Survey: Compliance Is Top Concern; Companies Spending $2.4 Billion on Privacy

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Joyce E. Cutler

Nov. 5 — The Fortune 1,000 companies each spend a mean $2.4 million on privacy, $76 per employee, for an aggregate $2.4 billion spent on protecting assets and information, according to an International Association of Privacy Professionals (IAPP) survey report released Nov. 5.

The IAPP, in its inaugural survey of privacy professionals, found organizations spend approximately $204 on privacy per $1 million in revenue. IAPP President and Chief Executive Officer J. Trevor Hughes told Bloomberg BNA Nov. 4 that the organization was “sort of taken aback” with the $2.4 billion budget figure. “That is a big number,” he said.

“At some level that is as a good a response that exists anywhere to the question, does the U.S. marketplace care about privacy,” Hughes said The answer, he said, is “it definitely does, to the tune of $2.4 billion.”

Thirty-two percent of participants said the budget figures they offered correspond to the part of the corporation for which they are responsible, as opposed to the entire corporation, the report said. A sample of 59 of 264 privacy professionals responded to the survey.

More Spending, Hires Planned

Thirty-eight percent of respondents said they likely would increase their privacy budget in the next year, with an average increase of 34 percent, according to the report. Only 10 percent of respondents said they expected budget contraction.

“Based on current spending levels and project spending from respondents, we therefore predict privacy spending to approach $3 billion in 2015,” the report said.

The increase in spending reflects the substantive nature of privacy and “the incredible dynamic and unstable nature of the risk” facing companies, Hughes said.

One-third of companies plan to increase the number of their full- and part-time employees in the coming year, according to the report.

Thirty-three percent of respondents said they intend to hire more employees in the coming year. Forty percent of those respondents said they would hire part-time workers, and 29 percent said they would hire full-time workers. The IAPP projected that those figures would translate to 950 full-time privacy professionals hired over the next year, with another 2,200 professionals having privacy as a part of their responsibilities.

Premium on Cooperation, Interplay

Nearly two-thirds (64 percent) of respondents reported satisfaction with the influence they have over information technology operations, while 61 percent said they were satisfied with their influence over information security operations.

Information security colleagues are the peers with which privacy professionals work most closely (93 percent), followed by the legal department (89 percent) and the IT department (79 percent), the report said.

One of the areas to watch, Hughes said, is the dialogue between privacy professionals and IT/security professionals that is emerging “and can only increase in the future.”

There will be “a premium on those people who can speak both languages,” Hughes said. Professionals “who understand law and policy and can speak information security or vice versa” will “become incredibly valuable because that dialogue is ramping up quickly,” he said.

Compliance, Ethics Priorities

Compliance was the most important priority for companies that responded to the survey. Forty-nine percent of respondents ranked regulatory and legal compliance first, while 72 percent ranked it first or second.

For companies in the mature stage of privacy development, compliance is almost their exclusive focus, the report said, with 71 percent of mature-stage firms ranking compliance first, much higher than companies whose privacy development is less mature.

Thirty-two percent of privacy professionals said they are satisfied with their influence over corporate ethics, with 14 percent identifying that as an area in which they would like more influence, the report said. Thirty-nine percent of privacy professionals said it is “very important” to work closely with the corporate ethics team, slightly below the 43 percent who said they thought it was very important to work with a company's marketing team.

To contact the reporter on this story: Joyce E. Cutler in San Francisco at

To contact the editor responsible for this story: Katie W. Johnson at

The report, “Benchmarking Privacy Management and Investments of the Fortune 1000,” is only available to IAPP members. An executive summary is available at


Request Bloomberg Law: Privacy & Data Security