CIOs rank corporate data breaches and
privacy regulation only ninth in their top ten IT risks to
business, according to a survey by
Ernst and Young.
That is despite ranking information security as the top concern
in the survey of more than 80 CIOs and internal auditors at large
businesses in the UK, Ireland and Sweden.
Erol Mustafa, head of IT internal audit services at Ernst and
Young, said the gap was probably due to the fact that privacy is a
much broader issue than IT security.
He said privacy was made up of many different parts such as
appropriate policies, training, and awareness that did not normally
fall under the CIO.
Mustafa said internal auditors had a role to play in working
with IT to ensure data privacy was properly addressed by including
it in overall
risk management strategies.
He said companies also had to pay attention to data privacy
requirements when negotiating outsourcing deals because they often
failed to meet standards.