The State of Privacy 2025 report presents the results of ISACA global State of Privacy survey conducted in September 2024, exploring trends in privacy staffing, operations, board prioritization, compliance, AI usage, training, breaches, and privacy by design.
The survey reveals key insights for privacy professionals, indicating that while staffing shortages persist, fewer respondents feel understaffed despite decreasing median privacy staff size. Perceptions of privacy funding remain consistent, with over half of respondents believing their board adequately prioritizes privacy. Demand for technical privacy roles is expected to increase more than legal/compliance roles. The most common obstacles include a complex legal landscape, lack of competent resources, and managing risks associated with new technologies. More respondents reported using AI for privacy-related tasks
Areas of Focus and Recommendations:
Staffing and Skills: Address skill gaps, particularly in experience with technologies, frameworks, and technical expertise. Implement training programs and consider apprenticeships/internships to develop talent.
Resource Allocation: Advocate for appropriate privacy budget funding, highlighting the link between adequate resources and effective privacy programs.
Compliance and Legal Landscape: Prioritize collaboration between technical and legal/compliance professionals. Ensure regular meetings to navigate the complex international legal and regulatory landscape.
AI Integration: Explore the use of AI for privacy-related tasks, focusing on data classification and personal information identification. Develop ethical guidelines around AI adoption.
Privacy Awareness and Training: Provide regular privacy awareness training for employees, updating content to reflect new laws, regulations, and organizational changes.
Privacy by Design: Integrate privacy considerations into the entire engineering process when building new applications and services. Foster collaboration between privacy teams and procurement and product/business development teams.
Monitoring and Assessment: Implement methods to monitor the effectiveness of privacy programs, such as privacy audits, risk assessments, and impact assessments.
By focusing on these areas, privacy teams can ensure a high quality outcome that partners/supports the business while delivering regulatory compliance expectations.