New Research Shows Persistent Technical Privacy Skills Gaps Are Impacting Privacy Programs

SCHAUMBURG, Ill.–(BUSINESS WIRE)–Ahead of Data Privacy Day on January 28, new research from ISACA explores the latest enterprise privacy trends—from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust.

The report highlights that both legal/compliance (46 percent of respondents) and technical privacy roles (55 percent of respondents) at enterprises are understaffed, and the issue has only worsened since last year. Forty-one percent also report that the biggest challenge in forming a privacy program is a lack of competent resources.

However, just 25 percent note they have open privacy legal/compliance roles, and 31 percent indicate they have open technical privacy roles. Respondents also largely expect that privacy professionals will only become more in-demand, with 63 percent anticipating increased demand for legal/compliance roles and 72 percent expecting more demand for technical privacy roles.

Respondents indicate they are looking for three key things in privacy professionals: compliance/legal experience (62 percent), prior hands-on experience in a privacy role (56 percent) and technical experience (48 percent). A university degree is not necessarily a prerequisite—29 percent of respondents say that it is not an important factor when evaluating a candidate. However, respondents indicate they also see skills gaps in candidates, including:

  1. Experience with different technologies and/or applications (64 percent)
  2. Understanding the laws and regulations to which an enterprise is subject (50 percent)

    Experience with frameworks and/or controls (50 percent)
  3. Lack of technical experience (46 percent)

“People are an essential component of any privacy program, both the privacy professionals driving the work forward and employees across the enterprise who follow good data privacy practices,” says Safia Kazi, ISACA Privacy Professional Practice Advisor. “Enterprises need to sufficiently invest in their privacy programs and teams, not only to retain privacy staff and upskill talent to fill open roles, but to also prioritize privacy training efforts to ensure all employees are supporting privacy initiatives.”

Despite staffing and skills issues, 41 percent of respondents report they are very confident or completely confident in the ability of their privacy team to ensure data privacy and achieve compliance with new privacy laws and regulations. One in 10 respondents’ enterprises have experienced a material privacy breach in the last 12 months, consistent with last year’s results.

Survey respondents mention that these are the most common types of enterprise privacy failures:

  1. Not building privacy by design in applications or services (63 percent)
  2. Lack of training (59 percent)
  3. Bad or nonexistent detection of personal information (47 percent)

Regarding privacy training at enterprises, most (71 percent) respondents perceive privacy training to have a positive impact. However, many may approach it as a “check the box” exercise, with nearly 70 percent indicating that they evaluate the success of a privacy training program by looking at the number of employees who complete the training rather than measuring the efficacy of the training.

“Privacy professionals are vital in driving transparency and accountability across their organizations, and that has never been more important, as more consumers, employees and investors dictate the success of organizations that they do, or don’t, trust,” notes Alex Bermudez, OneTrust Privacy Manager. “The role of the privacy professional continues to evolve, with many now taking their organizations on a journey from compliance to building trust as a competitive advantage: helping to make companies stand out based on the values they hold and the commitments they fulfil. Continuing to monitor the changes in resources, board-level sponsorship, and the positive trajectory of privacy at-large form an important part of a privacy professional’s value, and impact on an organization.”

The survey report will be discussed in the free webinar, “The State of Privacy: 2022,” on 27 January at 12:00 p.m. EST. Register for the event—which offers one free CPE credit for ISACA certifications—at Afterwards, the webinar will be available to access online for free for an additional year.

Access the complimentary Privacy in Practice 2022 survey report and additional privacy resources and articles at Information on ISACA’s privacy resources, including the Certified Data Privacy Solutions Engineer™ (CDPSE™) certification, is available at ISACA also hosts a Privacy group in its Engage online forums.


For more than 50 years, ISACA® ( has equipped individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enabled enterprises to train and build quality teams. ISACA leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries and more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation.

About OneTrust

OneTrust is the category-defining enterprise platform to operationalize trust. More than 10,000 customers, including half of the Fortune Global 500, use OneTrust to make trust a competitive differentiator, implementing central agile workflows across privacy, security, data governance, GRC, third-party risk, ethics and compliance, and ESG programs.

The OneTrust platform is backed by 200 patents and powered by the OneTrust Athena™ AI. Our offerings include OneTrust Privacy, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust Vendorpedia™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.


Emily Van Camp,, +1.847.385.7223

Kristen Kessinger,, +1.847.660.5512

error: Content is protected !!