"The big focus today is how to take all the compliance requirements and try to streamline them," said Holcomb. "58 percent of the respondents said [that their strategy is] both compliance and brand maintenance. Compliance is important and yeah, you maybe check the box, but you're also focused on privacy because you want to protect your brand and build trust with your consumers."
That desire to streamline was made apparent in the survey results, as the majority of practitioners (57 percent) cited streamlining and improving the efficiency of their existing processes as a higher priority than expanding their programs. Again, it would be tempting to think that this may be indicative of a dismissive attitude towards privacy, but Holcomb insists this is not the case.
"It's just gotten overwhelming when you look at compliance in all the different areas where a company needs to comply," said Holcomb. "Companies need to figure out which technology, which group of people, which governance programs they need to cover all of these compliances, including privacy. It's not an attitude towards privacy specifically, it's that the list has gotten so long. It makes it quite a challenge for companies to comply all with time with all requirements."
Holcomb pointed out that the US does not have a federal privacy law; rather, we have state and sectorial laws, which make building a privacy compliance program very complex since it depends on where consumers, not the headquarters, reside. This, of course, means that once all of the consumers are accounted for, the laws become numerous and complicated.
"So having a compliance program to even meet the privacy regulations is challenging," said Holcomb.
That's why specialized roles, like chief privacy officers, are rising in prominence. Though that statistics indicated that the most common executive title held by privacy leaders is still General Counsel at 32 percent, chief privacy officer came in second at 24 percent. Though handling privacy issues was once a responsibility of CSOs, they are becoming decreasingly responsible — only 8 percent said that CSOs were their privacy leaders — as the more specialized players step into their roles.
"[Being a privacy leader] is becoming more of a legal function," said Holcomb. "They have to coordinate with the security teams and others in the organization. The role is being given to someone, generally a lawyer, who is focused on the laws. But they also need to look at the people, processes, and technologies, so there's a lot of internal coordination. You need a cross-functional team."
Sign up for MIS Asia eNewsletters.