A growing number of businesses are struggling with increasingly complex privacy laws and often falling short of compliance when it comes to safeguarding consumer data, a new survey finds.

Despite boosting privacy protection budgets and enacting stricter policies, many high-earning companies still aren't meeting federal and state requirements, according to Iron Mountain, a Boston-based data protection firm.

In a recent survey of 115 professionals that oversee their company's privacy efforts, only 59 percent said they felt familiar enough with their state's privacy laws, while a third failed to recognize federal mandates on a questionnaire.

Colleen Langevin, a vice president at Iron Mountain, said it's no longer enough for companies to simply say they have a policy in place for destroying sensitive information.

"Now organizations must prove their policies and procedures actually work," Langevin said in a statement.

She said businesses must demonstrate efforts to document privacy policies, train employees, audit their behavior and oversee service providers.

New Red Flag Regulations added to the Federal Trade Commission's Fair and Accurate Credit Transaction Act, or FACTA, which include guidelines for identifying data theft risks, are expected to go into force later this year.


Correction: An earlier version of this story misstated aspects of new regulations added to FACTA.