We’ve heard the saying “Do As I Say, Not as I Do”—and it applies now to information security! People say they value privacy—defined herein as the control of disclosure of information about themselves and/or their transactions. This is true almost universally, even when they differ on their definition of control or what is ‘private” data. However, despite this valuation, you may be shocked to learn that many people—specifically information security professionals—do not conform to functional behaviours that reinforce this control, putting valuable information of all types at risk. The study upon which this presentation is based showed that information security professional in the US, UK and EU often fail to take advantage of technical and policy solutions that could help mitigate risks to their corporation. It is a wake up call for corporations worldwide, and challenges the attendee to examine his or her own behaviour in light of his corporate security culture.