Nearly three-quarters (73%) of companies are collecting more personal data than last year, but 51% do not provide clear information about how collected data is used. American end-user distrust in enterprise data collection practices has increased compared to previous years, with 92% of Americans describing themselves as very or somewhat concerned about protecting their personal data.

The Corporate Data Responsibility Survey 2022 from KPMG asked business leaders and American consumers about their data privacy practices and concerns. The survey found that 83% of consumers are concerned about companies selling their personal data — and 25% of companies do sell personal data to third parties.

Of companies who collect personal data, 79% list consumer engagement on their site is their top source of user data. Thirty-five percent of surveyed businesses buy consumer data from third parties, and 40% of business leaders plan to buy data in the future.

The survey found that while 73% of organizations are collecting more data than last year, multiple data collection measures have decreased across companies — when it comes to data breaches, 45% of companies reported giving users timely, clear data breach reports, compared to 56% in 2021. Data privacy & security training measures decreased 20% in 2022 when compared to the previous year.

The report noted the potential liability of the decrease in employee data security training, highlighting that four in five American employees received no cybersecurity training in 2022. The report recommended implementing security and data privacy policies organization-wide as both a business differentiator and a compliance mechanism.

For more report findings, click here.