Two Surveys: A Look at Personal Data Protection

A survey of about 500 companies conducted by Imperva and Ponemon Institute studied the level of compliance with the Payment Card Industry’s Data Security Standard (PCI DSS).  The results show that 71 percent of the companies surveyed do not view data security as “a strategic initiative across the enterprise.” Further about half of the companies surveyed indicated that they are not “proactive in managing privacy and data protection risks.”  Twenty-five percent of the respondents said they are not currently compliant with PCI DSS requirements. The other 75 percent had varying levels of compliance.


In a separate survey conducted by professors at the University of Pennsylvania and the University of California, Berkeley, 1000 adult Internet users were queried on their opinions regarding behavioral advertising and their knowledge of privacy law.  Regarding the privacy law issue, 62 percent of those surveyed mistakenly believe that if a website has a privacy policy, then it cannot share info about the user with other companies without permission.  (This would seem to suggest, much like Terms of Service agreements found on websites, users are not necessarily reading the website privacy policies.)  Additionally, 46 percent of the respondents mistakenly answered true to this statement:  “If a website violates its privacy policy, it means that you have the right to sue the website for violating it.”


In a section of the survey regarding behavior tracking in online ads, respondents had strong feelings regarding punishment for the illegal use of their information.  The majority felt fines should be more than $2,500 and 35 percent felt it was important for executives responsible for the illegal use to face jail time.


While the surveys are different, it does seem possible to conclude that companies should take the protection of private data more seriously as their customers may become a bit angry in the face of a misuse or beach of personal info.  Companies may also want to evaluate their options for crisis management expenses coverage.