Australian CISOs continue to struggle on privacy

New ISACA research shows that Australian organisations—including regulators—can’t find sufficient staff to treat privacy by design as seriously and thoroughly as needed.

Close-up shot of an eye and eyewear with binary streams in the foreground.
Natali Mis / Getty Images

A decade has passed since Australia passed major reforms of its Privacy Act—but as the flood of data breaches continues, new figures suggest that many companies are still struggling to formalise their privacy practices, differentiate between security and privacy, or understand their obligations to protect personally identifiable information (PII).

Understaffing delays or undermines privacy efforts

Fully 55% of technical privacy roles are now understaffed, ISACA’s recent Privacy in Practice survey of privacy practitioners found. And 46% of legal/compliance roles were understaffed—up dramatically from 33% a year ago.

The widening capability gap around privacy staff reflects hiring challenges that are diminishing companies’ ability to build and enforce privacy policies, the study found, noting that “enterprises cannot backfill positions easily upon attrition of privacy talent”.

Not only are qualified staff hard to find, but many executives are proving reluctant to fund privacy roles adequately. “Understaffing issues are not likely to resolve soon,” the report notes, warning that “senior management support for privacy does not always ensure funding for additional staff to meet privacy needs.”

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022