Every year, 28 January marks Data Privacy Day, a global event dedicated to championing the importance of data protection and privacy in our increasingly digital, connected world.
Established by the Council of Europe in 2006, this day commemorates the anniversary of Convention 108, the first binding international treaty on data protection.
The purpose of the Convention was: “To secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him.”
Over the years, it has become a day about raising awareness about protecting personal data, particularly as technology continues to change the way information flows across borders.
Cybersecurity experts share their thoughts on how to protect sensitive data and strengthen privacy in a time of soaring digital threats and growing regulatory scrutiny.
Effective Data Management
For Carl D’Halluin, CTO of Datadobi, the number one data privacy best practice is ensuring the right data is in the right place at the right time. “Throughout its lifecycle, data should be protected and only accessible as needed. While this is easier said than done, it’s imperative to implement the right strategies and technologies. Data is an organization’s most valuable asset and its greatest potential risk.”
D’Halluin says balancing these aspects is crucial. “Effective data management optimizes business intelligence, enables smarter decision-making, and provides a competitive edge. It also ensures compliance with internal governance, legal mandates, external regulations, and financial goals.”
Outpacing the Development of Frameworks
Tech advancements and the AI boom, in particular, are changing the data privacy game, says Ravi Bindra, CISO at SoftwareOne. “AI has fast become a firm fixture at such a pace that merely offering AI solutions as a business is no longer a differentiator; however, using the technology responsibly certainly can be. With new regulations set to come into force, particularly the EU’s Digital Operational Resilience Act (DORA), not to mention growing public awareness of how much personal data they entrust to businesses, there’s a world of new compliance and moral obligations that all must strive to meet in equal measure.”
Bindra believes that the main challenge is that the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols for businesses to roll out. As such, a priority focus for Data Privacy Day must be on ways to balance AI investment with secure integration. “Ensuring that security protocols are baked into all processes to provide employees with clear direction on accepted AI use. This should be met with increased AI training for staff, so employees understand their key role in keeping organizational data secure.”
Taking it a step further, Binddra says hybrid cloud models can be set up to keep secondary and tertiary backups in other locations, keeping data isolated from threats within internal networks. “With so much at stake, from reputational damage to customer and financial loss, protecting sensitive data through AI and cloud investment should be business critical in 2025.”
Reinforce Potential Weak Spots
“As AI advances, protecting sensitive data is an increasingly complex task,” comments Steve Bradford, Senior Vice President EMEA at SailPoint. “Security risks associated with an explosion in machine identities are growing ever more prevalent, with 7 in 10 companies now managing more machine identities, such as software bots and robotic process automation, than human identities. Combine this with rising numbers of non-employees, such as freelancers and contractors, and the scope for identity related infiltration widens.”
Bradford says with no proper oversight as to who can access what, when, why and for how long, it makes it close to impossible to secure a business and its wider supply chain. “This challenge will only grow more complex as the volume, variety and velocity of identities continues to increase: this Data Privacy Day should prompt organizations to take action and reinforce potential weak spots that could be seen as easy access points for cybercriminals.”
Be Mindful of Information
“This is a great time for developers and product leads to remember that ‘if you don’t collect it, it can’t find its way into a breach,’ and be mindful of how much information is captured and stored that may be a liability to the business rather than an asset,” says Evan Dornbush, a former NSA cybersecurity expert.
Dornbush says for end users, in the past few months, clear-text SMS messages and call data records, some dating back as far as seven years, have been disclosed in telecom hacks. “Encrypted options for video, voice, and text exist and are now being promoted by professionals and government groups alike.”
Understand How Data is Collected, Processed
“So much of our personal information is constantly being collected, shared, and analyzed across websites, apps, devices, and services,” says Miia Hytonen, Privacy Risk and Compliance Manager at Laserfiche. “It’s more important than ever to understand how data is collected and processed, especially with the AI boom dramatically changing technology and how we do things at work and personally this year.”
Hytonen adds that individuals and entities can limit what data they allow to be collected and processed by updating privacy and security settings on mobile apps and IoT devices and browsing online according to their preferences. This will help individuals protect their personal data and better protect organizational data, too, including, of course, customer data.
It is extremely important that we all mobilize the significant privacy tools available to us in our online toolkits—through web browsers, applications, software, etc. For 2025, understanding privacy awareness is vital to understanding how information may be used in the event of data breaches and, again, with the rapid deployment and use of AI tools, Hytonen explains.
Security and Privacy Go Hand in Hand
“Data Privacy Week is a good opportunity to reflect on how security and privacy go hand-in-hand,” says Jawahar Sivasankaran, President at Cyware. “Threat intelligence is a critical part of protecting sensitive data – it helps us identify and respond to risks before they turn into tangible threats. A strong security posture is essential for safeguarding privacy, and this week underscores the need to integrate both into your strategy. Protecting data is about more than compliance; it’s about being proactive in identifying and mitigating risks to keep both privacy and security intact.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.