Most companies claim that privacy is a priority – chiefly because they believe consumers are more willing to do repeat business with them if personal information is carefully handled. But in reality, many companies are woefully inept at protecting privacy. Some companies view robust data protection as too expensive to consider seriously, so half-hearted steps are taken instead. Others see the penalty for data breaches and privacy failures as too low to generate much concern. In many instances, management of privacy policies is handed off to chief privacy officers who report to the corporate lawyers, not a C-level executive, and whose main responsibility is to make sure the company’s data policies are in line with government regulations and industry benchmarks. In other words, privacy is regarded as a risk that must be mitigated, not a strategic imperative.