Over one third of organisations still take privacy aspects in an ad hoc manner, according to the latest Gartner's survey.
The maturity level towards organisations' privacy activities has reportedly dropped since 2011, as several of them believe their existing privacy activities as insufficient.
About 43% of surveyed organisations implement comprehensive privacy management programme, while 7% admitted 'doing the bare minimum' about privacy laws.
Gartner research vice president Carsten Casper said that so many companies are saying that they are not conducting privacy impact assessments before major projects.
"62% do not scan websites and applications, or conduct an organisation-wide privacy audit every year. Organisations must put these activities on their to-do list for 2014," Casper said.
"Organisations continue to invest more in privacy due to ongoing public attention and a number of new or anticipated legal requirements," said Mr. Casper.
"They also show that previous investments have not always paid off and that organisations need to refocus their privacy efforts if they want to raise the maturity level of their privacy programs back to that of 2011."
The report noted that several organisations are planning to improve their privacy activities via increased recruitment and budgets to begin comprehensive privacy programmes to address challenges associated with cloud, mobile, big data and social computing.
According to research firm, formation of the right staffing model is crucial to the long-term success of privacy programmes, while the privacy officer would also play a vital role.
"Gartner's consistent observation is that privacy programs are only successful if someone is driving them," Casper said.
"Almost 90% of organisations now have at least one person responsible for privacy. However, having privacy programmes that are owned by this individual is still not the norm."
"Only 66% of survey respondents said they have a defined privacy officer role - although the number is as high as 85% in Germany and similar countries where this role is a legal requirement."
Privacy officer are also required to possess wide skills and solid relationship management and communication skills, as they would be responsible to examine diverse business and IT requirements as well as partner with different internal and external business operations.
Survey reveals that the requirement to deal with privacy concerns more decisively is already being reflected in investments made by organisations.
Over 32% of surveyed said that their organisations have boosted privacy-related staff from 2012 to 2013.
The commissioning of right team in place with prioritised privacy programmes as the number one objective would enable effective monitoring of privacy-related performance and allow proper adjustments processes and technologies, mainly for data masking, encryption, data storage and document retention.
According to survey respondents, the handling of personal information for employees, customers and citizens is of major concern to be included in a privacy programme.
About 38% of organisations tailor personal data prior to its transmission abroad, which keeps the sensitive data local, while enabling some functionality abroad, while 29% organisations preferred domestic storage, remote storage with only local access (27%) and focus on legal protection (22%).
"When storing and accessing personal data, organisations face a number of options. They can store data locally or in a low-cost country, allow access to domestic or remote staff, use a provider for application management or for infrastructure management, or implement legal and technical controls, such as data masking, tokenisation and encryption," Casper said.
"There is no right or wrong answer. Organisations have to decide which type of risk they want to mitigate, how much money they want to spend and how much residual risk they are willing to accept."