A survey of about 500 companies conducted by Imperva and Ponemon Institute studied the level of compliance with the Payment Card Industry’s Data Security Standard (PCI DSS). The results show that 71 percent of the companies surveyed do not view data security as “a strategic initiative across the enterprise.” Further about half of the companies surveyed indicated that they are not “proactive in managing privacy and data protection risks.” Twenty-five percent of the respondents said they are not currently compliant with PCI DSS requirements. The other 75 percent had varying levels of compliance.
In a section of the survey regarding behavior tracking in online ads, respondents had strong feelings regarding punishment for the illegal use of their information. The majority felt fines should be more than $2,500 and 35 percent felt it was important for executives responsible for the illegal use to face jail time.
While the surveys are different, it does seem possible to conclude that companies should take the protection of private data more seriously as their customers may become a bit angry in the face of a misuse or beach of personal info. Companies may also want to evaluate their options for crisis management expenses coverage.