Data Privacy Week is about spreading awareness around online privacy and taking charge of your data. Below is a collection of companies in the tech industry that have shared their data privacy insights and advice with you. We hope you enjoy the read and find it interesting and enlightening as you navigate securing your data.
Combating Document Data Privacy With AI
Document data privacy is becoming an increasingly critical issue, particularly in highly regulated industries such as finance, healthcare, legal and government, where the proper handling of sensitive information is paramount. Emerging AI technologies are transforming how we manage sensitive data in documents. AI-driven tools, leveraging natural language processing (NLP) and large language models (LLMs), can enable efficient redaction and anonymization of sensitive information such as personally identifiable information (PII), financial data, and healthcare records within documents. These tools automate the redaction process, minimizing human error and speeding up document preparation for secure sharing or archiving, while ensuring compliance with regulations like GDPR, HIPAA, and CCPA.
Beyond redaction, AI can support pseudonymization, generalization, and data masking, converting sensitive data into formats that maintain utility while protecting privacy. Continuous improvements in LLMs allow these systems to adapt to emerging patterns and threats, ensuring data integrity and privacy. By harnessing AI, organizations can manage their document data securely and responsibly. – Greg Ives, Director of Product Marketing at Nutrient
Maintain Data Protection Year-round
Data Privacy Day serves as an important reminder for organizations of all sizes to maintain their data protection standards year-round. As more organizations are expanding their IT strategy to include edge infrastructure, there are more risks to customer data privacy and strategies organizations must implement to ensure protection of their business-critical data at the edge.
First, CIOs must institute a comprehensive security framework that addresses as many vulnerabilities as possible while staying within budget. Second, businesses need to put in place strong data encryption policies so that if any bad actors make it through the security protections, the data they retrieve will still be unusable – and customer privacy will be maintained. – Bruce Kornfeld, Chief Product Officer, StorMagic
Using Zero-knowledge Encryption for Cyber Threats
Global cyber threats are growing more prevalent and sophisticated every day. As we prepare to mark Data Privacy Day, there’s no better time to reflect on the pivotal role of zero-knowledge encryption in protecting your business against cyber threats.
Zero-knowledge encryption is as secure as it gets. It ensures that only the user has access to their data – period. With true zero-knowledge encryption, your information is encrypted and decrypted directly on your device, meaning the service provider doesn’t hold the keys, even for recovery or troubleshooting. This level of control goes beyond what traditional security tools, or even “almost” zero-knowledge solutions, can offer. “Almost” solutions still leave potential vulnerabilities, with access points or backdoors that undermine your security. With zero-knowledge, there are no loopholes – just absolute confidentiality.
As businesses, we hold a responsibility to protect client data, intellectual property and everything in between. Zero-knowledge encryption plays a pivotal role in fulfilling that duty. When your data is protected at every stage – whether in storage, transit or in use – you’re reducing the risk of exposure from every angle. True zero-knowledge encryption is a crucial step for businesses in building a comprehensive security strategy. As cyber threats grow in frequency and complexity, taking decisive action to protect your data is essential to staying ahead of bad actors. – Darren Guccione, CEO and Co-Founder at Keeper Security
Supply Chain Attacks on The Rise
Scattered Data Complicates Security
The Role of Self-Awareness in Safeguarding Data
On Data Privacy Day every year, you’ll often hear cybersecurity experts shouting from the rooftops about the importance of modernizing your security stack, best password practices and the role securing APIs play in maintaining compliance. While all these points need to be repeated regularly for novice and seasoned IT and security professionals, I want to emphasize the role that self-awareness plays in safeguarding data.
Sensitive data isn’t just leaked on Dark Web forums, but more often than not, it is spilled at local coffee shops, restaurants, airport lounges, and other public spaces. Even individuals with the best password practices, password managers on their phones, and multi-factor authentication can often share personal identifiable information, trade secrets, or sensitive corporate details while in public. Sometimes, adversaries don’t have to find a way to penetrate a network using advanced threat tactics: all they have to do is turn off their headphones and listen.
In honor of this day, I want to reiterate the importance of common sense in strengthening security posture. Don’t just follow best cybersecurity practices on your network, always be aware of your surroundings when you’re holding meetings, whether virtually or in-person, in public places, keep your headphones volume down, or consider meeting somewhere privately. Even the strictest of compliance laws and advanced security platforms will fail if we don’t use good judgment when discussing sensitive information. – Richard Bird, Chief Security Officer, Traceable AI
Safeguarding Sensitive Information in A Connected World
Data Privacy Week serves as an important reminder of the need to protect sensitive information in our connected world. As businesses rely more on data for innovation and enhanced customer interactions, safeguarding this vital resource becomes essential. This effort involves not just following data privacy laws but also putting effective security protocols in place to prevent unauthorized access and data breaches.
API security is closely tied to data privacy. APIs, which facilitate data transfer in modern applications, are key to ensuring that sensitive data is managed securely and ethically. Organizations should embrace a thorough strategy for API security, which includes API discovery, posture governance, and runtime threat protection, to reduce the chances of data breaches and uphold privacy compliance. By focusing on API security, companies can show their dedication to data privacy and foster trust with customers and partners. – Eric Schwake, Director of Cybersecurity Strategy, Salt Security
IT Skills Gap in Security
Detect Cyber Threats Early
Data Privacy Day is an annual reminder of the importance of protecting personal information and maintaining best data protection practices. To maintain a robust posture, it’s imperative that organizations detect cyber threats as early as possible. One way to help achieve this is by minimizing the excess noisy alerts within their security operations.
Traditional data analysis and alert handling methods are insufficient, leaving SOC teams spread thin. Alert fatigue leads to overlooked threats, breaches, and compromised data due to the overwhelming amount of false positive alerts and other information that SOC teams must trudge through. Embracing contextual awareness is essential to combating this issue. By prioritizing meaningful data and reducing noise, organizations can accelerate their security readiness, ensuring better protection for their sensitive information. At the end of the day, there is no durable concept of data privacy without effective operational security. – Keith Palumbo, Co-founder and CEO at Auguria
The Recipe to Your IT Team’s Security Success
- Implement security measures that work consistently across all platforms while addressing browser-specific vulnerabilities
- Develop monitoring strategies that encompass both platform-level and browser-level security
- Deploy solutions that can adapt to changing platform landscapes while maintaining robust browser security
Taking a Proactive Approach
As we observe Data Privacy Day, it’s important to recognize that valuable data is at risk. Data privacy is a significant criteria in how organizations buy software, and buyers should expect their vendors to be more proactive in how they manage data privacy considerations, as opposed to reactive.
Currently, traditional risk management often reacts to breaches rather than preventing them, and its methods are becoming outdated. The need for security measures that not only assess risk but also identify vulnerabilities before they are exposed is critical. Companies should honor data privacy, advocate for stronger protections in their software and from their external partners, and stay informed about evolving technology. With constant technology updates, data becomes more at risk, therefore strategic and proactive operations are crucial to ensuring a risk-free environment. – Joe Silva, CEO at Spektion
Post-quantum Cryptography
This year, Data Privacy Week falls on the heels of Biden’s Executive Order on cybersecurity, reminding us that post quantum cryptography (PQC) and data privacy should remain at the forefront of every organization’s list of priorities.
With recent supply chain attacks targeting trusted vendors and their government customers (see the US Treasury-Beyond trust breach), the integrity of our software supply-chain has once again been thrust into focus. This latest Executive Order will help to establish a common standard for submitting machine readable software attestations, support artifacts like software and cryptographic bill of materials, and ultimately, secure more data.
The order calls for a concerted effort to expand awareness around PQC-ready products by providing a list of product categories that support PQC. Subsequently, agencies will be required to include a requirement for products that support PQC preparedness and adoption in future solicitations. Lastly, agencies will be required to start adopting new PQC standards after identifying network security products and services that are actively employed within their systems. There will also be direct outreach from the U.S. government to its allies and partners to encourage similar action within their technology environments.
This does not only apply to government agencies. Private organizations that still have not completed their inventory and mapping of cryptographic dependencies must also do so quickly. This is important to understand which new standard will work best for their various assets and his inventory is critical to creating detailed migration plans that prioritize the most sensitive and critical assets, ensuring they are first in line for upgrades to PQC standards.
Data Privacy Week reminds us that government agencies and private organizations alike should not stay complacent. The “steal now, decrypt later” approach by adversaries remains true and quantum computing-based attacks will become a reality. Let this be yet another wake-up call to prepare your organization and conduct cryptographic inventory before it’s too late. – Philip George, Executive Technical Strategist at Infosec Global Federal
Limit The Blast Radius With Up-to-date Solutions
Organizations in the United States are relying on outdated data privacy laws that don’t account for modern technology and cyber threats. Rather than following the spirit of what regulatory guidance there is, many choose to continue relying on similarly outdated data protection methods and are missing the mark on both compliance and consumer trust.
Service sectors such as finance, healthcare, cellular and internet service providers hold a plethora of users’ personal identifiable information (PII) requiring more stringent methods of securing data beyond the thin layer of single-answer password resets, authentication, or account creation. When PII is compromised, it opens a door for individuals, their friends and family to fall victim to scams, frauds and identity theft.
Organizations that want to continue having consumer trust, and their data that comes with it, must invest in up-to-date solutions that protect data at its core and render it useless if a breach occurs. Encryption, tokenization, data masking and anonymization all culminate in keeping your sensitive data out of the hands of bad actors.
Data Privacy Day needs to be a wake-up call for organizations that data security and protection isn’t an afterthought – they must strengthen their security posture and limit the blast radius data breaches have on both their internal networks and their users. – Clyde Williamson, Senior Product Security Architect at Protegrity
Security Trends and Recommendations
In a world of sophisticated cyber threats and rigorous regulations like GDPR and CCPA, it is important to highlight data privacy and the protection of sensitive information. As today’s trends lean toward remote work practices, cloud adoption and widespread webservice offers, we as users have the desire for transparency about data generation, storage, and its usage. On the other hand, businesses offering those services should feel the pressure to implement robust protection of this information. Therefore, Data Privacy Week is not something that happens once a year and is over and forgotten about after five days, but should rather give us a starting point, a kickoff, to see what has happened in the past, what we can expect in the future and how we should act in order to avoid the bad and embrace the good in the field of data privacy.
Main security trends we see in the industry are:
- Adaptation of Zero Trust Architecture, where organizations are following the “never trust, always verify” approach to protect data access.
- Focus on Open-Source Security to secure the usage of OSS dependencies and comply with their licensing obligations.
- Usage of Privacy-Enhancing Technologies (PETs) where organizations are using tools to mask, encrypt, and anonymize data to minimize risks without compromising usability.
- Proactive Testing Across the SDLC to embed security and privacy checks into every stage of software development lifecycle to ensure compliance and minimize the likelihood of exploitable vulnerabilities.
Businesses have constant pressure to enhance their data privacy therefore it would be recommended that they conduct regular data audits to map out what data they collect, why, and where it’s stored, ensuring that unnecessary data is not retained. Another important topic is privacy awareness. Secure handling of data and recognizing threats is a must in employee training. As supporting mechanisms, businesses should consider automating their compliance violations and implement runtime protections, for example, Runtime Application Self-Protection (RASP) tools that can detect and mitigate attacks in real time.
When it comes to software development, businesses must also think about robust AppSec practices. Here the implementation of technologies like Static Application Security Testing (SAST) and Software Composition Analysis (SCA) is a must. SAST tools will help discover and mitigate vulnerabilities in your own code where SCA tools will help organizations to identify used open source in their development and mitigate its vulnerabilities and license compliance risks. Additionally, Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) help organizations uncover vulnerabilities in code, configurations, and dangerous application behavior. Fuzzing techniques that simulate attacks can further help to uncover hidden flaws that traditional testing technologies may miss.
Organizations can adopt a holistic approach to data privacy and application security by integrating AppSec tools into their CI/CD pipelines and their Dev(Sec)Ops workflows. – Boris Cipot, Senior Security Engineer at Black Duck
Managing Personal Information Responsiblity With Evolving Privacy Regulations
On this Data Privacy Day, I want to spotlight a critical challenge faced by service providers in the mass transit sector: managing personal information responsibly in an era of rapidly evolving privacy regulations. Emerging laws like the California Privacy Rights Act and General Data Protection Regulation are setting a higher bar for responsible data stewardship. These regulations emphasize principles like data minimization, limitations on usage for specific disclosed purposes, and user consent—mandating not just compliance, but a culture of privacy. For service providers and agencies collecting personal data for mass transit fare collection, this shift is monumental.
Service providers act as intermediaries between transit agencies and the public, handling sensitive data like names, payment details, and travel patterns. While this data is critical to operational efficiency, it is also a potential target for misuse, fraud or criminal mischief. Moreover, transit agencies are increasingly holding their vendors accountable for meeting privacy and security standards to protect public trust.
Therefore, I urge service providers in the transit space to move beyond compliance and embrace a privacy-first mindset. It’s not just about adhering to regulations—it’s about earning the trust of agencies and the public we serve. After all, privacy isn’t just a legal obligation; it’s a fundamental aspect of ethical business. Together, let’s ensure that as the world moves forward with smart cities and digital transit, privacy is at the heart of every step. – Konrad Fellmann, Chief Information Security Officer at Cubic Corporation
Multiple Avenues For Phishing
Data Privacy Week reminds us that phishing attacks designed to steal personal information or credentials are no longer just an email problem. Attackers are finding new ways to compromise our data through QR codes, AI voice scams, and multi-channel attacks. We’re seeing a dramatic rise in QR code scams since late 2023, particularly targeting business leaders, while AI voice scams are increasingly targeting those over the age of 60. The most concerning trend in early 2025 is how sophisticated these attacks have become, with criminals using multiple channels simultaneously – as seen in recent cases where fraudsters combined email bombing with chat and voice phishing.
The key message for Data Privacy Week is simple: we need to expand our understanding of phishing, specifically how your data privacy can be compromised beyond just email-based attacks. Whether it’s scanning QR codes, answering phone calls, or responding to messages on various platforms, every form of digital communication needs the same level of scrutiny we’ve learned to apply to our emails. Staying informed about these emerging threats is our best defense in protecting our personal information. – Stephen Kowski, Field CTO at SlashNext Email+ Security
Regular Updates and Security Support is Necessary to Keep Up With Today’s Threats
Without regular updates and support, your data and projects may be at risk, potentially compromising sensitive information and disrupting workflows. Upgrading to a more advanced platform with robust security features and seamless integration with modern development tools is crucial to maintaining a competitive edge and protecting your business in today’s rapidly evolving digital landscape. – Justin Holtzinger, CRO DevOps at Cirata
Considerations for Businesses that Want to Be Trustworthy and Resilient
Data Privacy Week is not just a week of awareness; it’s a call to action. It’s an opportunity for us as business leaders to demonstrate our commitment to data security and build a more trustworthy and resilient digital future.
Key Considerations:
- Go Beyond Compliance: While compliance is essential, it’s not enough. We must continuously evaluate and adapt our security measures to address the ever-evolving threat landscape.
- Bolster your Backups: Despite common beliefs, 93% of attacks target backups, with 68% successfully destroying critical data. It’s crucial to invest in a resilient, continuously hardened backup solution that can scale with your growth before it’s too late.
- Enhance Recovery and Resilience: Develop and implement a realistic recovery strategy to ensure quick restoration of operations and data integrity after an attack. Focus on building resilience to withstand and recover from disruptions effectively.
- Invest in Cybersecurity Talent: Cultivate a strong security culture within your organizations and attract and retain top cybersecurity talent.
By prioritizing data privacy and security, we can build a more secure and trustworthy digital future for our customers, our employees, and our businesses. – Brandon Williams, Chief Technology Officer at Fenix24
Robust Kubernetes Security is Paramount
Data Privacy Awareness Week serves as a reminder that having robust Kubernetes security is paramount, especially as organizations increasingly deploy GenAI applications with Kubernetes. Building and deploying GenAI applications creates security risks when it comes to data privacy, integrity, and security. Built using sensitive data sources from inside an enterprise, once an organization deploys such applications, their attack surface increases greatly.
Let this Data Privacy Week be a wake-up call to organizations deploying GenAI applications on Kubernetes to make security a priority. To achieve comprehensive security for GenAI applications deployed on Kubernetes, organizations should prioritize: implementing network security access controls, adopting vulnerability management practices to proactively identify and address vulnerabilities, preventing and addressing misconfigurations, and maintaining observability. – Ratan Tipirneni, President & CEO at Tigera
Data Protection Strategies Need Continuous Improvement
Data Privacy Week highlights the need for continuous improvement in our data protection strategies. Privacy laws across the world expect “reasonable security measures” to be implemented to ensure personal and sensitive data remains out of reach from hackers and the dark web. Over the years the industry has been investing in many tools, and yet breaches are not decreasing. It is time to think of foundational mechanisms like zero trust to ensure data protection. Dividing the digital environment into smaller, isolated micro-perimeters, each containing a specific group of resources, users, or applications, using software-defined policies or rules, limits the scope of a potential data breach. Staying breach-ready is crucial, as it not only helps in complying with data privacy regulations. – Agnidipta Sarkar, Vice President – CISO Advisory at ColorTokens
Related News:
5 VDI and DaaS Alternatives to Citrix and Omnissa
Live Internet Outage Map for Real-Time Internet Health Released
