Companies will have to tweak existing privacy policies to address challenges from cloud-computing, location-based services, data breaches and regulatory changes by the end of 2012, Gartner said.
As a result of recent
high-profile data breaches and various changes in technology, organizations are
expected to revise privacy policies by the end of next year, Gartner
As cloud computing and
location-based services proliferate, organizations are grappling with the
privacy implications of having data reside outside corporate control, Gartner
said in its latest report released Aug. 8.
The steady string of data
breaches that have hit practically every industry sector and organizations of
all sizes, and changes in compliance regulations will also force organizations
to review and revise their current privacy policies before the end of 2012,
Gartner analysts said.
New threats to personal data
and privacy emerged in 2010, but budgets for implementing privacy protection
remained low, wrote Carsten Casper, research director at Gartner. Casper
expects the budget crisis to continue throughout 2011 and 2012, with privacy
programs "chronically underfunded."
More than half of companies
will tweak the policies they already have to bring them up-to-date with new
technologies and computing models, Gartner said. Data breaches ranked high on
the priority list because they affect so many aspects of the business. But
preparing for and following up on breaches was "straightforward," and
privacy officials should not be spending more than 10 percent of their time
dealing with data breaches, according to Gartner.
"Most controls exist
anyway if security management is working properly," according to Gartner.
Regardless of what Gartner
suggests, organizations are spending a lot of time resolving data breaches.
Sony spent nearly a month rebuilding
the PlayStation Network after a massive attack compromised user accounts in
April. Sony will spend more months and years dealing with lawsuits from
damages as a result of the data breaches.
A recent Ponemon
Institute and HP Arcsight report found that the average time to resolve a
cyber-attack was 18 days, and that a malicious insider attack could take more
than 45 days on average to contain.