A decade has passed since Australia passed major reforms of its Privacy Act—but as the flood of data breaches continues, new figures suggest that many companies are still struggling to formalise their privacy practices, differentiate between security and privacy, or understand their obligations to protect personally identifiable information (PII).
Understaffing delays or undermines privacy efforts
Fully 55% of technical privacy roles are now understaffed, ISACA’s recent Privacy in Practice survey of privacy practitioners found. And 46% of legal/compliance roles were understaffed—up dramatically from 33% a year ago.
The widening capability gap around privacy staff reflects hiring challenges that are diminishing companies’ ability to build and enforce privacy policies, the study found, noting that “enterprises cannot backfill positions easily upon attrition of privacy talent”.
Not only are qualified staff hard to find, but many executives are proving reluctant to fund privacy roles adequately. “Understaffing issues are not likely to resolve soon,” the report notes, warning that “senior management support for privacy does not always ensure funding for additional staff to meet privacy needs.”