The next time you're plotting out messaging for a major campaign or announcement, you should probably loop your chief privacy officer in first.
The results of research conducted by the International Association of Privacy Professionals finds that less than a fifth of privacy leaders at Fortune 1000 companies feel they have adequate say in the marketing, advertising and PR decisions made by their companies.
"Marketing departments have become much more savvy, and sometimes aggressive about their data-use strategy," said Omer Tene, the IAPP's VP- education and research. "You see privacy officers trying to contain that or adjust the trajectory to be more conservative."
The report, "Benchmarking Privacy Management and Investments in the Fortune 1000," is the first of its kind for the fast-growing organization; the IAPP is on pace to double its membership ranks, from 10,000 members in 2012 to 20,000 by year's end.
This first batch of results describes a sector whose basic contours are beginning to take shape. "We see the emergence of the privacy program maturity curve," Mr. Tene said.
At one end of the curve sits an image of a company with a mature-stage privacy program. On average, those companies spend $4 million a year on privacy-related operations, with 25 full-time employees working on a whole host of concerns, including the safety and security of customer and employee data, ensuring compliance with industry- and government-mandated standards and training employees and management to more effectively manage the data that now pours into companies across the economy.
Non-mature companies spend about 67% less than that, or $2.4 million, on average. They also employ far fewer people dedicated to privacy operations and compliance; the average pre-, early or middle stage company employs less than four privacy professionals, while a typical middle stage company employs fewer than six.
A majority of those respective budgets go to employee salaries and benefits, though Mr. Tene said he expects more to be spent in years to come on training employees and management in how to properly safeguard data and sensitive information.
"I think down the road what we are going to see is privacy breaking out of the privacy office, and being disseminated through the organization," Mr. Tene said. "It's not going to be enough to have a team trying to contain responsible data uses in firms that have HR, and marketing and sales and product design."
Mr. Tene adds that as public and press awareness of privacy issues continues to heighten, it will be important for companies of all sizes to begin implementing. The longer a firm waits to implement a comprehensive strategy, Mr. Tene said, the more it has to lose.
"Even three guys in a garage," Mr. Tene said, "if they don't take privacy into account, chances are it'll come back to haunt them, sometimes before the IPO."