By: David Marshall
Each year, on January 28th, we acknowledge Data Privacy Day – a global initiative committed to spreading awareness and advocating for best privacy and data protection practices. This initiative echoes in the United States, Canada, Nigeria, Israel, and across 47 European countries.
The essence here is clear – data privacy is not just a right; it’s a shared responsibility for every internet user. So, let’s navigate this landscape vigilantly, acknowledging the importance of preserving our digital identities and personal information.
To honor this day, VMblog has compiled some detailed perspectives and tips from a number of industry experts.
Here is what the experts have to say:
++
Anthony Cusimano, Solutions Director at Object First
NIS2 in Europe was a significant first step that will push many non-EU member states to think more about their own data privacy. With the number of breaches, leaks, and information dumps readily available for download from the various pastebins of the net and the sheer amount of spam emails and calls I’m receiving daily, something has to change. We should absolutely expect US states to continue to enact or tighten their data privacy requirements and enforcements as the issue continues to spread due to the threat of bad actors and customers taking data privacy more seriously.
However, on the personal side, the average tech user is becoming less concerned about data privacy. We see this very clearly on every social media platform, where folks are too willing to share their most personal information in the public square for anyone to see: birthdays, addresses, medical records, and credit card statements. People are getting bolder and bolder when it comes to sharing things they shouldn’t for the sake of a few imaginary internet points, which concerns me. While businesses should always be at the forefront of data privacy and security, we see how often breaches occur, and this should spurn outrage, but that doesn’t mean much if a large number of digital citizens are giving it all away for free and creating more opportunities for bad actors to use their information to do more harm.
It’s a challenging problem to solve, and I don’t think there are many reasonable solutions beyond sharing the concern and educating our friends and family about the importance of securing their data and holding businesses accountable for doing the same; otherwise, the issues we deal with today will only get worse.
++
Darren Guccione, CEO and Co-Founder at Keeper Security
Global cyber threats are growing more prevalent and sophisticated every day. As we prepare to mark Data Privacy Day, there’s no better time to reflect on the pivotal role of zero-knowledge encryption in protecting your business against cyber threats.
Zero-knowledge encryption is as secure as it gets. It ensures that only the user has access to their data – period. With true zero-knowledge encryption, your information is encrypted and decrypted directly on your device, meaning the service provider doesn’t hold the keys, even for recovery or troubleshooting. This level of control goes beyond what traditional security tools, or even “almost” zero-knowledge solutions, can offer. “Almost” solutions still leave potential vulnerabilities, with access points or backdoors that undermine your security. With zero-knowledge, there are no loopholes – just absolute confidentiality.
As businesses, we hold a responsibility to protect client data, intellectual property and everything in between. Zero-knowledge encryption plays a pivotal role in fulfilling that duty. When your data is protected at every stage – whether in storage, transit or in use – you’re reducing the risk of exposure from every angle. True zero-knowledge encryption is a crucial step for businesses in building a comprehensive security strategy. As cyber threats grow in frequency and complexity, taking decisive action to protect your data is essential to staying ahead of bad actors.
++
Michelle King, CIPP/US, Index Engines
Data Privacy Day is all about championing the protection of personal information and spreading the word on best practices in data security. By focusing on trusted data integrity, adopting a recovery-first mindset, and leveraging new technology including AI, we can truly support these goals. Prioritizing data recovery means we’re always prepared to resume operations after breaches with minimal data loss, and AI-driven security measures give us the edge in detecting and responding to the most sophisticated attacks. Together, these principles build trust and create a safer digital world for everyone.
++
Nick Burling, Senior Vice President Product at Nasuni
As large organizations adopt advanced machine learning and AI models—making them an essential part of operational workflows—safeguarding these systems has become increasingly critical. As data’s value grows, so does its appeal to increasingly sophisticated threat actors. Cyber threats have evolved to target AI systems directly, using advanced methods like embedding corrupted models or compromising frameworks. These threats make data security and recovery just as vital as protection itself.
According to Nasuni’s latest 2024 Industry Report, the need for data security and ransomware protection in cloud environments is growing, as security concerns are the top barrier preventing many firms from migrating their data to the cloud. Forty-five percent of organizations cite security as their main challenge when managing file data, surpassing other concerns including cost, training, or complexity. However, gaps persist in cybersecurity preparedness, as companies lack real-time detection tools and a plan for responding to attacks. This new reality will continue to drive organizations to rethink their security frameworks, making data protection and rapid recovery the backbone of any AI strategy.
Some may think that the solution is to restrict the overall access to data—since, generally speaking, restricting access typically means increased security—like feeling safer when you lock your doors at night, limiting entry for intruders. However, in cybersecurity, more access to data is crucial for protection. Organizations need solutions that provide seamless data access and advanced visibility tools in order to fight off threats. Capabilities that enable proactive vulnerability detection, rapid data recovery, and the ability to lock down sensitive files during an attack, are critical in protecting critical information from exploitation. To thrive in this environment, businesses will need to implement robust data security measures to prevent attacks while ensuring they can swiftly restore data-driven operations if the worst occurs.
++
Richard Cassidy, Field CISO, Rubrik
As we mark Data Privacy Day 2025, artificial intelligence (AI) should be at the top of the priority list for all security and technology leaders — especially as we navigate the competing mandates and regulations worldwide. For global businesses, it will be critical to have a firm grasp on all legislation to ensure they leverage AI in a regulated way. Noncompliance will result in costly financial and reputational damage.
To keep pace with AI’s rapid evolution and proliferation, organizations must have a comprehensive, continuous understanding of their data inventory — knowing where sensitive data lives and ensuring it has the correct security posture. Organizations must give customers the confidence that their data is secure–no matter where it lives–while they tap into the full potential of AI. One key way for security leaders to achieve continued compliance and assurances for their customers is to embed data privacy by design into every process system operation they build. They must also closely collaborate with key stakeholders, including legal and compliance teams. Privacy is not just a security responsibility — it falls onto every department across the entire business.
++
Veronica Torres, Worldwide Privacy and Regulatory Counsel at Jumio
Data Privacy Day serves as a pivotal moment to reflect on the importance of safeguarding personal information in an increasingly interconnected world. As we charge through the new year, digital transactions have all but replaced the physical. Personal data stands as the currency of the modern world. Privacy is not just a good to have, it must be seen as a fundamental right.
Jumio research reveals significant consumer concerns about online safety. A staggering 72% of global consumers report worrying daily about being deceived by deepfakes into sharing sensitive information or funds. Additionally, 68% of consumers know or suspect that they’ve been a victim of online fraud or identity theft, or that they know someone who has been affected.
Cybercriminals have AI in their toolbox to exploit business and unless businesses fortify their security with AI-powered solutions, they stand little chance against these culprits. Legacy systems, such as passwords or basic multi-factor authentication, are often inadequate against these sophisticated attacks. It is time for advanced security like AI-powered biometric identity verification and liveness detection to become the new standard. These tools are critical to maintaining user trust and securing data.
It is the responsibility of every organization to encourage individuals to understand how their data is used and protected. When every party is involved in this conversation our digital ecosystem strengthens, and trust is built. Data Privacy Day reminds us that maintaining privacy is a shared responsibility, demanding innovation, vigilance and collaboration to navigate the challenges of the digital age confidently.
++
Doug Kersten, CISO, Appfire
Data breaches remain one of the most persistent threats to digital security, forcing both individuals and organizations to adopt a new mindset: assume that sensitive data—whether personal or organizational—may already be compromised. In this reality, personal data can no longer be treated as inherently private. Instead, the focus must shift toward accountability and resilience. Organizations bear a critical responsibility to safeguard the information they control, even as breaches from other sources become increasingly common.
Data Privacy Week serves as a timely reminder of these growing risks and the importance of proactively protecting sensitive information. The future of privacy hinges on mitigating the impact of breaches through decisive strategies, including strict access controls, layered security protocols, and comprehensive employee education on securing critical accounts and data.
By fostering a culture of privacy awareness and embedding these principles into daily operations, organizations can reinforce trust, demonstrate responsibility, and safeguard the individuals behind the data they manage.
++
Patrick Harding, Chief Product Architect, Ping Identity
Data Privacy Week serves as a crucial moment to reflect on the evolving digital security landscape and the pressing need to prioritize privacy in our interconnected world. With 87% of consumers expressing high or moderate concern about identity theft or fraud—a staggering 24% increase from 2023—it’s clear that confidence in the digital ecosystem is eroding. This growing apprehension highlights the urgent need for businesses to protect personal information and restore trust in online interactions.
At the core of consumer expectations lies a strong demand for security, with 78% citing it as their top concern regarding digital experiences. Security and privacy are no longer just technical requirements—they are fundamental to building customer trust and loyalty. Without robust measures to safeguard data, businesses risk not only reputational damage but also the erosion of consumer confidence.
Decentralized identity management offers a transformative solution to this challenge. By empowering individuals to control their data and reducing reliance on centralized repositories, it minimizes the attack surface for cybercriminals while enhancing user privacy. As businesses embrace privacy-by-design principles, decentralized identity should play a pivotal role in their strategies. By committing to these principles, organizations can build lasting trust and establish themselves as leaders in the era of digital privacy.
++
Rohan Ramesh, Director of Product Marketing, Digital Security Solutions, Entrust
Digital transactions are inevitable, meaning it’s no longer about if you share your personal data, but how you share it. By employing the right strategies in today’s digital world, businesses can enhance the customer experience without compromising data security and privacy.
This Data Privacy Week serves as an important reminder for businesses to adopt a “never trust, always verify” approach. With this mindset, security teams can leverage secure identity verification and authentication solutions to ensure only verified and authorized users have access to their accounts, while protecting against fraud and identity-based attacks.
This process is not “one size fits all,” and teams should adopt adaptive risk-based authentication policies tailored to specific use cases. This could involve weighted risk factors, defined risk levels, or various authentication decisions, all contributing to a flexible, scalable approach to secure and frictionless customer access. In addition, by enabling innovative solutions such as on-device biometric authentication, businesses can improve data privacy while enhancing security.
++
Joe Regensburger, VP of Research, Immuta
Organizations today are managing greater volumes of data than ever. At the same time, fast and efficient data access is critical for AI development. The vast volume of data complicates obtaining critical data promptly. Delays in data access can undermine AI systems, hindering the ability to generate valuable business insights. To fix this, data teams are taking steps to enhance data discovery, enabling all employees in an organization to identify and access needed resources.
The main priority of governance teams must be ensuring that those employees who can access sensitive data are authorized users. It is their responsibility to secure your generative AI data pipelines and outputs with an airtight governance strategy. This will allow businesses to manage the associated risks of cyber-attacks, compliance risks, and sensitive data exposure. Putting AI governance platforms in place is central to mitigating these risks – it provides durable controls on the use of sensitive data while managing data access and privacy controls.
++
Carl Froggett, CIO, Deep Instinct
Data Privacy Week serves as a start-of-the-year reminder on the importance of safeguarding data, regardless of where it resides: on-prem, in the cloud, or in a hybrid configuration.
Every organization runs on data. Without the proper security measures, that data will be compromised and the organization will suffer or cease to exist. The steady increase in information security spending year-over-year and the record-breaking global average cost of data breaches in 2024 underscore the fact that traditional security measures are ineffective at protecting organizations and their data.
It’s time for organizations to adopt a more proactive approach to security – one that leverages the most advanced form of AI, deep learning (DL). Only then can organizations move from a reactive, “detect and respond” posture to a predictive, preventative approach that enables real-time prevention against zero-day threats. Paired with GenAI that enables real-time explainability, zero-day threats are identified and then explained, allowing organizations to better understand and respond to threats as they arise.
This Data Privacy Week, one thing remains clear: It’s time to fight AI with better AI in order to win the security arms race.
++
Brett Wujek, senior research and development manager, SAS
Expect synthetic data to become more mainstream this year. Organizations need data to feed AI. However, very often organizations are restricted from using the data for AI development because of privacy issues. With synthetic data generation techniques, privacy concerns can be avoided by generating highly representative data that cannot be traced back to the real data. Moreover, synthetic data can be used to attain balance among all represented groups, which is critical to ensuring AI models are fair and unbiased.
++
Yoram Novick, CEO, Zadara
Data privacy and security are critical in today’s increasingly digital world. The rapid growth of cloud computing, with global spending forecasted to be well above $1 trillion, underscores the importance of protecting data within these systems.Organizations must prioritize robust security strategies to secure data storage and transfers, including selecting trusted hosting providers and implementing data protection and disaster recovery solutions. Moreover, sovereign AI should be evaluated to overcome the shortcomings of traditional public cloud offerings for AI use cases.
Data is one of the most valuable organizational assets, yet its protection remains insufficient in many cases. The significant negative impact of ransomware in the past year underscores the vital need for integrating cyber vaults and disaster recovery plans to all organizations. These measures ensure data integrity and minimize downtime during cyber attacks, particularly as ransomware threats continue to rise.
Zero trust models and smart security solutions are essential to counter advanced threats. Implementing multi-factor authentication (MFA) and identity-aware systems reduces vulnerabilities such as credential stuffing. These measures help organizations safeguard sensitive information while optimizing business operations.
The role of AI in data privacy and data security introduces both opportunities and challenges. While AI-driven tools simplify processes, they also heighten risks if improperly managed. Maintaining human oversight in AI implementations and adhering to basic security practices are crucial to mitigating threats. As organizations increasingly adopt cloud services for AI, addressing cloud-specific security concerns is critical. The use of advanced sovereign AI cloud solutions will significantly reduce the number of public cloud security incidents.
Data Privacy Day serves as a reminder that safeguarding sensitive data is a shared responsibility among businesses, governments, and individuals. By staying proactive, embracing compliant solutions, and prioritizing education, organizations can navigate the complexities of data privacy and security in an increasingly interconnected world where AI is playing an increasingly vital role.
++
Chris Gibson, CEO, FIRST
Data privacy challenges & AI
AI will undoubtedly dominate data privacy conversations in 2025, but it’s a double-edged sword. On one side, AI empowers defenders with real-time threat detection, predictive modeling, and automated responses through tools like SOAR (Security Orchestration, Automation, and Response). These capabilities can cut detection times from hours to minutes, making a significant difference in preventing breaches that threaten sensitive personal data.
However, understanding and anticipating the flip side is just as critical. Bad actors are using AI to automate sophisticated phishing campaigns, identify vulnerabilities faster, and evade detection with AI-designed malware. This means organizations must adopt AI-based threat detection tools to counter these evolving tactics and protect the personal information they manage. Success in 2025 will come to those who balance AI’s potential with the vigilance to address its risks, all while keeping data privacy at the forefront.
++
Rob Truesdell, Chief Product Officer, Pangea
Systemic data exposure
In 2025, we’re seeing a concerning trend where sensitive data exposure through AI isn’t primarily coming from sophisticated attacks – it’s happening through basic oversights in authorization and data access controls. Organizations are discovering that their AI systems are inadvertently sharing confidential information simply because they haven’t defined who should have access to what.
++
Shrav Mehta, CEO and Founder, Secureframe
Only store the data you need
Data minimization is fundamental to effective risk reduction. Organizations must develop a clear prioritization strategy—identifying their most critical assets and building targeted security measures around them. While organizations should aim for comprehensive security across all systems, strategic prioritization ensures critical assets receive appropriate protection. The most effective approach often starts with a simple principle: if you don’t need to store certain data, don’t collect it in the first place.
++
Priyanka Tembey, Co-Founder and CTO of Operant AI
As GenAI applications become increasingly central to business operations, organizations face a critical challenge: how to leverage AI’s capabilities while ensuring robust data privacy. Many companies find themselves at a crossroads – either hesitating to move forward with AI development due to privacy concerns, or rushing ahead with AI features that may inadvertently expose sensitive data to third parties.
The solution lies in implementing sophisticated privacy controls directly within application workflows. Modern privacy solutions, like in-line auto-redaction, can detect and protect sensitive information like social security numbers, phone numbers, and API keys in real-time as it flows through applications. This allows organizations to maintain both innovation and compliance by automatically identifying and securing private data before it leaves the internal environment, while ensuring AI applications continue to function effectively. This is key to blocking certain types of prompt injection attacks that trick models into giving up private data, while also allowing the AI applications to be resilient and continue functioning in their secure-by-default mode.
This approach is particularly vital in regulated industries like healthcare and financial services, where protecting patient and customer data is paramount. By embedding privacy controls directly into application workflows, organizations can confidently leverage AI capabilities while maintaining their security posture and meeting compliance requirements. This represents a crucial evolution in how we approach data privacy in the age of AI – moving from reactive protection to proactive, automated safeguards that support innovation without sacrificing privacy.
++
David Nuti, SVP, Head of Security Strategy at Extreme Networks
AI has the power to not only transform business operations, but also the way cyber teams defend against attacks. In the constant struggle between good and bad actors, the bad guys are already building and using AI to automate and streamline their attack strategies, making organizational data more vulnerable.
As businesses continue to combat increasingly sophisticated threats from malicious actors, security remains a top priority, particularly with the rise of AI. Extreme Network’s recent survey found that 57% of CIOs ranked protecting the network against potential threats as one of their top three challenges related to AI, with 40% expressing concerns about data security. This Data Privacy Day 2025, teams should reassess their processes and tools, looking for ways to challenge the status quo and embrace new technologies and processes to stay ahead. In response, MSPs will need to add another “S”, for security. One of the easiest ways for MSPs to integrate security into their workflows is by implementing cloud-native subscription-based security services to govern it all.
++
James Hadley, Founder and CEO of Immersive Labs
In 2024, we witnessed the fallout of major record-breaking data breaches; some of which resulted in more than 100 million people having private info stolen. In a world where these types of data breaches are seemingly inevitable and increasingly detrimental, organizations and enterprises must be ready.
Just because a workforce is well-certified with traditional training implemented, it does not mean it is prepared to face cyber attacks that compromise data privacy. The threat landscape is evolving rapidly and legacy certifications and training are not enough to confront the rapidly evolving threats we face in 2025.
The best way to mitigate the impact of cyber crises and ensure businesses’ most sensitive data remains secure is through dynamic cyber drills and continuous exercising. CISOs and other tech leaders need to be able to prove and improve their organization’s knowledge, skills, and judgment. From here, they can better understand their organization’s cyber resilience.
++
Sean Costigan, Managing Director of Resilience Strategy at Red Sift
Spectacular cyberattacks have shown that poor information security represents a critical vulnerability, harming reputations of people, governments, and businesses, and pushing many entities into insolvency. Among the most attractive targets for cybercriminals today is healthcare data, comprising one of the most sensitive, rich and interconnected sectors.
While enforcement of HIPAA has steadily risen, penalties for poor information security around PHI do not yet match impacts. In a long overdue shift, HIPAA regulations – which date from 1996 – have been proposed to expand to include more robust cybersecurity. As such, the proposed rules will aim to treat a variety of risks to PHI and healthcare operations through the adoption of controls such as enforcing MFA, encryption of data, and good cyber hygiene, among others. Recent research shows that an astonishing 80% of cyber attacks against hospitals were identity based, social-engineering attacks. For cybercriminals seeking PHI and payouts, clearly phishing is their killer app.
While there is no national, federal, or comprehensive data privacy law in the US currently, the scope of the problem should be treated as a national crisis. As such, waiting for one regulation to rule them all isn’t a winning strategy: the financial impact, reputational harm and operational disruptions caused by recent privacy breaches should be sufficient to encourage organizations to adopt reasonable, proactive cybersecurity measures to protect us all.
++
Jamie Moles, senior technical manager at ExtraHop
Data Privacy Day highlights the importance of data protection amid today’s evolving threat landscape. As we saw in 2024, high-profile data breaches reached record highs, costing organizations millions of dollars. This is our new reality, and large-scale attacks that compromise sensitive data will continue this year across all industries, considering rising geopolitical conflicts and cybercrime groups’ more advanced strategies.
Recent research from ExtraHop found that bad security hygiene and improper training, enabling attackers to steal and use credentials to enter an organization’s network, was a common point of entry for security breaches – with long-term costs averaging $677 million. Improving security hygiene to prevent these breaches is essential, and Data Privacy Day is the perfect reminder for companies to equip their employees with the knowledge to keep sensitive data secure and uphold privacy standards.
One critical investment is prioritizing cyber training for all employees. Everyone should be aware of the latest risks – such as social engineering and phishing attempts – and be required to follow basic security hygiene protocols like using unique complex passwords, activating multifactor authentication, remaining wary of suspicious emails or texts, and enabling regular software updates. Following these steps, in tandem with investments in cyber resilience, can protect organizations from a costly security incident.
++
Greg Ives, Director of Product Marketing at Nutrient
Document data privacy is becoming an increasingly critical issue, particularly in highly regulated industries such as finance, healthcare, legal and government, where the proper handling of sensitive information is paramount. Emerging AI technologies are transforming how we manage sensitive data in documents. AI-driven tools, leveraging natural language processing (NLP) and large language models (LLMs), can enable efficient redaction and anonymization of sensitive information such as personally identifiable information (PII), financial data, and healthcare records within documents. These tools automate the redaction process, minimizing human error and speeding up document preparation for secure sharing or archiving, while ensuring compliance with regulations like GDPR, HIPAA, and CCPA.
Beyond redaction, AI can support pseudonymization, generalization, and data masking, converting sensitive data into formats that maintain utility while protecting privacy. Continuous improvements in LLMs allow these systems to adapt to emerging patterns and threats, ensuring data integrity and privacy. By harnessing AI, organizations can manage their document data securely and responsibly.
++
Devin Ertel, Chief Information Security Officer at Menlo Security
The growing use of SaaS and AI has shattered the illusion of a centralized, easily managed data repository. Gone are the days when we have our data in one place and can wrap our arms around it. Our sensitive information is scattered across countless platforms and products, making tracking its flow and ensuring its protection incredibly challenging. Furthermore, the sheer volume and variety of data we generate and store today eclipses anything we’ve seen before. Where once a single business unit might have been responsible for a dataset, now multiple departments access and utilize the same information, creating a complex web of permissions and potential vulnerabilities. Understanding who should have access to what and how they should be using it is more complicated than ever.
++
Eric Schwake, Director of Cybersecurity Strategy, Salt Security
Data Privacy Week serves as an important reminder of the need to protect sensitive information in our connected world. As businesses rely more on data for innovation and enhanced customer interactions, safeguarding this vital resource becomes essential. This effort involves not just following data privacy laws but also putting effective security protocols in place to prevent unauthorized access and data breaches.
API security is closely tied to data privacy. APIs, which facilitate data transfer in modern applications, are key to ensuring that sensitive data is managed securely and ethically. Organizations should embrace a thorough strategy for API security, which includes API discovery, posture governace, and runtime threat protection, to reduce the chances of data breaches and uphold privacy compliance. By focusing on API security, companies can show their dedication to data privacy and foster trust with customers and partners.
++
Philip George, Executive Technical Strategist, Infosec Global Federal
This year, Data Privacy Week falls on the heels of Biden’s Executive Order on cybersecurity, reminding us that post quantum cryptography (PQC) and data privacy should remain at the forefront of every organization’s list of priorities.
With recent supply chain attacks targeting trusted vendors and their government customers (see the US Treasury-Beyond trust breach), the integrity of our software supply-chain has once again been thrust into focus. This latest Executive Order will help to establish a common standard for submitting machine readable software attestations, support artifacts like software and cryptographic bill of materials, and ultimately, secure more data.
The order calls for a concerted effort to expand awareness around PQC-ready products by providing a list of product categories that support PQC. Subsequently, agencies will be required to include a requirement for products that support PQC preparedness and adoption in future solicitations. Lastly, agencies will be required to start adopting new PQC standards after identifying network security products and services that are actively employed within their systems. There will also be direct outreach from the U.S. government to its allies and partners to encourage similar action within their technology environments.
This does not only apply to government agencies. Private organizations that still have not completed their inventory and mapping of cryptographic dependencies must also do so quickly. This is important to understand which new standard will work best for their various assets and his inventory is critical to creating detailed migration plans that prioritize the most sensitive and critical assets, ensuring they are first in line for upgrades to PQC standards.
Data Privacy Week reminds us that government agencies and private organizations alike should not stay complacent. The “steal now, decrypt later” approach by adversaries remains true and quantum computing-based attacks will become a reality. Let this be yet another wake-up call to prepare your organization and conduct cryptographic inventory before it’s too late.
++
Boris Cipot, Senior Security Engineer at Black Duck
In a world of sophisticated cyber threats and rigorous regulations like GDPR and CCPA, it is important to highlight data privacy and the protection of sensitive information. As today’s trends lean toward remote work practices, cloud adoption and widespread webservice offers, we as users have the desire for transparency about data generation, storage, and its usage. On the other hand, businesses offering those services should feel the pressure to implement robust protection of this information. Therefore, Data Privacy Week is not something that happens once a year and is over and forgotten about after five days, but should rather give us a starting point, a kickoff, to see what has happened in the past, what we can expect in the future and how we should act in order to avoid the bad and embrace the good in the field of data privacy.
Main security trends we see in the industry are:
- Adaptation of Zero Trust Architecture, where organizations are following the “never trust, always verify” approach to protect data access.
- Focus on Open-Source Security to secure the usage of OSS dependencies and comply with their licensing obligations.
- Usage of Privacy-Enhancing Technologies (PETs) where organizations are using tools to mask, encrypt, and anonymize data to minimize risks without compromising usability.
- Proactive Testing Across the SDLC to embed security and privacy checks into every stage of software development lifecycle to ensure compliance and minimize the likelihood of exploitable vulnerabilities.
Businesses have constant pressure to enhance their data privacy therefore it would be recommended that they conduct regular data audits to map out what data they collect, why, and where it’s stored, ensuring that unnecessary data is not retained. Another important topic is privacy awareness. Secure handling of data and recognizing threats is a must in employee training. As supporting mechanisms, businesses should consider automating their compliance violations and implement runtime protections, for example, Runtime Application Self-Protection (RASP) tools that can detect and mitigate attacks in real time.
When it comes to software development, businesses must also think about robust AppSec practices. Here the implementation of technologies like Static Application Security Testing (SAST) and Software Composition Analysis (SCA) is a must. SAST tools will help discover and mitigate vulnerabilities in your own code where SCA tools will help organizations to identify used open source in their development and mitigate its vulnerabilities and license compliance risks. Additionally, Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) help organizations uncover vulnerabilities in code, configurations, and dangerous application behavior. Fuzzing techniques that simulate attacks can further help to uncover hidden flaws that traditional testing technologies may miss.
Organizations can adopt a holistic approach to data privacy and application security by integrating AppSec tools into their CI/CD pipelines and their Dev(Sec)Ops workflows.
++
Stephen Kowski, Field CTO, SlashNext Email+ Security
Data Privacy Week reminds us that phishing attacks designed to steal personal information or credentials are no longer just an email problem. Attackers are finding new ways to compromise our data through QR codes, AI voice scams, and multi-channel attacks. We’re seeing a dramatic rise in QR code scams since late 2023, particularly targeting business leaders, while AI voice scams are increasingly targeting those over the age of 60. The most concerning trend in early 2025 is how sophisticated these attacks have become, with criminals using multiple channels simultaneously – as seen in recent cases where fraudsters combined email bombing with chat and voice phishing.
The key message for Data Privacy Week is simple: we need to expand our understanding of phishing, specifically how your data privacy can be compromised beyond just email-based attacks. Whether it’s scanning QR codes, answering phone calls, or responding to messages on various platforms, every form of digital communication needs the same level of scrutiny we’ve learned to apply to our emails. Staying informed about these emerging threats is our best defense in protecting our personal information.
++
Brandon Williams, Chief Technology Officer, Fenix24
In today’s hyper-connected world, data is the lifeblood of every business. We collect vast amounts of personal and sensitive information from our customers, employees, and partners, which helps fuel innovation, but it also presents significant risks. A single data breach can have devastating consequences, from financial losses and reputational damage to legal liabilities and even criminal charges.
As the leaders of our organizations, we have a duty to protect this valuable asset. This responsibility transcends mere compliance with regulations like GDPR or CCPA. It demands a proactive and comprehensive approach to security.
- Shifting the Paradigm: We must move beyond simply reacting to threats. We need to adopt a “security-first” mindset, where data protection is embedded into every aspect of our business, from product development to customer service. This requires a fundamental shift in our thinking, prioritizing security by default and minimizing unnecessary data collection.
- Investing in Robust Security: This includes implementing robust security controls, such as multi-factor authentication, encryption, and regular security assessments. We must also invest in our people, providing them with the training and resources they need to identify and respond to potential threats.
- Building Trust: Transparency and trust are paramount. We must be transparent with our customers about how we collect, use, and protect their data. We must also actively engage with our customers and stakeholders on data privacy issues.
Data Privacy Week is not just a week of awareness; it’s a call to action. It’s an opportunity for us as business leaders to demonstrate our commitment to data security and build a more trustworthy and resilient digital future.
Key Considerations:
- Go Beyond Compliance: While compliance is essential, it’s not enough. We must continuously evaluate and adapt our security measures to address the ever-evolving threat landscape.
- Bolster your Backups: Despite common beliefs, 93% of attacks target backups, with 68% successfully destroying critical data. It’s crucial to invest in a resilient, continuously hardened backup solution that can scale with your growth before it’s too late.
- Enhance Recovery and Resilience: Develop and implement a realistic recovery strategy to ensure quick restoration of operations and data integrity after an attack. Focus on building resilience to withstand and recover from disruptions effectively.
- Invest in Cybersecurity Talent: Cultivate a strong security culture within your organizations and attract and retain top cybersecurity talent.
By prioritizing data privacy and security, we can build a more secure and trustworthy digital future for our customers, our employees, and our businesses.
++
Agnidipta Sarkar, Vice President – CISO Advisory, ColorTokens
Data Privacy Week highlights the need for continuous improvement in our data protection strategies. Privacy laws across the world expect “reasonable security measures” to be implemented to ensure personal and sensitive data remains out of reach from hackers and the dark web. Over the years the industry has been investing in many tools, and yet breaches are not decreasing. It is time to think of foundational mechanisms like zero trust to ensure data protection. Dividing the digital environment into smaller, isolated micro-perimeters, each containing a specific group of resources, users, or applications, using software-defined policies or rules, limits the scope of a potential data breach. Staying breach-ready is crucial, as it not only helps in complying with data privacy regulations.
++
Greg Clark, Director of Product Management, Data Security, OpenText Cybersecurity
From the U.S. government’s robust new cybersecurity executive order (which could or could not be implemented with a new administration) to HIPAA, GDPR and AI privacy policies, organizations are navigating increasingly stringent and complex rules that span industries and borders. These challenges can strain resources and create operational risks.
This Data Privacy Week underscores the urgency of embracing an organization-wide privacy-first approach to shift away from complexity, ensure compliance and protect data from persistent cyberattacks.
- What all organizations can do: Adopt clear, company-wide policies that ensure the secure use and handling of information. This is crucial with the rapid adoption of GenAI tools. A recent OpenText survey found only 27% of employed respondents use privacy tools and settings to protect workplace information when using GenAI.
- What data privacy and security teams should do: At a practitioner level, simplifying security stacks can help protect information by reducing fragmentation, improving cross-team communication, leveraging contextually relevant threat insights, and increasing transparency within data and other business systems. It also allows them to unify threat detection and response, data discovery and protection, modernizing data privacy and strengthening privacy and security postures.
- What employees should do: Individual employees play a critical role in protecting data. Phishing scams and insider threats are only getting more sophisticated. Whether a large enterprise or a small business, education and awareness across all departments need to be layered on top of AI-powered technologies that detect threats.
A privacy-first approach doesn’t have to slow innovation. By streamlining security stacks and policies, organizations can move beyond complexity to unlock more efficient, integrated workflows.
++
Erik Gaston, CIO of Global Executive Engagement, Tanium
While data privacy has been top of mind for CIOs for some time now, protecting consumer and company data has never been more important or challenging. The regulatory landscape has shifted from serving as guidelines for data privacy, to mandating compliance with certain standards that carry significant consequences if ignored. Public companies are now being held accountable for negligence and realizing the ramifications are far greater than what used to be a slap on the wrist. The SEC’s cybersecurity disclosure requirements really set the stage for what is and will continue to be a greater standard of transparency and accountability around data privacy and security. This shifting landscape is forcing businesses to really examine not just how they’re protecting consumer and company data, but also their rate of innovation and the privacy and security posture of the third and fourth parties they work with.
Given the rapid pace of innovation today, modernizing and future proofing data intensive environments to accommodate emerging technology and environmental / cloud portability standards is critical. Organizations must strike a balance between embracing innovation and not biting off more than they can chew, ultimately boxing them into a high-risk position. And while not a new concern, third party risk has become more pervasive as the rate of data and digital transformation explodes. We are in the age of accountability, so understanding the security posture of companies you’re doing business with is vital to data privacy efforts. Security and privacy standards are ever-changing, especially around data, so it’s of utmost importance that organizations have a real-time view of their operating environments to identify where something has gone or could go wrong. Real-time visibility is crucial because these environments are constantly shifting, and without a holistic view of their IT landscape, organizations will not be able to meet reporting requirements or keep pace with the rate of innovation.
++
Gary Barlet, Public Sector CTO at Illumio
January 28 is Data Privacy Day. And it’s come at an appropriate time. Just weeks ago, the U.S. Treasury revealed a breach that exposed sensitive personal data, including 3,000 unclassified files. A new year with the same old story of massive data breaches and leaked personal information. Yet organizations and agencies are taking the same security measures year after year. We need to fundamentally rethink how we protect the data that powers our lives, starting with Zero Trust as the foundation. And if there’s one thing this year’s Data Privacy Day reminds us, it’s this: it’s time to stop talking about securing data and start actually doing it.
++
Srujan Akula, CEO of The Modern Data Company
Data privacy and governance have evolved from compliance checkboxes to AI fundamentals. The current challenge with data governance is fragmentation—privacy rules and protections often vanish during handoffs, especially with AI systems. Security platforms protect stored data but stop there, access controls only work within specific systems, and activation layers operate in isolation. These disconnected pieces can create major gaps when data moves between systems.
This fragmentation creates real problems for AI initiatives. Data scientists may train models using datasets without fully considering their privacy compliance or usage rights. Access levels become murky: what AI insights should an entry-level employee get vs a senior executive? Conversational interfaces need to handle these nuances while staying GDPR and CCPA compliant.
Treating data as a product changes this dynamic. By embedding privacy controls and governance from the start, you maintain visibility of lineage, permissions, and usage rights throughout the data’s journey. This context flows naturally into AI and analytics applications, ensuring compliance at every step–smart data that knows its own rules and boundaries, versus data that loses its identity every time it moves.
A data product approach accelerates AI innovation while maintaining trust. When context and governance are built in from the start, you unlock your data’s potential for AI without compromising privacy.
++
Viswesh Ananthakrishnan, Co-Founder and VP of Product at Aurascape
Data Privacy Week is a wonderful way to raise awareness for a growing issue, but now more than ever, our personal and proprietary data is put at risk by generative AI tools.
Increased adoption of generative AI is exposing sensitive data to third-party AI apps, creating data privacy risks for businesses and their customers. Customer data, source code, corporate secrets and financial data can easily fall into the large pool of data that generative AI tools use to train their models. Even worse, it is also not always clear where that data is stored and secured, risking a leak following a breach.
As CISOs assess data privacy strategy, they should have rules and tools in place to prevent an employee from inputting sensitive data into generative AI tools without the proper permissions in place. User interactions with generative AI should also be monitored. The line between applications that use generative AI and ones that don’t will increasingly become more blurred, and security tools will need to be able to tell the difference between the two.
In addition to a celebration of the strides we’ve made in data privacy, this week should serve as a reminder that even though generative AI is a great tool that provides notable gains in efficiency and creativity, the risk should not be underestimated.
++
Nimrod Partush, VP of Data Science, CYE
The rise of AI, especially large language models, has transformed how companies and individuals think about data privacy. In 2024, tighter regulations like the EU AI Act and growing scrutiny on how data fuels AI systems have pushed organizations to balance innovation with responsible data use.
At the same time, we’re seeing a pattern reminiscent of the early days of social media: users enthusiastically adopting LLMs and sharing data with little concern for privacy, captivated by the immense value these tools offer. This behavior creates a paradox—companies are under pressure to safeguard privacy, while users are often willing to trade it for the convenience and power AI delivers.
Navigating the rapid evolution of AI is like stepping into the unknown—you can’t always predict what’s ahead or whether it’s entirely safe. For users, the smartest approach is to proceed with caution, building trust in AI systems gradually rather than diving in blindly.
++
Gary Orenstein, Chief Customer Officer, Bitwarden
Data privacy and security are shared responsibilities, and password managers empower everyone to play their part by creating strong, unique credentials for every account. Using a password manager is a critical first step toward better security habits, with better data privacy resulting from a multi-pronged approach.
Integrating additional tools like privacy-centric browsers, email alias providers, and VPNs can further enhance users’ privacy, creating a comprehensive defense against the misuse of sensitive information and breaches. As the cyber landscape continues to change with shifting priorities in cybersecurity strategies and expanding security threats, these privacy-centric tools create a critical foundation for individuals and organizations to minimize risks.
The fifth annual Bitwarden Data Privacy Week Survey highlights the top privacy-centric apps recommended by the company’s global community. Respondents indicate a strong preference for tools such as Brave, Firefox, Signal, SimpleLogin, and DuckDuckGo for daily browsing, messaging, email aliases, and search engine use to strengthen data privacy and protect personally identifiable information (PII).
++
Ray Heffer, Field CISO, Americas at Veeam
One of the trends I am watching for 2025 is the increased adoption of AI, which will be at an extremely greater pace than in the past year. As a result, organizations will face new challenges in protecting personal data. I’ve already seen a rise in prompt injection attacks and model extraction where sensitive data is inadvertently exposed through AI training data or model outputs. If not implemented properly, we’ll see PII (Personally identifiable information) inadvertently being used in LLM (Large Language Models) training data sets, which could be a catastrophe for privacy.
This isn’t just about organizations checking boxes for privacy regulations, but it affects us as individuals too. This is why data classification and data resilience are critical. Organizations of all sizes – small and large – need to know exactly where their sensitive data resides across SaaS applications and AI training sets.
++
Raymond Umerley, Field CISO, Coveware by Veeam
Data Privacy Day is a vital reminder of the need to protect personal and organizational data in an era defined by AI, ransomware, and data exfiltration threats affecting enterprises and their third-party partners and suppliers.
As AI advances, it brings both innovation and heightened risks, making robust privacy practices essential for data resilience. For enterprises, privacy-by-design, strong cybersecurity defenses, and employee training are critical to trust, operational continuity, and financial stability. Data breaches, ransomware attacks, and regulatory non-compliance can result in significant financial losses, including fines, legal fees, and recovery costs. Reputational damage from failing to protect sensitive data can also erode customer trust and shareholder confidence, further impacting profitability.
++
Chris Harris, Associate Vice President, Sales Engineering EMEA at Thales
70% of businesses can only identify and label half or less of their sensitive data, according to our Data Threat Report. This isn’t good enough in an era where trust is not only earned through excellent products or services, but through a strong commitment to data protection.
By prioritizing transparency, security, and compliance, businesses send a clear message: “We value your privacy.” This approach not only meets regulatory requirements, but builds trust and, in time, customer loyalty.
Data sovereignty, the principle that data is governed by the laws of its origin country, plays a crucial role in data privacy. As companies leverage data for AI advancements, and make greater use of the cloud, the governance of these policies becomes more complex. This highlights the importance of having a clear view of what data is stored where, and what level of controls are in place – not just for regulatory compliance, but also because it’s something increasingly demanded by business procurement teams.
AI’s rise brings both challenges and opportunities for data privacy. It draws attention to the critical question: “Who controls your data?” Companies must prioritize data control to comply with regulations and meet consumer expectations. Trust in a company hinges on its data privacy practices, as highlighted by the Thales 2024 Digital Trust Index, where 89% of respondents would consent to data use under specific conditions.
Data Privacy Day is a reminder of the importance for organizations to take control of the data both owned by them and their customers, and ensure it is protected at all costs.
++
Jim Flynn, Senior Director of Information Security, at CivicPlus
As we observe Data Privacy Day, it’s crucial to recognize the growing cybersecurity challenges faced by local governments, as ransomware, data breaches, and phishing attacks continue to be daily concerns. Local governments, often holding sensitive resident data, are prime targets for cybercriminals seeking financial gain or causing disruption because if they are successful, they will obtain unauthorized access to sensitive resident data and have the ability to impact large groups of people. Moreover, with the rise of sophisticated malware and AI-driven attacks, criminals are able to launch more evasive and damaging attacks, meaning the security landscape becomes even more volatile. With human error accounting for 95% of breaches, it is essential that both local governments and their residents take steps to safeguard their data. For local governments, regular staff training on secure data handling practices is vital, as is investing in robust cybersecurity measures and comprehensive incident response plans. Additionally, residents need to be educated on best practices to protect their data and avoid human error, so local governments need to share this information as well as work with technology providers to mitigate the risk of attacks. As cyber threats evolve, fostering a culture of cybersecurity awareness and investing in advanced security tools will be key to safeguarding government data and maintaining public trust.
++
Paul Underwood, VP of Security at Neovera
In today’s heightened cybersecurity landscape, threat actors are on the hunt for the most vulnerable, yet lucrative asset in organizations. Data – made up of customer information, financial records, and intellectual property – is an invaluable asset that has become the lifeblood of any organization and requires robust protection.
As data becomes increasingly targeted, one key concern has often been ignored: protecting your consumer’s data. The cost of a data breach and privacy violation is continuing to grow. The cost to remediate these compromises is also growing at an exponential rate. It is critical for organizations to focus on protecting the data they have been entrusted with and ensure customers know it’s a priority.
Although there is no “one-size-fits-all” approach to security, organizations can develop simple strategies to safeguard data. Start by encrypting your data and requiring two-factor authentication, not on just your customers but ALL your employees. No exceptions! The exception will cause your data breach. It’s critical to perform penetration testing on your applications as well as your networks. Most compromises happen through applications and not accidental exposure of a network service nowadays. Make sure to monitor your data for exfiltration. And, of course, investing in a good vulnerability management program to patch your systems is key for remediation.
++
Stephen Manley, Chief Technology Officer at Druva
The future of privacy is AI because it is both the threat and the solution. The first step is AI governance. Business and IT leaders must extend their data privacy policies to AI because employees are sharing virtually all data with AI tools – whether the company knows it or not. While it is almost impossible to scrutinize how every AI model uses, stores, and learns from data, it is important to educate teams and demand transparency from vendors.
Transparency is at the core of data privacy and AI governance. AI tools can appear like a “black box,” and organizations are already trying to cut off access to AI that cannot explain how it uses data. Transparency is what will build customer trust, and its importance only increases in the face of ongoing geopolitical turbulence and misinformation.
While AI needs to be managed, it will also be a critical part of a privacy solution. AI-infused tools can help customers meet security best practices by providing guidance and expertise, classify their data to prioritize its protection, and monitor their environment. For the next decade, AI will be central to your privacy strategy. The time to start is now.
++
Ravi Bindra, CISO at SoftwareOne
Tech advancement, namely the AI boom, continues to change the data privacy game. As AI evolves, the threat landscape grows increasingly complex, equipping malicious actors with advanced tools to compromise confidential data. As threats grow in scale and severity, compliance with new regulations like the EU’s DORA and NIS2 is business critical, but this must be paired with continued investment into AI and more importantly how to use it responsibly.
The core challenge is that the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols for businesses to rollout. As such, a priority focus for Data Privacy Day must be on ways to balance AI investment with secure integration. Ensuring that security protocols are baked into all processes to provide employees with clear direction on accepted AI use is key. This should be met with increased AI training for staff, so employees understand their key role in keeping organisational data secure.
Going one step further, hybrid cloud models can be set up to keep secondary and tertiary backups in other locations, keeping data isolated from threats within internal networks. With so much at stake, from reputational damage to customer and financial loss, protecting sensitive data through AI and cloud investment should be top of the business agenda in 2025.
++
Evan Dornbush, former NSA cybersecurity expert
This is a great time for developers and product leads to remember, ‘if you don’t collect it, it can’t find its way into a breach,’ and be mindful of how much information is captured and stored that may be a liability to the business rather than an asset. For end users, in the past few months, we’ve seen clear-text SMS messages and call data records, some dating back as far as seven years, disclosed in telecom hacks. Encrypted options for video, voice and text exist and are now being promoted by professionals and government groups alike.
++
Jawahar Sivasankaran, President at Cyware
Data Privacy Week is a good opportunity to reflect on how security and privacy go hand-in-hand. Threat intelligence is a critical part of protecting sensitive data – it helps us identify and respond to risks before they turn into tangible threats. A strong security posture is essential for safeguarding privacy, and this week underscores the need to integrate both into your strategy. Protecting data is about more than compliance; it’s about being proactive in identifying and mitigating risks to keep both privacy and security intact.
++
Idan Plotnik, CEO and co-founder of Apiiro
AI has taken the world by storm, and with it, data holds immense value as the organizational currency. AI has transformed not only how we interact with each other, but also how organizations develop software and build applications, inadvertently creating new challenges around data privacy. As AI accelerates the velocity of coding and design, organizations increasingly become the culprits of new AI-driven risks. To build trust and ensure security, organizations must prioritize a baseline of data privacy from the start. The solution lies in embedding privacy and security measures early in the development process, preventing potential issues before they take root.
++
Chandramouli Dorai, Chief Evangelist, Security Solutions and Digital Signature at Zoho
In a day when technology is constantly evolving and becoming more integrated with our daily lives, it is crucial for individuals and businesses to prioritize the protection of personal data. It starts by ensuring that our default settings are properly configured to safeguard our data—not only on our personal devices, but also the business apps, platforms, websites, chatbots, and AI powered tools and agents we encounter. Businesses, in particular, have a responsibility to be transparent about the data they collect and how it is used to foster trust in their services. Customer data should belong to the customers themselves, not the companies holding them.
++
Larry Zorio, CISO at Mark43
Data Privacy Day reminds us that securing sensitive information is critical, particularly for public safety agencies who keep our communities safe. Given the complexity of attacks from bad actors – including AI and other sources – today’s forward-looking agencies are adopting cloud-based technology solutions to bolster their defenses. They are depending on technology partners who have the resources, the budget and the controls in place to protect essential data . Protecting core critical systems of record, such as dispatch and records management systems, demands a focused approach: identifying an organization’s most sensitive assets, enforcing least-privilege access, and deploying advanced authentication mechanisms. By committing to these practices, public safety agencies, financial institutions or healthcare organizations can ensure data privacy, strengthen their operations, and reinforce trust in their mission.
++
Dr. Colin Banas, CMO at DrFirst
We need to shed light the incredible risk prescribers face in a digital age. Bad actors have always tried to impersonate doctors to write illegal prescriptions, and that hasn’t changed in the era of e-prescribing. Therefore, proactive and substantial investment in identity monitoring, with APIs that allow patients and prescribers to claim, secure, and transfer their identity with full access to their data through third-party apps, is going to be on a trajectory.
++
Roger Williams, Community Manager at Kinsta
As cybercriminals continue to adopt sophisticated tools like AI-driven phishing and deepfake technology, staying protected has never been more difficult. Hackers are using advanced techniques to mimic personal communication styles, exploit smart home devices, and target sensitive health data.
Implementing proactive security measures while you’re online such as multi-factor authentication, secure password practices, regular data backups, and device updates can significantly increase your safety. Additionally, using secure networks and staying educated on the latest cybersecurity threats and scams can make all the difference.
++
Kenny Johnston, Chief Product Officer at Instabug
This Data Privacy Day, it is essential to look at the piece of technology closest and most personal to us – our cell phones. Mobile data privacy is critical as phones often access our most important data like banking information, social security numbers, etc. The mix of having enough data to debug and fix a mobile app issue while maintaining data privacy is difficult to achieve. This is why Instabug invests in providing automatic and overriding tools so mobile developers can have confidence that they aren’t collecting sensitive information to keep phone owners safe. Instabug participates in data governance reviews with our customers to ensure they utilize the best practices to protect their personal data.
++
Shari Piré, Chief Legal & Privacy Officer at Plume Design, Inc.
Data Privacy Day 2025 arrives a little more than a week after the start of a new administration which kicked off with President Trump signing a series of executive orders. One of these orders included a freeze on all federal regulations in development – including those related to privacy and cybersecurity. In the absence of a federal privacy policy, state legislatures have continued to actively pursue privacy-focused lawmaking. Many privacy professionals forecast enactment of new state privacy laws to add to the current patchwork of similar – yet different – state privacy laws currently in effect.
Navigating a panoply of laws that are similar, but not the same, may end in sleepless nights for some businesses and their privacy professionals. In just over a year’s time, state privacy laws multiplied fourfold. Applying the most rigid, privacy-friendly laws as the benchmark may be the path of least resistance to compliance. At Plume Design, Inc., our mission is to provide our customers with the best connected-device experience regardless of the broadband or Internet-based applications they consume. With roughly three billion devices connected to our cloud, we’re able to leverage the data we collect to delight our customers with the services they want and insights they need—while contemporaneously protecting that data. Simply put, at Plume, we believe our customers should stay in control of their personal data—regardless of where they live. Plume’s desire to deliver the highest quality experience and put our customers in the driver’s seat with respect to the data they share with us, underscores our privacy program and supports our decision to adopt a ‘high-watermark’ approach to compliance. We think that this approach makes good business sense. Not only does it streamline compliance, it helps Plume protect our customers’ data.
++
Al Pascual, Chief Executive Officer at Scamnetic
One of the challenges of communicating the virtues of data privacy is that the average user does not fully understand the breadth of implications that result from data exposure. This includes the fact that lost, stolen, or otherwise publicly available biographical or company data can be misused in the commission of targeted scams. This scenario has only become more likely and more dangerous with the advent of generative AI. Today’s scammers have the ability to leverage gen AI to conduct research on targets much more effectively, and to subsequently craft communications of various types – not just text, but also audio and video – that are more convincing than ever. Whereas targeted, sophisticated phishing attacks were once the purview of scammers who specialized in spearphishing, now any scammer can easily find and apply the data they need to mislead victims in a way that convinces even the most skeptical potential target. Scammers cannot be successful without data as it is the fuel by which their schemes run. And with scams being the most reported crime globally last year according to the Global Anti Scam Alliance, that makes data privacy more important than ever.
++
Tim Perry, Head of Strategy at Prepared
For this year’s Data Privacy Day, it’s important to know that the cybercriminal toolkit is expanding. If it is smart, it is vulnerable. So, if you have anything such as a computer, an iPhone, or even a refrigerator connected to the internet, it is vulnerable to hacking and a potential vector for an attack. Convenience can often come at the cost of proactive cybersecurity practices.
I urge local, state and federal law enforcement agencies — whether they are running wiretaps, supporting law enforcement sensitive operational communications or just administering their local 911 system — to stay up to date on the latest cyber threats.
Telecommunications hacks like the recent Salt Typhoon attack are a reminder that our domestic communications infrastructure is critical to our national security. Foreign state actors have the resources and the motivation to exploit our network vulnerabilities, quietly infiltrate our communications networks and collect our most sensitive data.
++
Cynthia Overby, Director, Strategic Security Solutions, zCOE at Rocket Software
Data Privacy Day reminds us that protecting data is not just about compliance – it’s about building trust and ensuring secure systems in an increasingly digital world. When organizations collect sensitive data from their customers or users, securing that data should be a top priority. Companies of all sizes are vulnerable to financial loss due to cyberattacks, and the trust of their customers is also at stake. With cloud-based analytics and AI driving innovation, organizations face growing risks as sensitive data like financial reports, customer transactions, and employee information become prime targets. A data breach can result in devastating consequences, with IBM’s 2024 Data Breach report revealing an average cost of $4.88 million per incident, alongside significant operational disruptions, and reputational harm.
To mitigate these risks, organizations must take a proactive approach to data privacy. Across the globe, national and state laws aim to hold organizations accountable for protecting private user information. Regular vulnerability scanning and addressing weaknesses before they’re exploited are essential for safeguarding systems. There are plenty of other methods for organizations to protect their data – including better threat detection, multi-factor authentication and bring your own device policies, while encryption of data in transit and at rest ensures sensitive information remains secure even if compromised.
Employee training is equally important, ensuring teams are equipped to identify and respond to potential threats like phishing attempts.
A robust incident response plan and regular testing of disaster recovery processes are critical to minimizing downtime and damage in the event of a breach. By proactively prioritizing data privacy and governance, organizations can reduce risk, enhance trust, and avoid the significant financial and operational consequences of being reactive.
++
Ojas Rege, SVP & GM, Privacy and Data Governance at OneTrust
Data privacy is foundational for realizing the long-term value of AI.
Responsible AI extends well-beyond data privacy, but getting data privacy right is the first step. Prioritizing data privacy at the outset of AI initiatives not only ensures compliance with data privacy regulations, but also fosters safe, trustworthy AI systems.
Responsible data use helps future-proof AI.
AI models, much like human brains, can’t simply forget information once it has been learned. Removing data requires rolling back to a previous version of the model and then retraining it, a potentially disruptive and lengthy process. Furthermore, organizations that trained their models on personal data obtained or used without consent may be ordered by regulators to disable the algorithm altogether, delete the data, or abstain from AI implementations for a set amount of time. When the “wrong” data is ingested into AI systems, there are huge implications for cost, reputation, and operational resilience.
Organizations need AI-ready data – datasets that have been prepared to ensure compliance with privacy regulations while remaining usable for AI model training. This involves ensuring lawful consent and purpose at the point of data collection, anonymizing or pseudonymizing sensitive information, minimizing data to only what is necessary, and enforcing policies to prevent unauthorized access or misuse.
With the onset of agentic AI, data privacy only becomes more critical.
AI agents are a great example of “high-risk, high reward” AI, with the potential to deliver positive impact or cause significant harm. This is because AI agents interact with large amounts of data–including sensitive data–and make decisions independently with less human oversight. Harnessing the full potential of AI agents will require new privacy guardrails and safeguarding methodologies for the data sets on which the agents are trained, the process flows into which they are inserted, the APIs to which they are given access, and, very importantly, the human oversight that is required.
Data privacy is one of the most effective measures for ensuring robust and trustworthy AI systems that drive ROI over the long-term. The good news is, as so many businesses are already undergoing significant data transformations, they have a timely opportunity to adopt privacy-by-design approaches, tools, and best practices that help deliver sustainable business value for AI.
++
Carolyn Duby, Field CTO and Cyber Security GTM Lead at Cloudera
The integration of AI into daily life is advancing rapidly, with AI agents now managing everything from routine tasks to critical decisions, such as data entry, fraud detection, and risk assessment. As AI becomes more capable and autonomous, organizations must ensure sensitive information is protected to foster trust and uphold individual rights. Put another way, data privacy is more important than ever.
To ensure trust, organizations must adopt privacy-first strategies that allow innovation without compromising security. For instance, retrieval-augmented generation (RAG) models can enhance AI capabilities while preventing data exposure. This is achieved by embedding explainability and traceability into the AI workflow – linking outputs to auditable data sources for transparent, verifiable decision-making. Additionally, foundational AI models can be deployed in private cloud environments to securely fine tune sensitive datasets. Deploying foundation models in a private cloud allows the organization to keep control of their data by controlling the inputs and the outputs of the AI applications. It can also help organizations leverage their intellectual property safely, produce results consistent with company policy and place guardrails around what the system will allow. These measures help mitigate risks while supporting ethical AI development.
This Data Privacy Day, it is integral to be cautious of the risks associated with data exposure, as they demand a proactive approach to privacy. By adopting robust policies and technologies, organizations can safeguard their data, build trust, and ensure AI systems operate securely and responsibly in an increasingly interconnected world.
++
Chris Montgomery, Field CTO, Commvault
Each Data Privacy Day, the core theme remains the same: cyberattacks are not only increasing in volume but are also becoming more sophisticated. In fact, the average organization saw approximately eight cyber incidents in 2024. Since attacks are clearly inevitable, it is no longer enough to only invest in solutions that proactively ward off these threats. All enterprises must invest in cyber resilient solutions that prioritize recovery, so business operations can resume quickly following an attack, with limited downtime, financial burdens, reputational damage or worse.
This supports the ultimate business goal of becoming a minimum viable company or having the ability to maintain essential operations and services even in the event of a breach. Cyber criminals have gotten smarter about finding ways to break into traditional backups, often making them unusable, so this is a critical piece of the puzzle.
This is only part of the equation. Each organization needs several layers of defenses to maintain resilience against today’s complex cyber threats. By starting with solutions that arm businesses with an active defense against intrusions to recover rapidly and accurately when an attack does happen, you’re set up for success.
++
Shiva Nathan, Founder & CEO of Onymos
The majority of technology leaders (84%) report they depend on low-code/no-code capabilities provided by SaaS solutions to achieve their application development goals. These solutions absolutely benefit enterprises, but they also introduce a critical issue: ensuring data privacy.
When enterprises work with almost any SaaS vendor, they are required to share their data in exchange for accessing their solutions. This practice enables those SaaS vendors to leverage that data for their own benefit. This has become standard practice. What is often overlooked is that this exposes SaaS customers — and, in turn, their own customers — to significant risks. We are entrusting our data to black boxes. These are honeypots for bad actors. Just look at what happened with Change Healthcare earlier this year, the largest healthcare data breach ever.
As we recognize Data Privacy Week and Data Privacy Day this year, we in the technology industry must take a serious look at our data privacy and security practices. Our current practices are no longer acceptable. We must find a way to preserve the integrity of our data and that of our customers while still enabling all of us to innovate quickly. One way we can do that is by employing no-data architecture principles, where SaaS companies build products that don’t capture or store their customers’ data.
++
Syed Zaeem Hosain, Founder, CTO Emeritus, Chief Evangelist at Aeris
In IoT markets, the focus is often on getting the product (the specific devices and applications) rapidly to market rather than keeping a clear focus on the security of the data sent and received by remote devices. ‘Security by Design’ and ‘Security by Default’ concepts must be considered and designed early enough to protect user information when these IoT solutions are eventually released. In certain market sectors, for example, healthcare and remote patient monitoring, the medical data must be protected from misuse and not become available outside the control of the patients and the Health Delivery Organizations.
Users must also become informed to add something new, ‘Security by Demand,’ to their requirements – where they insist that providers of IoT solutions go beyond minimal security implementations (as increasingly required by government regulations) to protect the data content from remote devices. Misuse of personal private information for financial gain by attackers is already widespread – misuse of medical data could be a significant public health hazard.
++
David McGuire, CEO, SpecterOps
Identity security has never been more important and must remain top of mind for all organizations this Data Privacy Day. In our digitally connected world, identity security is essential in protecting sensitive data and systems from breaches and unauthorized access.
Identity security is a “back door” that many organizations still leave unlocked. It can lead to ransomware attacks or data theft that disrupts business operations and negatively affects sales, customers and employees. Public companies must disclose material incidents, which can cause reputational damage and result in hefty fines.
To put privacy first, CIOs and business leaders should reduce their organization’s identity risk by removing unnecessary access to domain-level controls (known as Tier Zero to users of Active Directory or Entra ID). They should also limit all users to only access the specific data and systems they need for their respective jobs. Therefore, if a breach occurs, attackers will have limited ability to move laterally or escalate to access levels that let them download your data or shut down your business. Additionally, implementing a robust Attack Path Management program will help organizations continuously identify attack paths to Tier Zero assets and provide remediation guidance and board-level reporting to show improvements over time.
In your approach to cybersecurity, you must think like an adversary and train your security teams to do the same. Implement training for your people so they learn offensive skills (e.g., as “the attacker”), even if they are defensive-minded security specialists or developers. Doing this, in the long run, will empower them to architect your internal technology stacks effectively and help your organization safeguard its data.
++
Ori Bendet, VP of Product, Checkmarx
In today’s digital world and in the beginning of the AI era, data is the main currency of companies. Software vendors need to treat it as such and do whatever is possible to protect it. Protecting your customers’ data should be done by layers, each layer adding an additional aspect of protection and prevention. Application security and data protection should be done with a threat analysis and risk management approach as you can never achieve 100% coverage. You are as good as your weakest link in the security chain and the attackers are not giving us any discounts or waiting for us to improve our defenses.
++
David Redekop, CEO, ADAMnetworks
Data Privacy Day is a reminder for both businesses and individuals to prioritize protecting sensitive information. Consumers must educate themselves on how to protect and control their information. Companies must ensure they are providing users with data transparency.
Major tech companies such as Google, Apple, and Microsoft play a central role in the privacy ecosystem and must also facilitate privacy protection. But for that to happen, their business model has to be in line with valuing privacy. For example, until something changes fundamentally, Google will forever have a difficult time implementing that since data collection for sales purposes is at the core of their business model. Apple makes their money by a different philosophy, so there is at least the philosophical core in place that allows them to move in the right direction without the conflict of interest holding them back. This doesn’t mean Apple doesn’t collect data, of course. It means at the core the data collection is for a different purpose, and thus the handling is completely different.
Public Policy changes have also been tightened in various geographies, and severe penalties are due upon non-compliance. For example, in Canada, federal privacy laws are captured nationwide via PIPEDA (The Personal Information Protection and Electronic Documents Act) while in the US, there are sector-specific federal laws (HIPAA, GLBA, COPPA, FCRA, FERPA, DPPA). To make meaningful progress, these companies must prioritize user-centric privacy models, even if it means rethinking their core business strategies. But perhaps the most impact can be gained by consumers demanding better privacy at the outset. The squeaky wheel often does get the grease.
++
Justin Endres, Chief Revenue Officer, Seclore
As we observe Data Privacy Day 2025, it’s crucial to understand that the reliance on traditional perimeter-based security is no longer adequate. The constant movement and sharing of data across cloud platforms, email, and third-party applications necessitate an urgent shift to a data-centric security approach.
The emergence of Generative AI has brought about new risks, significantly increasing the chances of inadvertent exposure, modification, or misuse of sensitive information. This underscores the need for organizations to be hyper-vigilant about the data they feed into AI models and ensure its protection, regardless of its location. Without robust, persistent security measures, the efficiencies driven by AI can quickly turn into data leak nightmares.
With the current U.S. administration ushering in regulatory changes and uncertainty, the security landscape remains fragmented and unpredictable. The fact that compliance today does not guarantee compliance tomorrow underscores the need for organizations to adopt security strategies that are not just compliant but also adaptable and future-proof. This Data Privacy Day, businesses should move beyond compliance checkboxes and embrace proactive data protection strategies that keep information secure without disrupting productivity. True privacy and security require persistent, intelligent control over data, no matter where it may travel.
++
Ram Mohan, Chief Strategy Officer at Identity Digital
Protecting sensitive information online begins with robust domain security. Domains, as the primary entry points to the internet, are constantly under attack from phishing and impersonation attempts designed to exploit vulnerabilities and undermine trust. A proactive approach is therefore paramount. Proactive measures like those outlined in ICANN’s Security Framework and other collaborative initiatives are essential to defend against these threats. By deploying advanced tools that block risky lookalike domains, we can neutralize malicious activity before it impacts businesses and individuals.
The digital economy’s rapid expansion intensifies the critical need for scalable, reliable, and secure domain infrastructures. Failure to address this need leaves us vulnerable to escalating cybersecurity risks. The migration of crucial domains like .ai to modernized platforms is a vital step in building the necessary resilience. This Data Privacy Week is a stark reminder: inaction is not an option. Let’s commit to building a safer, more trusted internet—before the consequences of inaction become irreversible.
++
Dan Benjamin, Sr. Director of Product Management, Prisma Cloud, Palo Alto Networks
AI is driving cloud investments for 63% of organizations, significantly increasing data volumes across diverse environments. However, as data spans on-premises systems, SaaS, public clouds, endpoints, and more, managing its complexity and ensuring security becomes a critical challenge.
The first step and arguably most important step is discovering all data locations, as security protocols vary depending on whether data resides in the cloud, on-site, or across boarders. Once identified, businesses can focus on controlling access and preventing data exfiltration to safeguard sensitive information effectively.
++
Art Gilliland, CEO, Delinea
Data Privacy Day is an important reminder that the threat landscape is growing in complexity, especially as AI-driven threats become increasingly sophisticated. Multiply this with the ongoing transition to the cloud and adoption of AI tools, and now enterprises must manage and secure a diverse and expanding array of both human and nonhuman identities – all of which have access to critical systems and data. It’s why identity security has become the frontline of a modern cybersecurity defense strategy. In fact, 80% of enterprises have experienced an identity-based attack in the past year, with 93% of those affected reporting measurable losses. Securing these human and nonhuman identities should be the top priority for enterprises in the age of AI. Through intelligent authorization, organizations can apply the same rigorous security standards to nonhuman identities as they do human identities. By managing credentials and enforcing strict adherence to least privilege principles, organizations can minimize risks associated with unauthorized access or misuse, secure their AI-driven environments, and stay ahead of evolving cyber threats.
++
Freddy Kuo, Chairman, Luminys
Data Privacy Day serves as an essential reminder of the importance of protecting both personal and organizational data. As we look toward 2025, AI’s impact on data privacy and security will continue to grow, transforming how we analyze data, detect threats, and safeguard information. Innovations like Video Surveillance as a Service (VSaaS) are leading the way, setting new standards for security and efficiency.
In the video security sector, AI-powered VSaaS solutions are driving transformative advancements. With self-learning capabilities and AI-integrated image signal processing (AI-ISP), these technologies adapt to evolving environments, providing businesses with more effective and efficient threat detection.
By embracing privacy-by-design principles and embedding them into every layer of product development, organizations can establish a stronger security posture. A resilient framework that prioritizes simplicity, control, and a commitment to safety empowers users to protect their data while fostering trust and confidence.
This Data Privacy Day, let us reaffirm our dedication to leveraging AI-driven advancements to safeguard data and privacy with greater precision, efficiency, and impact.
++
Bruce Kornfeld, Chief Product Officer, StorMagic
Data Privacy Day serves as an important reminder for organizations of all sizes to maintain their data protection standards year-round. As more organizations are expanding their IT strategy to include edge infrastructure, there are more risks to customer data privacy and strategies organizations must implement to ensure protection of their business-critical data at the edge.
First, CIOs must institute a comprehensive security framework that addresses as many vulnerabilities as possible while staying within budget. Second, businesses need to put in place strong data encryption policies so that if any bad actors make it through the security protections, the data they retrieve will still be unusable – and customer privacy will be maintained.
++
Richard Bird, Chief Security Officer, Traceable AI
On Data Privacy Day every year, you’ll often hear cybersecurity experts shouting from the rooftops about the importance of modernizing your security stack, best password practices and the role securing APIs play in maintaining compliance. While all these points need to be repeated regularly for novice and seasoned IT and security professionals, I want to emphasize the role that self-awareness plays in safeguarding data.
Sensitive data isn’t just leaked on Dark Web forums, but more often than not, it is spilled at local coffee shops, restaurants, airport lounges, and other public spaces. Even individuals with the best password practices, password managers on their phones, and multi-factor authentication can often share personal identifiable information, trade secrets, or sensitive corporate details while in public. Sometimes, adversaries don’t have to find a way to penetrate a network using advanced threat tactics: all they have to do is turn off their headphones and listen.
In honor of this day, I want to reiterate the importance of common sense in strengthening security posture. Don’t just follow best cybersecurity practices on your network, always be aware of your surroundings when you’re holding meetings, whether virtually or in-person, in public places, keep your headphones volume down, or consider meeting somewhere privately. Even the strictest of compliance laws and advanced security platforms will fail if we don’t use good judgment when discussing sensitive information.
++
Konrad Fellmann, Chief Information Security Officer, Cubic Corporation
On this Data Privacy Day, I want to spotlight a critical challenge faced by service providers in the mass transit sector: managing personal information responsibly in an era of rapidly evolving privacy regulations. Emerging laws like the California Privacy Rights Act and General Data Protection Regulation are setting a higher bar for responsible data stewardship. These regulations emphasize principles like data minimization, limitations on usage for specific disclosed purposes, and user consent—mandating not just compliance, but a culture of privacy. For service providers and agencies collecting personal data for mass transit fare collection, this shift is monumental.
Service providers act as intermediaries between transit agencies and the public, handling sensitive data like names, payment details, and travel patterns. While this data is critical to operational efficiency, it is also a potential target for misuse, fraud or criminal mischief. Moreover, transit agencies are increasingly holding their vendors accountable for meeting privacy and security standards to protect public trust.
Therefore, I urge service providers in the transit space to move beyond compliance and embrace a privacy-first mindset. It’s not just about adhering to regulations—it’s about earning the trust of agencies and the public we serve. After all, privacy isn’t just a legal obligation; it’s a fundamental aspect of ethical business. Together, let’s ensure that as the world moves forward with smart cities and digital transit, privacy is at the heart of every step.
++
Cris Grossmann, CEO and founder, Beekeeper
Data Privacy Day is a vital reminder of the need to protect personal information and uphold privacy rights. Yet, frontline workers — who often operate outside traditional office settings—are frequently overlooked in discussions about data protection. Many frontline industries still rely on outdated communication methods, such as pen-and-paper systems or personal text chains, leaving workers vulnerable to data leaks and privacy breaches.
As AI becomes increasingly integrated into workplace technologies, it’s essential for frontline organizations to invest in secure, privacy-compliant solutions that address the unique needs of their workforce. Ensuring technology complies with standards like GDPR is a critical first step, helping employers safeguard sensitive information, mitigate risks, and build trust with their teams.
By adopting modern technologies designed with data privacy at their core, companies can not only meet legal requirements but also foster a culture of security and efficiency. Protecting employees’ personal data empowers frontline workers to perform with confidence, knowing their information is handled responsibly.
++
Keith Palumbo, Co-founder and CEO, Auguria
Data Privacy Day is an annual reminder of the importance of protecting personal information and maintaining best data protection practices. To maintain a robust posture, it’s imperative that organizations detect cyber threats as early as possible. One way to help achieve this is by minimizing the excess noisy alerts within their security operations.
Traditional data analysis and alert handling methods are insufficient, leaving SOC teams spread thin. Alert fatigue leads to overlooked threats, breaches, and compromised data due to the overwhelming amount of false positive alerts and other information that SOC teams must trudge through. Embracing contextual awareness is essential to combating this issue. By prioritizing meaningful data and reducing noise, organizations can accelerate their security readiness, ensuring better protection for their sensitive information. At the end of the day, there is no durable concept of data privacy without effective operational security.
++
Joe Silva, CEO, Spektion
As we observe Data Privacy Day, it’s important to recognize that valuable data is at risk. Data privacy is a significant criteria in how organizations buy software, and buyers should expect their vendors to be more proactive in how they manage data privacy considerations, as opposed to reactive.
Currently, traditional risk management often reacts to breaches rather than preventing them, and its methods are becoming outdated. The need for security measures that not only assess risk but also identify vulnerabilities before they are exposed is critical. Companies should honor data privacy, advocate for stronger protections in their software and from their external partners, and stay informed about evolving technology. With constant technology updates, data becomes more at risk, therefore strategic and proactive operations are crucial to ensuring a risk-free environment.
++
Clyde Williamson, Senior Product Security Architect, Protegrity
Organizations in the United States are relying on outdated data privacy laws that don’t account for modern technology and cyber threats. Rather than following the spirit of what regulatory guidance there is, many choose to continue relying on similarly outdated data protection methods and are missing the mark on both compliance and consumer trust.
Service sectors such as finance, healthcare, cellular and internet service providers hold a plethora of users’ personal identifiable information (PII) requiring more stringent methods of securing data beyond the thin layer of single-answer password resets, authentication, or account creation. When PII is compromised, it opens a door for individuals, their friends and family to fall victim to scams, frauds and identity theft.
Organizations that want to continue having consumer trust, and their data that comes with it, must invest in up-to-date solutions that protect data at its core and render it useless if a breach occurs. Encryption, tokenization, data masking and anonymization all culminate in keeping your sensitive data out of the hands of bad actors.
Data Privacy Day needs to be a wake-up call for organizations that data security and protection isn’t an afterthought – they must strengthen their security posture and limit the blast radius data breaches have on both their internal networks and their users.
++
Ratan Tipirneni, President & CEO, Tigera
Data Privacy Awareness Week serves as a reminder that having robust Kubernetes security is paramount, especially as organizations increasingly deploy GenAI applications with Kubernetes. Building and deploying GenAI applications creates security risks when it comes to data privacy, integrity, and security. Built using sensitive data sources from inside an enterprise, once an organization deploys such applications, their attack surface increases greatly.
Let this Data Privacy Week be a wake-up call to organizations deploying GenAI applications on Kubernetes to make security a priority. To achieve comprehensive security for GenAI applications deployed on Kubernetes, organizations should prioritize: implementing network security access controls, adopting vulnerability management practices to proactively identify and address vulnerabilities, preventing and addressing misconfigurations, and maintaining observability.
++
Nick Mistry, SVP, CISO, Lineaje
On Data Privacy Day, we are reminded that the integrity of our data depends on the strength and transparency of our software supply chains. With an increasing reliance on open-source components, especially for AI models and other critical systems, the risk of supply chain attacks continues to grow. Malicious or compromised code hidden within software dependencies can have far-reaching consequences, affecting not just the organizations that create them, but also the users and industries that depend on them. Alarmingly, 95% of all vulnerabilities come from open-source, and approximately 50% of open-source components are not maintained, leaving systems vulnerable to exploitation and creating significant risks to both security and privacy.
Organizations must prioritize monitoring and securing their software supply chains to mitigate risks effectively. Key strategies include:
- Understanding what’s in your software including all dependencies and transitive dependencies.
- Identifying vulnerabilities in open-source components, including those used in AI applications.
- Implementing continuous monitoring of the software supply chain to proactively detect threats.
- Detecting tampering and ensuring software integrity by verifying that all components remain unaltered and trustworthy throughout the supply chain.
- Analyzing the origin and history of open-source dependencies to evaluate potential risks tied to their lineage and provenance.
Additionally, maintaining a comprehensive and up-to-date Software Bill of Materials (SBOM) is critical. A detailed SBOM provides full visibility into all components within the software, empowering organizations to verify software integrity and respond quickly in the event of a vulnerability or breach. By enabling swift identification and remediation of compromised or tampered components, organizations can minimize disruption and safeguard their systems effectively.
On Data Privacy Day and beyond, let’s commit to strengthening our security practices and building more resilient systems. A secure software supply chain is not just about protecting data, it is about safeguarding the integrity and trust of the digital world.
++
Ramprakash Ramamoorthy, Director of AI Research, ManageEngine, Zoho Corp
As AI continues to shape our digital lives, it’s easy to get caught up in the excitement of what’s possible. But let’s not forget that with great power comes great responsibility—especially when it comes to data privacy.
AI thrives on data. It learns from it, adapts to it, and sometimes even surprises us with insights we never anticipated. But here’s the catch: behind every data point is a person—a name, a preference, a story. It’s not just about numbers on a spreadsheet; it’s about trust.
This Data Privacy Day, I believe the conversation needs to shift from why privacy matters to how we can protect it in meaningful ways. Organizations leveraging AI must bake privacy into every stage of their AI life cycle—from how data is collected and processed to how it’s stored and even discarded. Transparency isn’t a luxury; it’s a necessity.
But the responsibility isn’t solely on companies. As individuals, we must ask tougher questions: What am I sharing? Who’s using it? For what purpose? Privacy isn’t just a policy buried in fine print; it’s a right we must defend together.
In 2025, the challenge won’t just be protecting personal information but doing so at the speed of AI. The pace of innovation is blistering, but no breakthrough is worth compromising the trust of the very people who make that innovation possible.
On this Data Privacy Day, let’s recommit to safeguarding privacy—not just because it’s good practice, but because it’s the right thing to do.
++
Carl D’Halluin, the CTO of Datadobi
The number one data privacy best practice is simple: ensure the right data is in the right place at the right time. Throughout its lifecycle, data should be protected and only accessible as needed. While this is easier said than done, it’s imperative to implement the right strategies and technologies. Data is an organization’s most valuable asset and its greatest potential risk.
Balancing these aspects is key. Effective data management optimizes business intelligence, enables smarter decision-making, and provides a competitive edge. It also ensures compliance with internal governance, legal mandates, external regulations, and financial goals.
++
Jimmy Astle, Senior Director of Detection Enablement at Red Canary
The rise of generative AI has brought data privacy to the forefront of global conversations. These AI models, trained on vast amounts of internet-scraped data, have ignited concerns about consent and transparency. Questions are being asked about whether individuals and organizations should be informed if their data is being used in this way.
It’s clear our current privacy laws are struggling to keep pace with the evolution of technology. However, while generative AI adds complexity, it doesn’t eclipse existing data privacy concerns that we’re already grappling with. In fact, the most pressing challenges still stem from widespread data breaches and apps that exploit personal data for profit.
What GenAI has done though is introduce new dimensions to these existing challenges. For example, we’re seeing a rise in AI-driven SaaS tools that collect and process user data. Technology vendors are increasingly offering opt-out options for their AI features to safeguard user privacy, but this underscores a larger need for more clarity around how data is being used.
The path forward demands a balance of adaptability, transparency, and regulation. Organizations must take proactive steps to safeguard privacy, including clear communication around data practices and investment in privacy-preserving technologies. Regulators must also work closely with the technology industry to craft policies that protect individuals without hindering progress.
Original Story: https://vmblog.com/archive/2025/01/28/tech-experts-reflect-on-data-privacy-day-2025.aspx
