Companies realise ROI on data privacy practices for the first time: Cisco

Initially considered as a precautionary information technology spend, investment in data privacy practices is finally paying off for companies, according to a study by networking giant Cisco.

Organisations have reaped a return of at least 2.7 times on their investment on average in data privacy practices, the San Jose-based company found.

About 70% of the 2,800 odd respondents in the 2020 Data Privacy study reported significant business benefits from privacy efforts. The number was at 30% last year.

Apart from ROI (return on investment), companies have also benefitted from better agility, increased competitive advantages, better customer trust and investor interest.

Firms with higher accountability scores, as given by the Centre for Information Policy’s Accountability Wheel, experienced lower costs of attack breaches, shorter delays and overall financial returns.  The accountability wheel is a framework for managing and assessing organisational maturity while the CIPL is a global privacy and security think tank.

"With this study, we now have empirical evidence of privacy investments paying off for companies—particularly with improved customer relationships, revenue impact, and real bottom-line results,” Harvey Jang, Vice President & Chief Privacy Officer at Cisco, said in a statement.

Privacy certifications such as ISO 27701, EU/Swiss-US Privacy Shield and APEC Cross Border Privacy Rules systems have become crucial factors for companies looking for third-party data privacy solution vendors, the study found. While 82% of organisations cited privacy certifications as a crucial buying factor while onboarding a vendor, the number stood at 95% for India and Brazil.

The increase in ROI from data privacy measures was a result of GDPR (General Data Protection Regulation) that came into effect in May 2018.

GDPR is considered as a turning point in data privacy and is expected to provide benefits such as improved consumer confidence, better data security, reduced costs and faster technology adoption.

Back in India, the Personal Data Protection Bill 2019 takes several elements from the GDPR. This includes prior consent before using individual data, limitations on what and how data can be processed by organizations and restrictions to ensure that only the necessary data required to render services is provided.  

For future data privacy investments, Cisco suggested that the budgeting should focus on improved transparency in processing activities, obtaining external privacy certifications (such as ISO, shield, CBPR, BCR etc) and building a strong organisational governance structure.