Most Enterprises Lack Privacy Plans
Only one-third of all organizations have implemented a formal privacy plan to date, according to the 12th annual Information Systems and E-Business Spending study conducted by Computer Economics Inc., an independent research company in Carlsbad, Calif. And 23 percent have no plan in place at all.
According to the report, the status of privacy planning varies considerably across sectors. The insurance industry is doing markedly better than most sectors, with 45.8 percent of companies reporting they have a formal privacy plan in place.
A discouraging factor for companies, Computer Economics said, is that creating a solid privacy policy and then translating that policy into operational procedures to assure that privacy is properly managed is a complex and lengthy task.
Financial Firms Face Privacy Audits
Financial institutions and financial services companies should watch out for audits by Office of Thrift Supervision examiners, according to Meta Group Inc., an independent research company in Stamford, Conn.
The 1999 Gramm-Leach-Bliley Act, which requires these companies to encrypt nonpublic WAN traffic, is not scheduled to become effective until July 1. But companies are already being threatened with noncompliance write-ups, the company said. Until audit standards are articulated, Meta cautions companies to avoid assuming that their IT infrastructure organizations will pass regulatory muster on the appointed date.