Agencies Report Low Budgets and Staff for Online Privacy Protection

As the damage toll grows from this year’s breach of federal personnel data, a new survey shows federal managers reporting low budgets and short-staffing as they focus more than the private sector on compliance with procedures for preventing data loss.

Agency employees in 70 percent of government programs cited insufficient budgets in a worldwide survey of 800 privacy professionals released Thursday by the International Association of Privacy Professionals and Ernst and Young, now known as EY. The median budget of a government agency’s privacy protection operations is $130,000, versus $250,000 for a comparable unit in a regulated private company and $300,000 for one not regulated. But budget complaints are heard from the private sector too, where only 41 percent of professionals in the survey think their budget is sufficient.

Government agency respondents were least likely to make use of privacy protection resources such as internal audits and privacy working groups—though more government respondents (83 percent versus 59 in the private sector) relied on privacy impact statements, said the survey, which is the first in what is planned as an annual series. Federal managers (by 75 percent to 67 percent) are more focused than on legal and regulatory compliance than on marketing the reputation and brand.

Not surprisingly, government managers more than private-sector ones interact with records management professionals (77 percent versus 66 percent). But fewer agency staff interacted with regulatory compliance and technology professionals. More government employees (57 percent versus 46 percent) believe they should have more influence over information security.

“This study has demonstrated that privacy is a growing industry in resources, influence and voice,” the report said. “As programs mature, we see privacy professionals increasingly working more closely with product teams, the security team and large portions of the organization as a whole. The portrait that this survey paints is that while regulatory compliance remains paramount for privacy programs, organizations are increasingly using tools to mitigate risks, enhance consumer expectations and go beyond the mandates of laws and regulations, with brand and reputation management always in mind.”

(Image via Maksim Kabakou / Shutterstock.com)