Privacy & data protection survey

Deloitte and Ponemon Institute published a survey on privacy and security in the enterprise enviornment.

I saw a talk given by Deloitte today on the survey and here are some of the highlights I found interesting:

• Over 85% of respondents reported at least one breach where user notification was required and 63% reported multiple breaches.
• The most implemented (59.9%) technology solution to privacy and security issues was segregation of duties tools. (Note: this sounds like companies are making use of the RBAC model)
• Data classification was also high (57.7%) on the list of technology solutions. (Note: This may also be part of RBAC, classifying data into roles as well as people)
• Encryption is being implemented (55%) but the encryption isn’t being applied to everything and a significant number of companies fail to adequately protect data both in storage and while in transit.
• Both privacy and security professionals spend most of their time on incident response which includes notifying affected users.
• Female and Male security professionals make approximately the same salary.