More than half of privacy professionals in Oceania are expecting reduced budgets in 2024, sparking concerns across the sector, according to ISACA's Privacy in Practice 2024 survey report. Furthermore, only a third of organisations find it simple to navigate their privacy requirements, leading to low confidence rates among respondents.

A serious 56% of privacy professionals in the Oceania region predict a decrease in budget, compared to 51% globally. Moreover, 43% of global respondents report that their privacy budget is underfunded, and a mere 36% believe that their budget is adequately allocated.

Despite new enhancements to privacy regulations worldwide, including Australia's Privacy Act Review Report in 2023, only 39% of Oceania respondents reveal they find it straightforward to understand their organisation's privacy obligations. This had led to deficient confidence, with only 44% of Oceania respondents expressing extreme or complete faith in their privacy teams' capacity to meet data privacy and adhere to new regulations.

ISACA's Oceania Ambassador, Jo Stewart-Rattray, declares the results as reason for extensive global concern, especially concerning budget deficits, low confidence and a lack of clear understanding regarding compliance.

"Every organisation in ANZ and across the world, from SMEs through to enterprise, has a responsibility to protect the privacy of its customer and stakeholder data. It is paramount that organisations understand what is expected of them in order to devise an effective privacy policy and implement accordingly," said Stewart-Rattray.

Apart from difficulty in understanding privacy regulations, organisations in Oceania and across the globe face challenges such as a lack of competent resources (41%), unclear mandates, roles and responsibilities (39%), lack of executive or business support (37%), and a lack of visibility and influence within the organisation (37%). However, 62% of global respondents expect an increased demand for technical privacy roles in the future, compared to 55% for legal/compliance roles.

Organisations are attempting to tackle these problems by focusing on training and learning. Half of global respondents (50%) are training non-privacy staff to transition into privacy roles, while 39% are expanding the use of contract workers or external consultants. Measures also include offering privacy awareness training to employees, with 86% claim to provide it, and 66% providing it annually. Furthermore, 60% review and revise privacy awareness training at least once a year.

Despite these issues, it was found that 63% of respondents experienced no significant privacy breach within the last year, with 18% reporting no change in the number of breaches suffered. Respondents appear to be optimistic about the future, with less than 1 in 5 (16%) expressing an expectation for a privacy breach within the next 12 months.

The survey results highlight some key advantages for organisations practicing 'privacy by design'. The median staff size employed in privacy roles was greater in these organisations (15 vs. nine) and were more likely to consider their privacy budget as appropriately funded (50% vs. 36%). These organisations were also less likely to perceive their privacy programmes as purely compliance driven and were more likely to align their privacy strategy with organisational objectives.