Australian Privacy Professionals Survey 2021 – Results
Published at 10:44 on 31 Jan 2022
Results from our 2021 Privacy Professional Survey are now available.
Thank you to everyone who took the time to respond.
Key take-aways include:
- Privacy teams are growing and privacy programs are becoming more mature, but finding experienced privacy team members is still a challenge.
- Privacy programs are mostly driven by compliance.
- The biggest challenge reported was dealing with the business.
- Resources identified as of most use, after more experienced staff, was more peer networking and support.
- Respondents comments followed 3 themes: we need more experienced staff, harmonisation of state and federal privacy laws would simplify compliance and, in the absence of big fines, it’s hard to get investment in privacy.
Full Conclusions
- Big increase in response rate compared to 2019 may suggest increase in number of privacy practitioners.
- Financial services organisations remained the biggest employer of respondents but there was a big jump in respondents who work for professional services organisations (including law firms and consultants). This could suggest that organisations are using service providers rather than building internal teams, perhaps becaseof skills shortages and issues in recruiting.
- However, responses indicate the size of privacy teams is growing. Although more respondents indicated they were the only privacy professional in the team, the number of teams with between 11 -50 people grew from 14% to 33% of respondents. Respondents being part of a privacy team of between 2 -5 persons was still the most common response but declined from 43% to 30% of respondents.
- And teams should grow again in 2022 with nearly 50% indicating their team would expand.
- Most respondents work for an Australian based organisation with more than 1000 people.
- 85% of respondents reported having a privacy program, with most programs being in place for at least 5 years. The biggest driver by far for a privacy program was compliance (78%) followed by risk management (55.5%). Most programs used a standard –with the OAIC framework, ISO 27701 and NIST Privacy Framework the most common but many organisations reported developing and using their own.
- Privacy impact assessment continued to be the biggest task, followed up liaising with business units. Developing and implementing policies and procedures and providing training remained high but dropped. This is consistent with the growing maturity of privacy programs.
- Privacy seems to be a growing area in its own right within organisations. Most respondents reported to a Chief Privacy Officer (33%) Next most common reporting was to Governance, Risk and Compliance (26%). 16% of respondents were part of the Legal team or reported to Legal.
- Biggest challenges included lack of business unit understanding or engagement, no clear responsibilities and inadequate funding. Hiring skilled staff dropped out of the top 3 challenges but this may because other strategies are being pursued to meet privacy skills needs.
- In terms of what privacy professional would find most useful additional personnel was still the most popular response but it dropped from 82% in 2019 to 55.5% in 2021.In the 2021 survey we added an option of ‘more professional networking and peer support’. This came in as the second most sought after resource at 41%. Technology solutions dropped from second place at 54.5% in 2019 to fourth in 2021 at 26%. Additional funding dropped from 36.5% in 2019 to 29.5% in 2021.
- Knowledge of privacy laws and experience are still most important requirements when recruiting, but experience in other fields (like risk or project management) increased in importance. There was an increase in the importance of certifications.
- Many organisations still do privacy awareness training as part of induction though there was an increase in those with a systemic training program.
- Most organisations do privacy assessments of their vendors/suppliers, but usually via the Security/IT team.
To view or download the full report – click here.