Analyst Report
Microsoft Study on Data Collection and Role Collaborations Within Organizations
Published: 10/1/2007
This paper researches perceptions of different groups of information stakeholders on how privacy and data protection risks are being managed in their organizations. The study is based on survey results collected in September 2007.

Summary
Microsoft believes that there are significant benefits to organizations that take a holistic approach to the management of privacy risks. The first step is understanding how the organizational groups closest to the protection and use of personal information perceive the current state of privacy risk in their organization and what the ideal state would be. This study provides some insight for such understanding.
The next step is for organizations to involve privacy, security and marketing practitioners in creating a strategic and holistic approach to privacy risk. The study's findings reveal that although people who collect and use customer information recognize the value in protecting trust in their organization, their perceptions and behaviors often are at odds with those of privacy and security professionals. This suggests that organizations need to develop a common understanding among the various parties interested in the use and protection of data about how to safeguard personal information while not impeding business objectives.
Included in this document
  • Collaboration among security and privacy practitioners in an organization seems to reduce the risk of a compromise or breach of personal information.
  • People who collect and use data don't often consult with security and privacy professionals.
  • Individuals responsible for safeguarding data do not share the same views as the people who collect and use data.
  • Security and privacy professionals believe negligence in data use and sharing is the biggest threat to data protection practices.
  • Privacy and security practitioners are aligned in their perceptions that companies are at risk if data protection practices are lax.
  • Preserving or enhancing an organization's reputation and trust is important, especially for professionals who collect and use data.
  • Who has the most influence over the company's data protection practices?
  • Organizations where there is a lack of effective collaboration and a higher incidence of data breach have a strong desire to formally combine privacy and security roles.
  • Differences in regulations and how personal data is defined affect perceptions on how privacy risks should be managed.