It has been said for some time that data is the new oil, but many global organizations continue to struggle to comply with regulatory requirements when it comes to the exploitation of this valuable resource.
These statistics are particularly significant given the audit’s focus on larger companies – companies one would expect to be ahead of the curve when it comes to providing information on their collection and handling of personal data. Presumably a more in depth survey of smaller companies with a web presence but a smaller compliance budget would produce even more alarming results.
The Canadian data protection authority also participated in the study, making similar observations to those of the ICO. Jennifer Stoddart, Privacy Commissioner of Canada, provided some non-compliant examples which were particularly eye-catching:
Ms. Stoddart went on to say that “Neither approach is helpful to Canadians – nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision”.
Importantly, the various watchdogs have now committed to contacting those companies where significant concerns arose, leaving the door open to a potential wave of enforcement action off the back of the sweep in any number of jurisdictions.
The study is also likely to lead to further cooperation and collaboration among international authorities on an issue that crosses international borders. For example, the GPEN members have given some examples of best practices for companies to follow when drafting global privacy policies. These policies, along with already published guidance by regulators such as the ICO and Canadian data protection authority, are a good place to start when drafting privacy policies from scratch or for those companies in need of routine health check.