Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


About Our Strategic Consulting

Ponemon Institute offers the following strategic consulting services to assist organizations.

Privacy Strategy, Assessment and Assurance

We assist organizations in the private and public sectors in the development of a strategic vision for privacy and data protection. Some of our consulting services include:

  • Guidance on how the organization’s privacy and data protection program should be structured and staffed.
  • Analysis based on Ponemon Institute’s benchmark data that compares the organization’s privacy and data protection practices to others in their industry. 
  • Risk assessments to determine privacy and data protection gaps.
  • Preparation and review of policies and procedures.
  • On-going counsel on privacy and data protection issues and related regulatory trends in the U.S. and around the world.
  • Development of a data classification schema to assist organizations in understanding potential business and regulatory risks.

Privacy and Data Protection Training and Awareness

We assist organizations in the private and public sectors in all facets of privacy and data protection training.

  • Design and customize training programs for advancing awareness of an organization’s commitment to good privacy and data protection practices.
  • Assist in the measurement of the training program’s effectiveness.
  • Data@Risk is an innovative, team-building game about privacy and data protection issues in an organization. The goal is to increase awareness and understanding about how to respond to real-world consumer privacy and data protection situations and conflicts. The game can supplement existing privacy awareness programs in an organization and build teamwork.

Global Compliance and Safe Harbor Certification (Under the Department of Commerce—European Union Safe Harbor Agreement)

We assist organizations in becoming Safe Harbor certified. The typical steps involved are: 

  • Privacy risk assessments and gap analysis focused on trans-border data flows, analysis of policies, information sharing agreements or other related materials describing the transmission of regulated data from European Union countries to the United States and other non-EU locations around the globe.
  • General assessments of existing privacy and data protection activities with comparison to known benchmarks for data protection with focus on all personal information including customer, consumer, and employee data and the evaluation of data security architecture with in-house IT department and, possibly, outsourcing vendors.

Privacy Impact Technology Assessments Based on Responsible Information Technology Principles

These assessments are conducted to determine whether a product is consistent with the developer’s privacy objectives and commitments. Typical steps include:

  • Development of a strategic plan for managing potential privacy and data protection risks associated with the collection and management of personally-identifiable information associated with the technology.
  • A privacy and data security assessment to determine risks associated with privacy regulations and scrutiny by consumer advocates and their potential impact on the business model.
  • Guidance on the creation of a privacy office, governance structure and board of advisors for privacy and data protection issues.
  • Tactical guidance on the development and execution of privacy and data protection policies and procedures.

Our final report will include privacy and data security policies and procedures and recommendations on the development and execution of privacy and data protection policies and procedures.

Benchmark Analysis of Corporate Privacy Practices

Ponemon Institute’s Corporate Privacy Practices Benchmark Tool enables companies to benchmark their privacy program and activities against other organizations. The tool focuses on eight (8) functional areas: privacy policy, communications & training, privacy management, security methods, privacy monitoring, choice and consent, redress and enforcement. 

Privacy Breach Index ™ Benchmark Report

Ponemon Institute created a benchmarking tool called the Privacy Breach Index (PBI)™ to measure the ability of companies to respond to a data loss or theft, especially when it concerns information about people and their families. The Privacy Breach Index (PBI) benchmark tool can assist companies to do the following:

  • Improve existing procedures and safeguards for prevention of a data breach.
  • Determine areas where an organization is most vulnerable to a data breach.
  • Benchmark your organization’s response to a data breach against other companies.

The PBI survey questions address the core activities that encompass all aspects of a company’s data loss incident response, such as: detection and forensics, escalation to management, notification quality and timeliness to breach victims, support to breach victims (such as credit monitoring or identity theft protection), post-mortem response, reputation management and response to regulatory or legal action. Your responses will be benchmarked against the responses of other organizations.