Get Instant Access
to This Blueprint

Security icon

Embed Privacy and Security Culture Within Your Organization

Drive employee engagement with privacy and security via governance and process integration.

Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.

However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.

Our Advice

Critical Insight

To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.

Impact and Result

  • Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
  • Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
  • Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.

Embed Privacy and Security Culture Within Your Organization Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a culture of privacy and security at your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Define privacy and security in the context of the organization

Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.

2. Map your privacy and security enablers

This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.

3. Identify and track your engagement indicators

This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.

Drive employee engagement with privacy and security via governance and process integration.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define Privacy and Security in the Context of the Organization
  • Call 1: Scope requirements, objectives, and your specific challenges.
  • Call 2: Align business goals and strategic objectives with privacy and security.

Guided Implementation 2: Map Your Privacy and Security Enablers
  • Call 1: Align business goals and strategic objectives with privacy and security, continued.
  • Call 2: Identify privacy and security behaviors for each business group.

Guided Implementation 3: Identify and Track Your Engagement Indicators
  • Call 1: Identify and select your privacy and security engagement metrics and reporting structure.
  • Call 2: Establish your metric owners, reporting procedures, and cadence.


Aaron Shum

Cassandra Cooper

Alan Tang

Logan Rohde


  • Tom Pendergast, Writer, Security and Privacy Awareness Specialist, Speaker
  • Steve Stadler, Senior Program Manager, Privacy, Ancestry
  • Robert J Toogood, Subject Matter Expert in Digital Risk
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019