The Industry Speaks: Privacy Awareness Week 2025

Every piece of data that a business collects represents a risk. Instead of accumulating unnecessary information, focus on minimising data collection to only what's essential for transactions. Treat cyber security as a cultural value, not just an insurance or expensive compliance measure. By prioritising trust and proactive privacy considerations from the outset, businesses can safeguard their reputation and protect against the significant financial and reputational impacts of data breaches.

  
Adhil Badat
Managing Director APJ at Rackspace Technology

As we observe Privacy Awareness Week 2025 under the theme ‘Privacy – it’s everyone’s business,’ it’s clear that data privacy is a critical challenge faced by all businesses. Data underpins every customer interaction and business decision meaning privacy is no longer just a regulatory obligation, it is a core business value and a shared responsibility.

Privacy is not a checkbox but a critical enabler of trust, innovation, and resilience. As organisations accelerate their digital transformation journeys, they must consider privacy requirements at every layer of their technology and culture. Data privacy should not have a set and forget approach, there is a need to adopt privacy-by-design principles, conducting thorough risk assessments, and cultivating transparency and accountability across the board.

VIEW ALL

Cloud and AI technologies present immense opportunities, but they must be deployed responsibly. That includes ensuring data is secured across its lifecycle, minimising data collection, and making AI decisions explainable and fair.
Building a privacy-conscious digital environment requires collaboration between industry, government, and individuals. In doing so, we can create a future where data privacy is protected, respected, and a source of lasting competitive advantage."

Erich Kron
Security Awareness Advocate at KnowBe4

Privacy isn’t just an IT or compliance checklist anymore, it’s on all of us. Today, every single person holds the keys to keeping personal and company data safe. Privacy begins with individual responsibility because when everyone takes ownership, the entire organisation benefits.

From employees clicking links to executives approving data access, every action impacts privacy risk. Embracing this mindset means understanding how everyday choices, like managing passwords, recognising phishing attempts, or being cautious about data sharing, directly affect security. Human error remains a significant risk: in July–December 2024, 69% of data breaches reported to the Office of the Australian Information Commissioner were caused by malicious attacks, but many still resulted from human mistakes, such as sending information to the wrong recipient, unintended disclosure, or loss of paperwork or devices.

Organisations must foster a culture where privacy is ingrained in daily habits. Empowering people through ongoing security awareness training is key to managing social engineering and human risk. When everyone takes ownership, privacy protections strengthen, reducing breaches and boosting trust.

Andrew Black
Managing Director at ConnectID and
Sujeet Rana
Chief Digital Officer at NAB

For years, we accepted an implicit trade-off online: free or easy access to online services in exchange for our data or attention. Whether it was creating a social media profile or booking a hotel, convenience came first, and privacy last. The assumption was that if we wanted seamless – or free – services, we had to give up control over our information.

But the tide has turned. High-profile data breaches from international and local companies, an explosion of online scams, and major social media platforms' misuse of personal data have shaken public confidence. More Australians now understand that protecting their personal information is essential.

What's changed is not just public sentiment but the rules and systems themselves. Australia has overhauled its approach to digital safety. From the Digital ID Act to the Scam-Safe Accord, the legislative and regulatory foundations are now in place to support privacy-preserving, secure digital services.

ConnectID, part of Australian Payments Plus, is one of the organisations supporting this transformation. The digital identity solution was the first non-government identity exchange to be accredited by the Australian Government, and is backed by major banks such as NAB, with a common interest in enabling Australians to reduce their digital footprint and hand back control.

When you add government initiatives, digital identities are rapidly becoming an integral part of how we operate online, eliminating the idea that privacy needs to be compromised.

This change means a social media platform could verify whether a user is over a certain age without collecting and storing sensitive information, like date of birth. Or it could let renters confirm their eligibility to apply for properties without having to share bank statements. As a result, digital identity can significantly minimise the volume of critical personal data we need to share online.

Protecting the safety of personal information is critical in today’s digital world. Digital identity solutions like ConnectID help reduce the amount of sensitive data people need to share - minimising their exposure to issues like identity theft when things go wrong.

By giving Australians more control over their personal information, we’re not just making it easier for people to verify their identity - we’re doing so in a secure way that helps them protect their information and privacy.

Privacy doesn't have to be a compromise. With the right systems and partnerships, Australia is showing it can be the standard – by design, by default, and by example.

Dan McLean
Country Manager ANZ at Barracuda

As we recognise Privacy Awareness Week in Australia, it is vital that organisations move beyond surface-level awareness and take a genuine interest in how they handle personal information. Privacy is not simply a legal obligation; it is fundamental to building trust with customers, employees, and the broader community.

Data protection is a key component of data privacy. With the latest Notifiable Data Breaches Report from the Office of the Australian Information Commissioner (OAIC) showing a continued rise in reported incidents, it is clear that many organisations are still underprepared when it comes to keeping data safe.

The guidance provided by the OAIC and outlined in the Australian Privacy Principles includes a requirement for organisations to protect personal information from misuse, interference and loss, as well as unauthorised access, modification, or disclosure.

The OAIC data shows that 42 per cent of data breaches were due to cyber security incidents. With evolving threats targeting data, this proportion is likely to rise over time. Protecting data from loss and exposure is not optional. This week should serve as a timely reminder for all organisations to revisit their data protection policies to ensure they can protect the privacy of customers and employees. Being able to retain, access and recover data not only supports privacy obligations but also strengthens resilience in the face of cyber incidents, accidental deletion, or system failures.

Johan Fantenberg
Director of Ping Identity

This week serves as a moment to recognise the pressing need to prioritise privacy amidst the evolving digital security landscape. When most Australians (96 pre cent) have concerns about their personal data being online, and only 7 per cent have full trust in organisations that manage their identity data, it's clear that trust in the digital ecosystem is eroding.

It’s everyone’s business to take responsibility for the security of their personal information. For businesses, privacy is fundamental to building and maintaining customer trust and loyalty. Without robust measures to safeguard data, businesses risk not only reputational damage but also the erosion of customer confidence. For individuals, this applies to daily choices ranging from how much information you share online to what brands you choose to do business with.

Decentralised identity management offers a transformative solution to privacy challenges by empowering individuals with control of their data, reducing reliance on centralised repositories, and minimising the attack surface for cyber-criminals. As businesses embrace privacy-by-design principles, decentralised identity should play a pivotal role in their strategies. By committing to these principles, organisations can build lasting trust and establish themselves as leaders in the era of digital privacy.

Gabrielle Hempel
Security Operations Strategist at Exabeam

Too often, we talk about data as if it’s interchangeable - something that can be easily anonymised, deleted, or traded. But once information is out, it's out. There’s a permanence to digital exposure that we continue to underestimate. We treat personal data like a temporary asset when in reality, for many people, it’s a lifelong liability.

What unsettles me most is the misalignment between how long data can persist and how short-term most corporate strategies are. Ownership changes. Priorities shift. Regulations struggle to keep pace. And in the meantime, sensitive data - whether it's personal, behavioural, or biometric - can travel further and live longer than any one company or user ever intended.

Privacy Awareness Week is an opportunity to rethink how we treat data - not just in terms of compliance, but in terms of care. We need enforceable standards for deletion, portability, and transparency. We need to hold data handlers accountable as long-term custodians, not just processors. Because once trust is broken, it’s not something that can be “tokenised away.”

George Moawad
Country Manager for Oceania at Genetec

The complexity of modern data protection regulations necessitates the use of sophisticated technological solutions. However, not all physical security solutions on the market are built to support cybersecurity and privacy best practices. Some older, disparate systems weren’t designed to meet the various current regulatory requirements and frameworks. If ongoing compliance with these regulations is top of mind, choosing a unified physical security platform designed with for cyber security and privacy can help. Other factors such as deployment models and responsible AI practices can help organisations advance toward their compliance goals.

Indeed, as artificial intelligence becomes more integrated into physical security systems, organisations must ensure that AI-driven processes adhere to privacy and data protection standards. Responsible AI practices emphasise transparency, accuracy, and human oversight, reducing the risk of biased or discriminatory outcomes. By selecting vendors that prioritise responsible AI, businesses can maintain compliance while benefiting from the advantages of advanced technology.

Data protection is no longer a niche concern but a cornerstone of modern business operations. The regulatory environment, while multifaceted, offers an opportunity for companies to strengthen their data management practices. By embedding core principles of data security, transparency, and accountability into everyday processes, businesses don’t just meet compliance requirements - they gain a competitive edge. Partnering with forward-thinking vendors allows organisations to stay ahead of the curve, turning regulatory challenges into opportunities for resilience and trust-building.