20 May 2020

US company leaders admit value of data is tempting businesses to sidestep rules, survey finds

Survey shows 78% of respondents believe companies willing to take risks to unlock greater value despite privacy concerns

Data privacy

Data privacy: the survey found that 97% of organisations plan to increase spending on data privacy over the coming 12 months. Shutterstock

More than three-quarters of leaders of large US companies believe businesses are being tempted to side-step privacy regulations because data is so important to them, according to an FTI Consulting survey.

In the poll of more than 500 leaders of US-based private-sector companies, 78% of the respondents agreed with the statement: ‘The value of data is encouraging organisations to find ways to avoid complying fully with data privacy regulation.’

The Future-Proofing Corporate Data Privacy report also found that 87% of respondents believe that taking steps towards compliance will help them deflect regulatory scrutiny.

Even so, 97% of organisations said they plan to increase spending on data privacy over the coming 12 months, with a third of those expecting budgets to roughly double.

Jake Frazier, a senior managing director at FTI Technology, said: “The survey demonstrated a general awareness and understanding of the many risks and challenges at play in the data privacy arena. That’s encouraging because as illustrated by the changed landscape effected by the Covid-19 pandemic, a proactive, engaged approach to compliance is invaluable.”

Some 44% of respondents said they expect a lack of awareness and training to be the main data privacy challenge this year. Organisations said they were likely to introduce a range of measures to improve data privacy, such as establishing a clear, consistent set of data privacy standards, updating agreements and contracts with external parties, reviewing standard data privacy practices of supply chains, and building privacy-by-design programmes.

The report follows on from an FTI survey published in March which found that almost 60% of US companies are not equipped to properly assess how compliant they are with privacy regulations. Four in every five organisations said they feel at risk of being hit by a data privacy crisis, with more than a third fearing they are very vulnerable.

Earlier this year, a DLA Piper survey on GDPR data breaches found that regulators had already imposed €114mn of fines under the EU’s new data privacy rules, underscoring the challenges companies face to become fully compliant.

At the time, Patrick Van Eecke, chair of DLA Piper’s international data protection practice, said: “The early GDPR fines raise many questions. Ask two different regulators how GDPR fines should be calculated and you will get two different answers. We are years away from having legal certainty on this crucial question, but one thing is for certain, we can expect to see many more fines and appeals over the coming years.”

The FTI Consulting survey was conducted during November 2019. The respondents all had knowledge of their organisations’ data privacy policies and activities. Sixty percent held titles in senior management or the C-suite, and 28% held middle-management roles, across a range of industries, including ICT services, financial services and manufacturing. 

Further reading on data and privacy

US companies lack resources to check on data privacy compliance, survey finds — More than half of respondents unsure if they are fully compliant with new regulations

Total GDPR fines climb to €114m as companies struggle to comply with regime

GPR regime emerges as early candidate for post-Brexit divergence

Data ethics transforming privacy law after 'social media hangover'

Relief after ECJ backs global data transfers

Calling out e-privacy regulation shortcomings