Hasgeek: Privacy Tech Survey v2

Introduction

This survey, conducted by Hasgeek, in partnership with Omidyar Network India, is aimed at broadly understanding privacy concerns and practices among middle and senior management inside tech organizations, and how factors such as regulated nature of certain businesses, compliance requirements, etc impact the development of privacy enhancing technologies.

Hasgeek invites you to participate in this survey, as a senior tech practitioner and leader in your organization. There are 32 questions in all and should take approximately 15 minutes to answer them. Please answer the questions below, about:

Your beliefs regarding privacy as a tech practitioner
The software development cycle and practice in your organization
The role of privacy and security in the products and services of your organization
Presence of compliance/legal department in your organization
Training and resources available to you in your organization
Your involvement with communities and networks related to tech, but not directly involved with your organization.
International, national and regional laws, and data protection policies, and the impact of compliance on your organization

There will be no direct or indirect benefit or monetary compensation for participating in this survey. There is also no monetary cost for you in participating in the survey. Hasgeek will not use your name in any of the information or analysis obtained from this study or in any of the research reports without your written authorisation to do so. Information that can identify you individually, or the organization you work for, will not be released to anyone outside the study. All data gathered through the survey will be anonymized. Aggregates will be presented to substantiate findings of the study.

For further information or if you have questions, email nadika@hasgeek.com

Question Title

* 1. Your Name

Question Title

* 2. What best describes your participation in this survey

An individual

As a representative of an organisation

As an interested outsider

I work for an organisation but these views do not represent them

As a consultant in the industry (not directly responsible for any one organisation)

Other (please specify)

Question Title

* 3. Name of the organization you work at

Question Title

* 4. Your title (Designation) in the organization

Question Title

* 5. Does your role require you to think about privacy or compliance on a regular basis?

Yes

Question Title

* 6. Technology domain area(s) of your organization

Gaming and Entertainment

Services and Consultancy

Big Data (AI, ML etc)

Data Security (Infrastructure Security, Tools etc)

Fin-Tech (Banking, Financial, Insurance, Finance, Lending)

Mobile Applications/Services

Social Networking/Media

Other (please specify)

Question Title

* 7. What is your gender?

Female

Male

Transgender

Prefer not to say

Question Title

* 8. Your educational background

Bachelor's Degree

Master's Degree

Ph.D.

Other (please specify)

Question Title

* 9. City

Question Title

* 10. Your Caste / Community

Upper Caste/Forward Caste

Other Dominant Caste

Backward Caste

Most Backward Caste/OBC

Scheduled Caste

Scheduled Tribe

Don't know/Cannot say

Prefer not to say

Question Title

* 11. Do you feel your gender, orientation, class, caste or other affiliations and social locations have impacted on your freedom to voice concerns about privacy?

Yes

Don't know/Cannot say

Question Title

* 12. How do you/does your organization look at the relationship between privacy and security?

They are closely related.

They are two distinct ideas and are not related.

They are two sides of the same coin and are fully inter-twined.

They are somewhat related.

Question Title

* 13. How does your organisation look at privacy respecting aspects of its products or services?

Privacy is a fundamental right, and is built into our products.

Privacy is a right, but is only available in premium versions of products.

Privacy is not a right, our products do not have privacy aspects.

Other (please specify)

Question Title

* 14. Which of the following statements accurately captures the attitude towards privacy in your organization/network?

Respectful and actively works to protect it.

Neutral.

It is not a concern at all.

Don’t know / Can’t say.

Does not apply.

Question Title

* 15. Does your organization have Standard Operating Procedures (SOPs) for engaging and handling criticism on privacy issues in your products?

Yes, we have a fully functional SOP.

No, we don’t have anything like that.

We aspire to have one, but could not find the time or resources to build one.

Does not apply

Don't know/Cannot say

Question Title

* 16. Would you agree that your organization is better in handling privacy and security issues in the products that it builds, compared to its peers in the industry.

Yes, we are the pioneers in this area.

We are broadly at the same level as that of our peers.

We lag behind our peers in this area.

We want to be leaders, but we don't know how to achieve this.

No, we really don’t care about this at all.

Does not apply

Question Title

* 17. Do investors, customers, or other stakeholders of your company care about privacy?

Yes, they care about it.

Yes, they often ask us to prioritize privacy aspects.

No, we often spend time and effort educating them about privacy.

Don't know/Cannot say

Question Title

* 18. I have a peer group within my organization, where I can discuss and freely express my views about privacy and data security.

Yes and it is a very active peer group.

Yes, but it is not very active.

No, I don’t have one.

Question Title

* 19. I have a peer group or safe space outside my organization where I can express my views and learn from other practitioners about privacy and data security.

Yes, and it is very supportive and helpful.

Yes, it is somewhat helpful.

No, I wish I had access to an informal community.

Question Title

* 20. Which of the following best describes the product design and development practices of your organization, when it comes to Privacy?

Features First, Ship fast, Privacy comes later.

Privacy first design and development cycle.

Features First, Ship fast but we do have Privacy and Security reviews as part of the process.

Features First, Ship fast, but I really wish that we do Privacy and Security reviews as part of the process.

Don't know/Cannot say

Does not apply.

Question Title

* 21. Which of the following best describes the training and resources in your organization about privacy aspects during product design and development?

Provides enough information and resources about privacy.

Provides some information and resources about privacy.

Does not provide any information.

Does not apply

Question Title

* 22. Which of the following statement best applies, when you are building a product and make design decisions on the features

We have resources and guides to make decisions, if our implementation will have an impact on user privacy.

We have a go-to department/person who will advise us, if our implementation has an impact on user privacy.

We have both - resources, guides and a go-to department/person.

We have none - no resources, no guides, no go-to department/person.

Question Title

* 23. We have a learning and development budget for our product teams to enhance our understanding of privacy and security risks, while making feature and design decisions.

Not available.

Don't know.

On actual basis on approval from management.

We have a no-questions-asked budget for this purpose

Other (please specify)

Question Title

* 24. If you had to find out more about regulations applicable to your business, you can ask someone in your organization.

Yes

Don't know/Cannot say

Question Title

* 25. Does your organization have a Chief Data Officer (CDO), or Legal department which looks into risk and compliance?

Yes

Question Title

* 26. If you answered Yes to the above question, who does the CDO or Security team report to?

Question Title

* 27. Does your organization's CDO/Risk and Compliance/Security/Legal team have veto power over the product/engineering team when questions of data security or privacy are raised?

Yes

Don't know/Cannot say

Question Title

* 28. What is the approximate size of the team in your organization that looks into legal/compliance/regulatory aspects?

1 - 5

6 - 50

More than 50

Question Title

* 29. If your organization has compliance standards imposed by regulatory authorities, which of the following best describes your development practices

We have periodic audits by a third-party to review our standards compliance.

We have an internal team that is responsible for our standards compliance.

We have both: audits by third parties and an internal team.

Other (please specify)

Question Title

* 30. Which of the followings laws are you required to comply with? (Select all that apply)

CCPA

GDPR

HIPPA

Other (please specify)

Question Title

* 31. What are the data governance practices and policies that your organization has adopted for complying with these regulations?

Current Privacy/Data Retention policy

Infrastructure/Cloud storage policy

Accuracy in data collection, data minimisation

Data localisation

Anonymisation

Data security audits

Purpose and Time limitation

Data erasure on request

Other (please specify)

Question Title

* 32. What are the consent management policies and practices that your organization has adopted for complying with regulations?

Consent management tools and processes

More user friendly cookie policy and privacy policy

Paper trails, transparency, and accountability

Privacy, data security audits

Social engineering audits

Other (please specify)

Question Title

* 33. Do you agree the information, resources and training your organization provides regarding privacy and security has been useful to you and your teams.

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree