly dispersed across large firms, boutiques and independent consultants, with no single firm capturing more than 5% of the global pie.


1  2  Next Page 

Sign up for MIS Asia eNewsletters.