Ad Image

Data Privacy Week 2025: Insights from Over 60 Industry Experts

Solutions Review’s Tim King curated this guide to 2025 Data Privacy Week insights, featuring a selection of commentary from industry leaders.

In honor of Data Privacy Week 2025, January 27-31, we’ve curated the definitive thought leader guide, drawing on the collective expertise of over 50 industry leaders and privacy professionals. This curation brings together in-depth insights and commentary from some of the most respected voices in data privacy, offering a comprehensive view of the current landscape and the evolving challenges facing businesses, regulators, and individuals alike.

As privacy concerns continue to grow (see DeepSeek), navigating the complexities of data protection has become more critical than ever. From emerging technologies like AI and blockchain to shifting regulatory frameworks and the increasing threat of cyberattacks, privacy is at the forefront of conversations across industries.

Through this guide, we aim to provide practical strategies, actionable advice, and forward-looking perspectives to help you not only stay compliant but also build trust with your customers, safeguard sensitive information, and foster a culture of privacy within your organization.

Whether you’re looking to deepen your understanding of data privacy laws, enhance your organization’s privacy policies, or simply stay ahead of industry trends, this collection of expert insights is your go-to resource for navigating the constantly evolving world of data privacy.

Data Privacy Week 2025 Insights


Jamie Moles, ExtraHop

“Data Privacy Week highlights the importance of data protection amid today’s evolving threat landscape. As we saw in 2024, high-profile data breaches reached record highs, costing organizations millions of dollars. This is our new reality, and large-scale attacks that compromise sensitive data will continue this year across all industries, considering rising geopolitical conflicts and cybercrime groups’ more advanced strategies.

Recent research from ExtraHop found that bad security hygiene and improper training, enabling attackers to steal and use credentials to enter an organization’s network, was a common point of entry for security breaches – with long-term costs averaging $677 million. Improving security hygiene to prevent these breaches is essential, and Data Privacy Week is the perfect reminder for companies to equip their employees with the knowledge to keep sensitive data secure and uphold privacy standards.

One critical investment is prioritizing cyber training for all employees. Everyone should be aware of the latest risks – such as social engineering and phishing attempts – and be required to follow basic security hygiene protocols like using unique complex passwords, activating multifactor authentication, remaining wary of suspicious emails or texts, and enabling regular software updates. Following these steps, in tandem with investments in cyber resilience, can protect organizations from a costly security incident.”


Gary Orenstein, Bitwarden 

“Protecting privacy starts with being proactive. For businesses, integrating privacy at the core of operations—whether at the organizational level or for individual employees—is crucial for establishing a robust security foundation in an increasingly complex digital landscape.

This approach isn’t just about compliance; it’s about empowering teams with the tools and knowledge needed to protect sensitive data, quickly address potential security concerns, and cultivate strong security practices across the board. One of the most effective first steps in this journey is the adoption of password managers. These tools help reinforce better security habits, ensuring that employees use strong, unique passwords across various accounts, which significantly reduces the risks tied to weak or reused credentials.

However, security and privacy require more than just password management. A multi-layered strategy—incorporating additional tools like privacy-centric browsers, email alias providers, and VPNs—further enhances protection and minimizes the likelihood of data misuse or breaches. Some of the most recommended this year have been Brave and Firefox browsers, DuckDuckGo for search, and Signal for messaging.

In a continuously evolving cybersecurity landscape shaped by advancements in AI and emerging regulatory shifts, it’s critical for businesses to stay ahead of these changes to protect organizational and personal data. Staying informed and proactive will help businesses secure their digital assets, build trust with customers, and minimize the risks to their operations.”


Chris Gibson, FIRST

Data privacy challenges & AI

“AI will undoubtedly dominate data privacy conversations in 2025, but it’s a double-edged sword. On one side, AI empowers defenders with real-time threat detection, predictive modeling, and automated responses through tools like SOAR (Security Orchestration, Automation, and Response). These capabilities can cut detection times from hours to minutes, making a significant difference in preventing breaches that threaten sensitive personal data.

However, understanding and anticipating the flip side is just as critical. Bad actors are using AI to automate sophisticated phishing campaigns, identify vulnerabilities faster, and evade detection with AI-designed malware. This means organizations must adopt AI-based threat detection tools to counter these evolving tactics and protect the personal information they manage. Success in 2025 will come to those who balance AI’s potential with the vigilance to address its risks, all while keeping data privacy at the forefront.”


Rob Truesdell, Pangea

Systemic data exposure

“In 2025, we’re seeing a concerning trend where sensitive data exposure through AI isn’t primarily coming from sophisticated attacks – it’s happening through basic oversights in authorization and data access controls. Organizations are discovering that their AI systems are inadvertently sharing confidential information simply because they haven’t defined who should have access to what.”


Shrav Mehta, Secureframe

Only store the data you need

“Data minimization is fundamental to effective risk reduction. Organizations must develop a clear prioritization strategy—identifying their most critical assets and building targeted security measures around them. While organizations should aim for comprehensive security across all systems, strategic prioritization ensures critical assets receive appropriate protection. The most effective approach often starts with a simple principle: if you don’t need to store certain data, don’t collect it in the first place.”


Greg Clark, OpenText Cybersecurity

“From the U.S. government’s robust new cybersecurity executive order (which could or could not be implemented with a new administration) to HIPAA, GDPR and AI privacy policies, organizations are navigating increasingly stringent and complex rules that span industries and borders. These challenges can strain resources and create operational risks.
This Data Privacy Week underscores the urgency of embracing an organization-wide privacy-first approach to shift away from complexity, ensure compliance and protect data from persistent cyberattacks.
  • What all organizations can do: Adopt clear, company-wide policies that ensure the secure use and handling of information. This is crucial with the rapid adoption of GenAI tools. A recent OpenText survey found only 27 percent of employed respondents use privacy tools and settings to protect workplace information when using GenAI.
  • What data privacy and security teams should do: At a practitioner level, simplifying security stacks can help protect information by reducing fragmentation, improving cross-team communication, leveraging contextually relevant threat insights, and increasing transparency within data and other business systems. It also allows them to unify threat detection and response, data discovery and protection, modernizing data privacy and strengthening privacy and security postures.
  • What employees should do: Individual employees play a critical role in protecting data. Phishing scams and insider threats are only getting more sophisticated. Whether a large enterprise or a small business, education and awareness across all departments need to be layered on top of AI-powered technologies that detect threats.
A privacy-first approach doesn’t have to slow innovation. By streamlining security stacks and policies, organizations can move beyond complexity to unlock more efficient, integrated workflows.”

Gary Barlet, Illumio 

“January 28 is Data Privacy Day. And it’s come at an appropriate time. Just weeks ago, the U.S. Treasury revealed a breach that exposed sensitive personal data, including 3,000 unclassified files. A new year with the same old story of massive data breaches and leaked personal information. Yet organizations and agencies are taking the same security measures year after year. We need to fundamentally rethink how we protect the data that powers our lives, starting with Zero Trust as the foundation. And if there’s one thing this year’s Data Privacy Day reminds us, it’s this: it’s time to stop talking about securing data and start actually doing it.”


David McInerney, Syrenis

“AI is reshaping the world as we know it, and global enterprises are pouring money into its development. But as AI becomes ubiquitous, so too do the growing concerns about its impact on data privacy. As a result, we’ll see an explosion of AI regulation in 2025 – and businesses must be ready to act fast.

For many it’ll be an uphill battle because simply complying with new regulations won’t cut it. In fact, with 64 percent of consumers feeling their country’s privacy regulations don’t do enough to protect them, it’s the bare minimum. To truly gain consumer trust, companies must embrace transparency, consent, and preference management. AI is here to stay, but if consumers feel their right to privacy is being abused, they won’t hesitate to walk away.”


Nicky Watson, Syrenis

“After a year of data privacy scandals dominating headlines, it’s become clear that data breaches and misuse are wearing down consumers’ trust in businesses. Heading into 2025, companies aren’t just under the microscope of the government, they’re facing growing demands from the public for straightforward, ethical data practices. They can’t treat data privacy like a box to check when it’s become such a public priority. And the AI boom hasn’t helped any of this consumer skepticism, with 78 percent of Americans finding AI data-sharing policies confusing.

The message is loud and clear: consumers demand transparency and control over their data. The companies that heed the call are poised to succeed and thrive, building direct relationships. Those that don’t are risking the customer’s trust – not to mention their reputation.”


Greg Ives, Nutrient

“Document data privacy is becoming an increasingly critical issue, particularly in highly regulated industries such as finance, healthcare, legal and government, where the proper handling of sensitive information is paramount. Emerging AI technologies are transforming how we manage sensitive data in documents. AI-driven tools, leveraging natural language processing (NLP) and large language models (LLMs), can enable efficient redaction and anonymization of sensitive information such as personally identifiable information (PII), financial data, and healthcare records within documents. These tools automate the redaction process, minimizing human error and speeding up document preparation for secure sharing or archiving, while ensuring compliance with regulations like GDPR, HIPAA, and CCPA.

Beyond redaction, AI can support pseudonymization, generalization, and data masking, converting sensitive data into formats that maintain utility while protecting privacy. Continuous improvements in LLMs allow these systems to adapt to emerging patterns and threats, ensuring data integrity and privacy. By harnessing AI, organizations can manage their document data securely and responsibly.”


Darren Guccione, Keeper Security

“Global cyber threats are growing more prevalent and sophisticated every day. As we prepare to mark Data Privacy Day, there’s no better time to reflect on the pivotal role of zero-knowledge encryption in protecting your business against cyber threats.

Zero-knowledge encryption is as secure as it gets. It ensures that only the user has access to their data – period. With true zero-knowledge encryption, your information is encrypted and decrypted directly on your device, meaning the service provider doesn’t hold the keys, even for recovery or troubleshooting. This level of control goes beyond what traditional security tools, or even “almost” zero-knowledge solutions, can offer. “Almost” solutions still leave potential vulnerabilities, with access points or backdoors that undermine your security. With zero-knowledge, there are no loopholes – just absolute confidentiality.

As businesses, we hold a responsibility to protect client data, intellectual property and everything in between. Zero-knowledge encryption plays a pivotal role in fulfilling that duty. When your data is protected at every stage – whether in storage, transit or in use – you’re reducing the risk of exposure from every angle. True zero-knowledge encryption is a crucial step for businesses in building a comprehensive security strategy. As cyber threats grow in frequency and complexity, taking decisive action to protect your data is essential to staying ahead of bad actors.”


Devin Ertel, Menlo Security

“The growing use of SaaS and AI has shattered the illusion of a centralized, easily managed data repository. Gone are the days when we have our data in one place and can wrap our arms around it. Our sensitive information is scattered across countless platforms and products, making tracking its flow and ensuring its protection incredibly challenging. Furthermore, the sheer volume and variety of data we generate and store today eclipses anything we’ve seen before. Where once a single business unit might have been responsible for a dataset, now multiple departments access and utilize the same information, creating a complex web of permissions and potential vulnerabilities. Understanding who should have access to what and how they should be using it is more complicated than ever.”


Eric Schwake, Salt Security

“Data Privacy Week serves as an important reminder of the need to protect sensitive information in our connected world. As businesses rely more on data for innovation and enhanced customer interactions, safeguarding this vital resource becomes essential. This effort involves not just following data privacy laws but also putting effective security protocols in place to prevent unauthorized access and data breaches.

API security is closely tied to data privacy. APIs, which facilitate data transfer in modern applications, are key to ensuring that sensitive data is managed securely and ethically. Organizations should embrace a thorough strategy for API security, which includes API discovery, posture governace, and runtime threat protection, to reduce the chances of data breaches and uphold privacy compliance. By focusing on API security, companies can show their dedication to data privacy and foster trust with customers and partners.”


Philip George, Infosec Global Federal

“This year, Data Privacy Week falls on the heels of Biden’s Executive Order on cybersecurity, reminding us that post quantum cryptography (PQC) and data privacy should remain at the forefront of every organization’s list of priorities.

With recent supply chain attacks targeting trusted vendors and their government customers (see the US Treasury-Beyond trust breach), the integrity of our software supply-chain has once again been thrust into focus. This latest Executive Order will help to establish a common standard for submitting machine readable software attestations, support artifacts like software and cryptographic bill of materials, and ultimately, secure more data.

The order calls for a concerted effort to expand awareness around PQC-ready products by providing a list of product categories that support PQC. Subsequently, agencies will be required to include a requirement for products that support PQC preparedness and adoption in future solicitations. Lastly, agencies will be required to start adopting new PQC standards after identifying network security products and services that are actively employed within their systems. There will also be direct outreach from the U.S. government to its allies and partners to encourage similar action within their technology environments.

This does not only apply to government agencies. Private organizations that still have not completed their inventory and mapping of cryptographic dependencies must also do so quickly. This is important to understand which new standard will work best for their various assets and his inventory is critical to creating detailed migration plans that prioritize the most sensitive and critical assets, ensuring they are first in line for upgrades to PQC standards.

Data Privacy Week reminds us that government agencies and private organizations alike should not stay complacent. The “steal now, decrypt later” approach by adversaries remains true and quantum computing-based attacks will become a reality. Let this be yet another wake-up call to prepare your organization and conduct cryptographic inventory before it’s too late.”


Boris Cipot, Black Duck

“In a world of sophisticated cyber threats and rigorous regulations like GDPR and CCPA, it is important to highlight data privacy and the protection of sensitive information. As today’s trends lean toward remote work practices, cloud adoption and widespread webservice offers, we as users have the desire for transparency about data generation, storage, and its usage. On the other hand, businesses offering those services should feel the pressure to implement robust protection of this information.

Therefore, Data Privacy Week is not something that happens once a year and is over and forgotten about after five days, but should rather give us a starting point, a kickoff, to see what has happened in the past, what we can expect in the future and how we should act in order to avoid the bad and embrace the good in the field of data privacy.

The main security trends we see in the industry are:

  • Adaptation of Zero Trust Architecture, where organizations are following the “never trust, always verify” approach to protect data access.
  • Focus on Open-Source Security to secure the usage of OSS dependencies and comply with their licensing obligations.
  • Usage of Privacy-Enhancing Technologies (PETs) where organizations are using tools to mask, encrypt, and anonymize data to minimize risks without compromising usability.
  • Proactive Testing Across the SDLC to embed security and privacy checks into every stage of software development lifecycle to ensure compliance and minimize the likelihood of exploitable vulnerabilities.

Businesses have constant pressure to enhance their data privacy therefore it would be recommended that they conduct regular data audits to map out what data they collect, why, and where it’s stored, ensuring that unnecessary data is not retained. Another important topic is privacy awareness. Secure handling of data and recognizing threats is a must in employee training. As supporting mechanisms, businesses should consider automating their compliance violations and implement runtime protections, for example, Runtime Application Self-Protection (RASP) tools that can detect and mitigate attacks in real time.

When it comes to software development, businesses must also think about robust AppSec practices. Here the implementation of technologies like Static Application Security Testing (SAST) and Software Composition Analysis (SCA) is a must. SAST tools will help discover and mitigate vulnerabilities in your own code where SCA tools will help organizations to identify used open source in their development and mitigate its vulnerabilities and license compliance risks. Additionally, Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) help organizations uncover vulnerabilities in code, configurations, and dangerous application behavior. Fuzzing techniques that simulate attacks can further help to uncover hidden flaws that traditional testing technologies may miss.

Organizations can adopt a holistic approach to data privacy and application security by integrating AppSec tools into their CI/CD pipelines and their Dev(Sec)Ops workflows.”


Stephen Kowski,  SlashNext

“Data Privacy Week reminds us that phishing attacks designed to steal personal information or credentials are no longer just an email problem. Attackers are finding new ways to compromise our data through QR codes, AI voice scams, and multi-channel attacks. We’re seeing a dramatic rise in QR code scams since late 2023, particularly targeting business leaders, while AI voice scams are increasingly targeting those over the age of 60. The most concerning trend in early 2025 is how sophisticated these attacks have become, with criminals using multiple channels simultaneously – as seen in recent cases where fraudsters combined email bombing with chat and voice phishing.

The key message for Data Privacy Week is simple: we need to expand our understanding of phishing, specifically how your data privacy can be compromised beyond just email-based attacks. Whether it’s scanning QR codes, answering phone calls, or responding to messages on various platforms, every form of digital communication needs the same level of scrutiny we’ve learned to apply to our emails. Staying informed about these emerging threats is our best defense in protecting our personal information.”


Brandon Williams, Fenix24

“In today’s hyper-connected world, data is the lifeblood of every business. We collect vast amounts of personal and sensitive information from our customers, employees, and partners, which helps fuel innovation, but it also presents significant risks. A single data breach can have devastating consequences, from financial losses and reputational damage to legal liabilities and even criminal charges.

As the leaders of our organizations, we have a duty to protect this valuable asset. This responsibility transcends mere compliance with regulations like GDPR or CCPA. It demands a proactive and comprehensive approach to security.

  • Shifting the Paradigm: We must move beyond simply reacting to threats. We need to adopt a “security-first” mindset, where data protection is embedded into every aspect of our business, from product development to customer service. This requires a fundamental shift in our thinking, prioritizing security by default and minimizing unnecessary data collection.
  • Investing in Robust Security: This includes implementing robust security controls, such as multi-factor authentication, encryption, and regular security assessments. We must also invest in our people, providing them with the training and resources they need to identify and respond to potential threats.
  • Building Trust: Transparency and trust are paramount. We must be transparent with our customers about how we collect, use, and protect their data. We must also actively engage with our customers and stakeholders on data privacy issues.

Data Privacy Week is not just a week of awareness; it’s a call to action. It’s an opportunity for us as business leaders to demonstrate our commitment to data security and build a more trustworthy and resilient digital future.

Key Considerations:

  • Go Beyond Compliance: While compliance is essential, it’s not enough. We must continuously evaluate and adapt our security measures to address the ever-evolving threat landscape.
  • Bolster your Backups: Despite common beliefs, 93 percent of attacks target backups, with 68% successfully destroying critical data. It’s crucial to invest in a resilient, continuously hardened backup solution that can scale with your growth before it’s too late.
  • Enhance Recovery and Resilience: Develop and implement a realistic recovery strategy to ensure quick restoration of operations and data integrity after an attack. Focus on building resilience to withstand and recover from disruptions effectively.
  • Invest in Cybersecurity Talent: Cultivate a strong security culture within your organizations and attract and retain top cybersecurity talent.

By prioritizing data privacy and security, we can build a more secure and trustworthy digital future for our customers, our employees, and our businesses.”


Agnidipta Sarkar, ColorTokens

“Data Privacy Week highlights the need for continuous improvement in our data protection strategies. Privacy laws across the world expect “reasonable security measures” to be implemented to ensure personal and sensitive data remains out of reach from hackers and the dark web. Over the years the industry has been investing in many tools, and yet breaches are not decreasing. It is time to think of foundational mechanisms like zero trust to ensure data protection. Dividing the digital environment into smaller, isolated micro-perimeters, each containing a specific group of resources, users, or applications, using software-defined policies or rules, limits the scope of a potential data breach. Staying breach-ready is crucial, as it not only helps in complying with data privacy regulations.”


Brian Reed, Proofpoint

“Data Privacy Week highlights a critical challenge: the AI data privacy paradox. While generative AI offers immense potential, it also introduces significant data loss risks. Inputting confidential information or Personally Identifiable Information (PII) into these systems is like handing attackers a loaded weapon, and businesses are understandably worried. Proofpoint’s 2024 Data Loss Landscape Report reveals that 40 percent of Australian CISOs identify GenAI tools as a top organizational risk, underscoring the need for robust data protection strategies.”

In order to protect themselves, organizations must take a human-centric approach to cybersecurity to defend their data. This approach brings together an understanding of data classification, user intent, and threat context and applies it consistently across all communications channels, including email, cloud, endpoint, web, and GenAI tools. This also means guiding employees with relevant, in-the-moment interventions and personalized learning paths based on an individual’s unique risk profile to cultivate a behavior change, where everyone understands the risks and plays a role in safeguarding the organization.”


Yoram Novick, Zadara 

“Data privacy and security are critical in today’s increasingly digital world. The rapid growth of cloud computing, with global spending forecasted to be well above $1 trillion, underscores the importance of protecting data within these systems. Organizations must prioritize robust security strategies to secure data storage and transfers, including selecting trusted hosting providers and implementing data protection and disaster recovery solutions. Moreover, sovereign AI should be evaluated to overcome the shortcomings of traditional public cloud offerings for AI use cases.
Data is one of the most valuable organizational assets, yet its protection remains insufficient in many cases. The significant negative impact of ransomware in the past year underscores the vital need for integrating cyber vaults and disaster recovery plans to all organizations. These measures ensure data integrity and minimize downtime during cyber attacks, particularly as ransomware threats continue to rise.
Zero trust models and smart security solutions are essential to counter advanced threats. Implementing multi-factor authentication (MFA) and identity-aware systems reduces vulnerabilities such as credential stuffing. These measures help organizations safeguard sensitive information while optimizing business operations.The role of AI in data privacy and data security introduces both opportunities and challenges.
While AI-driven tools simplify processes, they also heighten risks if improperly managed. Maintaining human oversight in AI implementations and adhering to basic security practices are crucial to mitigating threats. As organizations increasingly adopt cloud services for AI, addressing cloud-specific security concerns is critical. The use of advanced sovereign AI cloud solutions will significantly reduce the number of public cloud security incidents.
Data Privacy Day serves as a reminder that safeguarding sensitive data is a shared responsibility among businesses, governments, and individuals. By staying proactive, embracing compliant solutions, and prioritizing education, organizations can navigate the complexities of data privacy and security in an increasingly interconnected world where AI is playing an increasingly vital role.”

Michelle King, Index Engines

“Data Privacy Day is all about championing the protection of personal information and spreading the word on best practices in data security. By focusing on trusted data integrity, adopting a recovery-first mindset, and leveraging new technology including AI, we can truly support these goals. Prioritizing data recovery means we’re always prepared to resume operations after breaches with minimal data loss, and AI-driven security measures give us the edge in detecting and responding to the most sophisticated attacks. Together, these principles build trust and create a safer digital world for everyone.”

Jennifer Mahoney, Optiv

“Data Privacy Week is a great reminder that the onus for protecting customers’ personal data is on the companies that collect, use and share it. Companies have a responsibility to protect consumers, secure their data and do right by them morally, ethically and legally. Handling data privacy the right way drives consumer trust and builds long-lasting relationships.

Consumers are increasingly aware of the value of their data and are seeking ways to reduce their data footprints. They are exercising their data subject rights to opt out of certain data processing and are becoming more informed about the data companies collect and use.

The growing integration of AI-enabled solutions to collect and process data highlights the importance of maintaining safe data practices, responsible AI use and nurturing and growing positive consumer sentiment. Here are four areas companies can prioritize immediately to head down the right path:

  • Transparency: Maintain transparency around AI use, data collection, processing and sharing activities. Without transparency around the use of personal information, organizations run the risk of alienating their customers. Companies must also be transparent in their privacy notices and terms of conditions, writing them in a way that’s consumable and easy to understand.
  • Choice: Offer individuals choices about how their data is processed and used for marketing purposes. For example, enable them to opt out of sharing data with third parties, advanced advertising practices (i.e., geolocation or behavioral indicators) or processing of certain sensitive data. Increased choice not only helps companies address regulatory requirements but also allows customers to feel valued and respected.
  • Control: Offer control through a tailored experience that allows users to adjust their data-sharing preferences. For example, choosing which activities are connected to their account, purging information when possible and configuring settings that align with personal preferences or comfort levels. By retaining control of their data, consumers will feel more secure and comfortable when sharing personal information.
  • Education: Ensure your personnel can recognize what personal data is and the obligations they have when accessing or otherwise processing personal data. Likewise, help consumers become educated about the data you collect and process and how to exercise their rights around that data.

The strongest data privacy programs are founded on transparency, choice and control, and this should be companies’ focus this Data Privacy Week. Making this a priority keeps data secure, builds trust with customers and drives business outcomes.”


Rebecca Herold, IEEE

Practical steps consumers can take to protect their data

“When purchasing a product that includes digital capabilities:

  • Check to ensure the product you are considering has capabilities to determine, and provide you with choices for, where your data is stored, how is it shared, and the ways in which is it processed. If you don’t like the answers (e.g., your data is sent to marketers…often referenced as “trusted partners” in the privacy notice…or it is being used to train AI, etc.) then find out or ask the manufacturer or seller how you can opt-out of the actions that you do not want your data used for. If the manufacturer and/or vendor supporting the product indicates you do not have any choices or ways to do this, then don’t get the product. This is a red flag that your data is probably being used for many purposes, and shared with far more entities than you would ever want it to be shared. The more personal data is shared and used, the greater the risk that your data will be breached and compromised in other ways. And once you hand over your data to others, you’ve completely given up any control for how that data is being secured, shared, or used.
  • Check to see if the product has the strongest security and privacy protections enabled by default. It is common for digital products to market on their packaging and in ads that they have many different types of personal data protections. However, they often do not have them enabled. This results is consumers being misled, and just assuming that the products are secure out of the box. If they do not have these protections enables by default, then either don’t purchase the product, or if you really want it, make sure you know how what are the products privacy and security capabilities are, and enable them before you start using the product.

When using a computing device, or any type of digital-enabled product of any type:

  • Make sure you are using strong passwords/PINs/pass phrases/etc., and multi-factor authentication to access your data, such as on your device, in the portal where it is stored, accessed, etc.
  • Make sure the data is strongly secured when being collected, transmitted and stored. This would include being strongly encrypted, and using security tools to protect the data in transit. Never use unsecured public networks. If you use a VPN that helps quite a bit, but VPNs still have vulnerable areas that can be exploited.
Stay up-to-date on the latest privacy breaches and cybersecurity scams, attacks and other problems:
  • Enable automatic security and code updates for your product, directly from the manufacturer or a vendor they vouch for. New vulnerabilities are discovered almost every day in technologies, so applying those patches as soon as they are available will help to protect your data.
  • Never use public USB chargers without using a juice jack blocker type of device (they are very inexpensive), check for skimmers at gas pump payment panels, ATMs, etc., by seeing of any part of the device is loose or wiggles, or you see something odd, like a device pointing toward where payment cards go; someone may have installed a video to capture your card number and PIN. Don’t swipe or insert your payment card if you run across such situations.
  • Watch out for scams to take your data that have been around for decades.
  • Monitor the news for newly discovered privacy breaches, network and data attacks, why and how they occurred, and how to protect against them going forward.
The role of tools and technologies in enhancing data privacy

There are many different types of tools that can enhance data privacy that are very effective. They are also needed, because you can’t have privacy without the use of security technologies (along with physical and opterational/administrative protections) to support protecting privacy by protecting the access to, confidentiality, availability, and integrity of personal data, which is vital for ensuring privacy protections. It is very important to keep in mind, though, that these tools and technologies are not perfect. In fact, some are quite flawed.

For example, no AI tool used to support privacy and security are 100 percent accurate or effective. They are, at best, around 80 percent accurate and effective. Whatever types of tools and technologies are being used to enhance privacy, there still needs to be human validation of the outputs and results to ensure algorithms are not spitting out incorrect conclusions, alarms, etc.

Common misconceptions surrounding data privacy and tips to address them

There are many misconceptions about data privacy. One that I have heard throughout my entire career is that if there are no laws, regulations, or other legal requirements against using, collecting, selling, etc., personal data, then that means there are no associated privacy concerns or risks, and that it is okay to do so, often with impunity. This is not correct! It is also a dangerous belief for organizations to have if they are collecting and want to use personal data. Keep in mind that data protection, aka privacy, laws/etc., are generally reactionary. However, the misuse of personal data can have devastating consequences on the associated individuals.”


Kayne McGladrey, IEEE

Practical steps consumers can take to protect their data

“To protect their personal data, consumers can take several practical steps to remove their information from data broker websites and opt-out of marketing. First, they should identify where their data is held by searching major data broker sites, public records, and credit reports. Once identified, consumers can use the “Opt Out” or “Remove My Data” links provided on these websites to submit removal requests, ensuring they confirm their identity and track the progress.

Additionally, they should familiarize themselves with regulations like the California Consumer Privacy Act (CCPA), which allows them to request the deletion of their personal data and opt-out of its sale. Consumers can also use online tools and services designed to automate the opt-out process from marketing lists and data brokers.

The role of tools and technologies in enhancing data privacy

Tools like online services that automate opting out of marketing and removing consumer data from data broker websites play a crucial role in enhancing data privacy by streamlining managing personal information. These services automatically handle the often needlessly complex and time-consuming task of submitting removal requests to multiple data brokers, ensuring that consumers’ data is deleted or withheld from sale, reducing the risk of unauthorized access and misuse.

Additionally, browser extensions and apps that block trackers and enhance privacy further improve data protection by preventing the collection of browsing habits and personal information by third-party advertisers and websites. These tools work by blocking cookies, scripts, and other tracking technologies, limiting the amount of data that can be collected without the user’s consent.

Common misconceptions surrounding data privacy and tips to address them

Many consumers mistakenly believe that using a VPN magically provides complete anonymity and protection from all online threats. While VPNs encrypt internet traffic and mask IP addresses, they do not make users completely anonymous, especially when logging into social media and other websites that inherently track user activity through cookies and account logins.

VPNs primarily secure data in transit but do not protect against malware, phishing, or data breaches on the websites themselves. To improve data privacy, consumers should use privacy-focused browsers and extensions that block trackers, regularly clear their cookies and cache, and be cautious about the personal information shared on social media.”


Houbing Herbert Song, IEEE

Practical steps consumers can take to protect their data

“To protect data, best practices for consumers include multi-factor authentication, de-identification, and anonymization, among others.

The role of tools and technologies in enhancing data privacy

To enhance data privacy, tools and technologies are important but they alone are not enough. Data privacy is socio-technical in nature. Both technical and social factors impact data privacy.

Common misconceptions surrounding data privacy and tips to address them

One common misconception is that only sensitive data needs privacy protection. In fact cybercriminals are able to mine sensitive data from data seemingly insensitive. We should be cautious about data sharing. Another common misconception is that incognito mode makes us completely anonymous. In fact cybercriminals are able to steal users’ browsing history from internet service providers or websites visited. We have better use privacy-preserving search engines and browsers.”


Carl D’Halluin, Datadobi

“The number one data privacy best practice is simple: ensure the right data is in the right place at the right time. Throughout its lifecycle, data should be protected and only accessible as needed. While this is easier said than done, it’s imperative to implement the right strategies and technologies. Data is an organization’s most valuable asset and its greatest potential risk.

“Balancing these aspects is key. Effective data management optimizes business intelligence, enables smarter decision-making, and provides a competitive edge. It also ensures compliance with internal governance, legal mandates, external regulations, and financial goals.”


Joel Burleson-Davis, Imprivata

“In recent years, cyberattacks targeting critical US sectors, especially healthcare, have become more sophisticated and impactful. For instance, attacks on organizations like Change Healthcare and Ascension disrupted care delivery and cost millions. With these threats likely to persist, healthcare organizations must prepare. As mobile technology becomes central to healthcare, organizations must consider the impact on both data security and privacy

Mobile devices deliver significant benefits, such as better patient care and reduced staff burnout, but they also introduce new risks, particularly related to the loss or theft of devices. In healthcare, where each device can be an entry point to sensitive data, the consequences of a lost or stolen device are severe. Beyond just securing the devices, organizations need to implement stringent device management plans that include tracking, monitoring, and proper disposal of PHI when a device is not in active use. This ensures that devices are not only secure but also free of sensitive data when not in use, reducing privacy risks. Effective device management and access controls are critical to safeguarding PHI, improving visibility and control over devices, and ultimately enhancing both care quality and operational efficiency.”


Tina D’Agostin, Alcatraz AI

“This Data Privacy Day, we are seeing a significant focus on protecting Personally Identifiable Information (PII) as companies address the growing risks of data breaches. Many organizations are adopting privacy-preserving security measures, such as advanced access control systems, to prevent unauthorized access and ensure compliance with data protection standards.

This also aligns with safeguarding data and keeping it private, becoming mission critical within the priorities for the security industry, as business executives look to reevaluate and upgrade their security protocols to mitigate potential risks.

Industry research shows that 10 percent of data breaches are caused by physical security compromises and that the average cost of a data breach from a physical security penetration is nearly $5 million.

Augmenting cybersecurity with physical security and access control solutions is vital to ensure users’ PII is not being compromised. In turn, this will both save the enterprise from the hassle of a security breach, and keep user data protected from the perimeter to within the data center itself.

Companies–especially data centers–looking to have comprehensive data security posture should look to access control solutions purpose built for preserving privacy.

Businesses must move beyond outdated access control models and embrace a future where security is user-friendly and privacy-centric.”


Srujan Akula, The Modern Data Company

“Data privacy and governance have evolved from compliance checkboxes to AI fundamentals. The current challenge with data governance is fragmentation—privacy rules and protections often vanish during handoffs, especially with AI systems. Security platforms protect stored data but stop there, access controls only work within specific systems, and activation layers operate in isolation. These disconnected pieces can create major gaps when data moves between systems.

This fragmentation creates real problems for AI initiatives. Data scientists may train models using datasets without fully considering their privacy compliance or usage rights. Access levels become murky: what AI insights should an entry-level employee get vs a senior executive? Conversational interfaces need to handle these nuances while staying GDPR and CCPA compliant.

Treating data as a product changes this dynamic. By embedding privacy controls and governance from the start, you maintain visibility of lineage, permissions, and usage rights throughout the data’s journey. This context flows naturally into AI and analytics applications, ensuring compliance at every step–smart data that knows its own rules and boundaries, versus data that loses its identity every time it moves.

A data product approach accelerates AI innovation while maintaining trust. When context and governance are built in from the start, you unlock your data’s potential for AI without compromising privacy.”


Nick Mistry, Lineaje

“On Data Privacy Day, we are reminded that the integrity of our data depends on the strength and transparency of our software supply chains. With an increasing reliance on open-source components, especially for AI models and other critical systems, the risk of supply chain attacks continues to grow. Malicious or compromised code hidden within software dependencies can have far-reaching consequences, affecting not just the organizations that create them, but also the users and industries that depend on them. Alarmingly, 95 percent of all vulnerabilities come from open-source, and approximately 50 percent of open-source components are not maintained, leaving systems vulnerable to exploitation and creating significant risks to both security and privacy.

Organizations must prioritize monitoring and securing their software supply chains to mitigate risks effectively. Key strategies include:

  • Understanding what’s in your software including all dependencies and transitive dependencies.
  • Identifying vulnerabilities in open-source components, including those used in AI applications.
  • Implementing continuous monitoring of the software supply chain to proactively detect threats.
  • Detecting tampering and ensuring software integrity by verifying that all components remain unaltered and trustworthy throughout the supply chain.
  • Analyzing the origin and history of open-source dependencies to evaluate potential risks tied to their lineage and provenance.

Additionally, maintaining a comprehensive and up-to-date Software Bill of Materials (SBOM) is critical. A detailed SBOM provides full visibility into all components within the software, empowering organizations to verify software integrity and respond quickly in the event of a vulnerability or breach. By enabling swift identification and remediation of compromised or tampered components, organizations can minimize disruption and safeguard their systems effectively.

On Data Privacy Day and beyond, let’s commit to strengthening our security practices and building more resilient systems. A secure software supply chain is not just about protecting data, it is about safeguarding the integrity and trust of the digital world.”


Sascha Giese, SolarWinds

“‘I have nothing to hide,’ they say, and accept all kinds of intrusion into their digital life and beyond. Guess what? Even if there’s nothing to hide, privacy is a right we fought hard for, should insist on, and defend when required. No one needs to become paranoid, but we should pay attention to what information we provide voluntarily and if it’s really necessary to provide all the intel that some web portals ask for. Surely, you have heard ‘data is the new gold,’ too, so think of spending your personal information the same way you spend your money.”


Freddy Kuo, Luminys

“Data Privacy Day serves as an essential reminder of the importance of protecting both personal and organizational data. As we look toward 2025, AI’s impact on data privacy and security will continue to grow, transforming how we analyze data, detect threats, and safeguard information. Innovations like Video Surveillance as a Service (VSaaS) are leading the way, setting new standards for security and efficiency.

In the video security sector, AI-powered VSaaS solutions are driving transformative advancements. With self-learning capabilities and AI-integrated image signal processing (AI-ISP), these technologies adapt to evolving environments, providing businesses with more effective and efficient threat detection.

By embracing privacy-by-design principles and embedding them into every layer of product development, organizations can establish a stronger security posture. A resilient framework that prioritizes simplicity, control, and a commitment to safety empowers users to protect their data while fostering trust and confidence.

This Data Privacy Day, let us reaffirm our dedication to leveraging AI-driven advancements to safeguard data and privacy with greater precision, efficiency, and impact.”


Ratan Tipirneni, Tigera

“Data Privacy Awareness Week serves as a reminder that having robust Kubernetes security is paramount, especially as organizations increasingly deploy GenAI applications with Kubernetes. Building and deploying GenAI applications creates security risks when it comes to data privacy, integrity, and security. Built using sensitive data sources from inside an enterprise, once an organization deploys such applications, their attack surface increases greatly.

Let this Data Privacy Week be a wake-up call to organizations deploying GenAI applications on Kubernetes to make security a priority. To achieve comprehensive security for GenAI applications deployed on Kubernetes, organizations should prioritize: implementing network security access controls, adopting vulnerability management practices to proactively identify and address vulnerabilities, preventing and addressing misconfigurations, and maintaining observability.”


Sean Costigan, Red Sift

“Spectacular cyberattacks have shown that poor information security represents a critical vulnerability, harming reputations of people, governments, and businesses, and pushing many entities into insolvency. Among the most attractive targets for cybercriminals today is healthcare data, comprising one of the most sensitive, rich and interconnected sectors.

While enforcement of HIPAA has steadily risen, penalties for poor information security around PHI do not yet match impacts. In a long overdue shift, HIPAA regulations – which date from 1996 – have been proposed to expand to include more robust cybersecurity. As such, the proposed rules will aim to treat a variety of risks to PHI and healthcare operations through the adoption of controls such as enforcing MFA, encryption of data, and good cyber hygiene, among others. Recent research shows that an astonishing 80 percent of cyber-attacks against hospitals were identity based, social-engineering attacks. For cybercriminals seeking PHI and payouts, clearly phishing is their killer app.

While there is no national, federal, or comprehensive data privacy law in the US currently, the scope of the problem should be treated as a national crisis. As such, waiting for one regulation to rule them all isn’t a winning strategy: the financial impact, reputational harm and operational disruptions caused by recent privacy breaches should be sufficient to encourage organizations to adopt reasonable, proactive cybersecurity measures to protect us all.”


Paul Underwood, Neovera

“In today’s heightened cybersecurity landscape, threat actors are on the hunt for the most vulnerable, yet lucrative asset in organizations. Data – made up of customer information, financial records, and intellectual property – is an invaluable asset that has become the lifeblood of any organization and requires robust protection.

As data becomes increasingly targeted, one key concern has often been ignored: protecting your consumer’s data. The cost of a data breach and privacy violation is continuing to grow. The cost to remediate these compromises is also growing at an exponential rate. It is critical for organizations to focus on protecting the data they have been entrusted with and ensure customers know it’s a priority.

Although there is no “one-size-fits-all” approach to security, organizations can develop simple strategies to safeguard data. Start by encrypting your data and requiring two-factor authentication, not on just your customers but ALL your employees. No exceptions! The exception will cause your data breach. It’s critical to perform penetration testing on your applications as well as your networks. Most compromises happen through applications and not accidental exposure of a network service nowadays. Make sure to monitor your data for exfiltration. And, of course, investing in a good vulnerability management program to patch your systems is key for remediation.”


Ram Mohan, Identity Digital

“Protecting sensitive information online begins with robust domain security. Domains, as the primary entry points to the internet, are constantly under attack from phishing and impersonation attempts designed to exploit vulnerabilities and undermine trust. A proactive approach is therefore paramount. Proactive measures like those outlined in ICANN’s Security Framework and other collaborative initiatives are essential to defend against these threats. By deploying advanced tools that block risky lookalike domains, we can neutralize malicious activity before it impacts businesses and individuals.

The digital economy’s rapid expansion intensifies the critical need for scalable, reliable, and secure domain infrastructures. Failure to address this need leaves us vulnerable to escalating cybersecurity risks. The migration of crucial domains like .ai to modernized platforms is a vital step in building the necessary resilience. This Data Privacy Week is a stark reminder: inaction is not an option. Let’s commit to building a safer, more trusted internet—before the consequences of inaction become irreversible.”


Shiva Nathan, Onymos

“The majority of technology leaders (84 percent) report they depend on low-code/no-code capabilities provided by SaaS solutions to achieve their application development goals. These solutions absolutely benefit enterprises, but they also introduce a critical issue: ensuring data privacy.

When enterprises work with almost any SaaS vendor, they are required to share their data in exchange for accessing their solutions. This practice enables those SaaS vendors to leverage that data for their own benefit. This has become standard practice. What is often overlooked is that this exposes SaaS customers — and, in turn, their own customers — to significant risks. We are entrusting our data to black boxes. These are honeypots for bad actors. Just look at what happened with Change Healthcare earlier this year, the largest healthcare data breach ever.

As we recognize Data Privacy Week and Data Privacy Day this year, we in the technology industry must take a serious look at our data privacy and security practices. Our current practices are no longer acceptable. We must find a way to preserve the integrity of our data and that of our customers while still enabling all of us to innovate quickly. One way we can do that is by employing no-data architecture principles, where SaaS companies build products that don’t capture or store their customers’ data.”


Karl Bagci, Exclaimer  

“As Data Privacy Day approaches, it’s a timely reminder that security must be an intrinsic part of any technology strategy, not an afterthought. The rise of ‘Bring Your Own AI’ models and interconnected tech ecosystems has introduced incredible efficiencies but also heightened security risks.
Protecting data now requires a shared responsibility model where companies work closely with their vendors to ensure rigorous encryption, real-time monitoring, and strict access controls.
The stakes couldn’t be higher: reputational damage from a single breach can ripple through an entire ecosystem, undermining customer trust and financial stability.
To meet these challenges, organizations must embrace security as a foundational principle, embedding it into every stage of development. This proactive approach not only mitigates risks but also sets a new standard for customer trust and operational resilience.”

Candice Frost, Nightwing

“In 2025, protecting data from the digital footprints left on the floor of the internet landscape remains a challenge, especially as we witness significant changes worldwide in data protection laws and AI regulation.

That said, while complete data protection may not be possible, there are steps businesses can take to proactively plan and create an established defense. First, evaluate what is exposed and where the location of risks to information is. The knowledge of what is at stake and where risks exist helps to mitigate vulnerabilities. Second, guard data through services that offer traffic monitoring, protection specific to the application or work at hand, and the ability to reach back to a response team that fortifies data. Third, create a response strategy. Thinking through the identification, mitigation, and recovery coordinates in advance is the best path to move forward from possible data loss. Fourth, share the game plan with trusted partners to assist in garnering the confidence of others in the handling of data. Lastly, learn from any data loss event to increase privacy in the future.

By collecting only essential data and designing with privacy in mind at every stage of development, all stakeholders will be able to better protect their own data. Implications of customer-centric privacy policies are a significant differentiator in a crowded marketplace. Embracing the challenges of compliance provides a competitive advantage to those businesses demonstrating privacy as a bedrock of their business strategy.”


Chris Montgomery, Commvault

“Each Data Privacy Week, the core theme remains the same: cyberattacks are not only increasing in volume but are also becoming more sophisticated. In fact, the average organization saw approximately eight cyber incidents in 2024. Since attacks are clearly inevitable, it is no longer enough to only invest in solutions that proactively ward off these threats. All enterprises must invest in cyber resilient solutions that prioritize recovery, so business operations can resume quickly following an attack, with limited downtime, financial burdens, reputational damage or worse.

This supports the ultimate business goal of becoming a minimum viable company or having the ability to maintain essential operations and services even in the event of a breach. Cyber criminals have gotten smarter about finding ways to break into traditional backups, often making them unusable, so this is a critical piece of the puzzle.

This is only part of the equation. Each organization needs several layers of defenses to maintain resilience against today’s complex cyber threats. By starting with solutions that arm businesses with an active defense against intrusions to recover rapidly and accurately when an attack does happen, you’re set up for success.”


Lamont Orange, Cyera

Protecting consumer data is no longer just a best practice—it’s a business imperative. With increasing data collection and new regulations on the horizon, organizations must move beyond traditional methods like encryption and audits. While these are critical, businesses face heightened risks from third-party vulnerabilities and supply chain threats that expose sensitive information to bad actors.

In light of evolving laws and a growing emphasis on consumer privacy rights, companies must adopt a proactive, privacy-by-design approach—ensuring robust vendor oversight, continuous risk assessments, and a culture of accountability. The organizations that treat data privacy as an ongoing commitment will not only stay ahead of new regulations but also build lasting trust with customers. The future of business depends on secure data.”


Idan Plotnik, Apiiro

AI has taken the world by storm, and with it, data holds immense value as the organizational currency. AI has transformed not only how we interact with each other, but also how organizations develop software and build applications, inadvertently creating new challenges around data privacy. As AI accelerates the velocity of coding and design, organizations increasingly become the culprits of new AI-driven risks. To build trust and ensure security, organizations must prioritize a baseline of data privacy from the start. The solution lies in embedding privacy and security measures early in the development process, preventing potential issues before they take root.”


Jim Flynn, CivicPlus

“As we observe Data Privacy Day, it’s crucial to recognize the growing cybersecurity challenges faced by local governments, as ransomware, data breaches, and phishing attacks continue to be daily concerns. Local governments, often holding sensitive resident data, are prime targets for cybercriminals seeking financial gain or causing disruption because if they are successful, they will obtain unauthorized access to sensitive resident data and have the ability to impact large groups of people. Moreover, with the rise of sophisticated malware and AI-driven attacks, criminals are able to launch more evasive and damaging attacks, meaning the security landscape becomes even more volatile.

With human error accounting for 95 percent of breaches, it is essential that both local governments and their residents take steps to safeguard their data. For local governments, regular staff training on secure data handling practices is vital, as is investing in robust cybersecurity measures and comprehensive incident response plans. Additionally, residents need to be educated on best practices to protect their data and avoid human error, so local governments need to share this information as well as work with technology providers to mitigate the risk of attacks.  As cyber threats evolve, fostering a culture of cybersecurity awareness and investing in advanced security tools will be key to safeguarding government data and maintaining public trust.”


Brett Wujek, SAS

Expect synthetic data to become more mainstream this year. Organizations need data to feed AI. However, very often organizations are restricted from using the data for AI development because of privacy issues. With synthetic data generation techniques, privacy concerns can be avoided by generating highly representative data that cannot be traced back to the real data. Moreover, synthetic data can be used to attain balance among all represented groups, which is critical to ensuring AI models are fair and unbiased.”

Share This

Related Posts