The Industry Speaks, part 2: World Privacy Day 2026

Ken Braatz
CTO of SupportNinja

The safest data is the data you never store. AI doesn’t need Social Security numbers or credit card details to be effective – in fact, holding onto that kind of personal data just makes you a target. The real opportunity is using clean, connected, non-sensitive data to deliver better customer experiences without putting people at risk.

Russell Todd
Security Services Lead at Avanade Australia

Data Privacy Day is a timely reminder for Australian businesses to take a hard look at how they are protecting data. Too often, security is being treated as a shopping exercise – organisations investing time and money in more tools, assuming that it will automatically reduce risk. In practice, this approach often creates new problems instead.

Most organisations already have more security technology than they can effectively manage. Systems don’t always integrate, alerts pile up, and teams struggle to get a clear view of where sensitive data lives or who has access to it. As complexity increases, gaps appear – and those gaps are exactly what attackers look for.

Effective data protection starts with getting the basics right. Organisations need to have a clear understanding what data they hold, where it’s stored, and how access is managed across cloud services, devices, and users. Strong identity controls and access management, applied consistently, can significantly reduce exposure without adding unnecessary layers of technology.

VIEW ALL

Data privacy also isn’t something you ‘set and forget’. Tools and controls require regular review to ensure they’re still fit for purpose as businesses adopt cloud platforms, AI, and new ways of working. In many cases, better outcomes come from simplifying what’s already in place, not starting again.

This Data Privacy Day reinforces that trust is built through clarity and control. When security is simple, well understood, and embedded into everyday operations, organisations are far better placed to protect data – and more importantly, the people behind it.

Jeff Park
ANZ Country Manager at Seagate

This Data Privacy Day, it is worth recognising a simple truth: once data has value, it must be protected – and with AI proliferating, both its volume and value are rising exponentially, more than most organisations anticipated. This shift is fundamentally redefining how we store and protect data, therefore how privacy must be approached.

Storage is the backbone of digital trust. As AI accelerates data creation across complex, distributed environments, organisations need high-performance, mass-capacity and resilient storage to process, retain and protect data at scale. Without the right infrastructure in place, organisations risk creating blind spots where sensitive data is exposed, duplicated or lost.

Put simply, AI doesn’t exist without data – and data doesn’t exist without storage. Protecting the value of data starts at its core: how it is stored, managed and safeguarded.

Alan Win
Founder and CEO, Middlebank Consulting Group

Data Privacy Week is a good reminder that cybersecurity in supply chains is not just about systems or compliance. Risk often builds quietly through everyday practices that go unexamined. Teams, partners, and platforms share information constantly, and responsibilities are not always clearly assigned. Simple habits, such as storing sensitive files in shared folders or not reviewing access regularly, quietly increase exposure. Addressing these challenges requires more than policies.

Organisations need to understand where their data flows, who interacts with it, and the operational realities that make certain practices risky. By embedding privacy and cybersecurity awareness into day-to-day operations and regularly reviewing access and data management habits, companies can reduce exposure, respond faster when issues arise, and maintain stakeholder trust. Protecting information works best when it is part of how business is actually conducted.

Richard Knott
SVP APAC at InfoSum

This year’s Data Privacy Day theme, “Taking control of your data,” is a reminder that privacy is no longer just about protection; it’s about power. Taking control means deciding who can access your data, how it’s used, and what value you receive in return.

Consumers are no longer passive participants in the digital ecosystem. They’re actively choosing the brands they trust and the platforms they engage with, based on how their data is handled. Globally, more than 80 per cent of people are now protected by some form of privacy legislation. In Australia, long-awaited Privacy Act reform is nearing its conclusion, reinforcing the shift toward greater transparency and accountability.

For the media and marketing industry, this shift presents an opportunity. Embedding privacy into data strategies isn’t just the right thing to do – it’s unlocking smarter, more responsible innovation. Brands that adopt privacy-by-design principles are finding new ways to collaborate and drive results without compromising control.

A new generation of technology is making this possible. The arrival of privacy-enhancing technologies (PETs) and secure data collaboration has changed the game, enabling data to be connected without being shared, moved or commingled. When we stop treating data as something to extract and own, and instead see it as something to connect and safeguard, we create a better system for everyone. That’s how trust is built, how innovation becomes sustainable, and how privacy becomes a competitive advantage.

In 2026, privacy is no longer a trade-off. It’s the engine of performance, insight and long-term growth.

Chris Millington
Global Solutions Lead of Data and Cyber Resilience at Hitachi Vantara

Cyber resilience maturity is still extremely low. Many businesses are pinning their future hopes on solution-in-a-box products to stay safe and remain operational. What they need are targeted resilience strategies. Attacks vary, so there’s no single way to fix this.

Businesses need a multi-pronged approach that includes reliable and secure data infrastructure, efficient and dependable backup, anomaly detection and malware scanning, and the ability to recover within minutes. We haven’t seen enough of that in the last 12-18 months.

Jimmy Mesta
Co-Founder and CTO of RAD Security

Static data maps aren’t enough. If you can’t see how sensitive data moves, you can’t secure it. Most privacy programs are still anchored in where sensitive data is stored. But in modern, cloud-native environments, risk comes from what’s moving, not from what’s sitting idle. PII flows across services, containers, regions, and APIs faster than legacy tools can track. If you only look at storage, you’re blind to exposure paths, cross-boundary violations, and unauthorised access in flight.

Security teams need real-time observability beyond data location and into data behaviour. That means understanding how sensitive data is accessed, transmitted, and transformed, and whether that behaviour aligns with policy and compliance requirements. On Data Privacy Day, the call to action is to lock down what you know, and get visibility into what you don’t. Data privacy is a flow problem, not a storage problem.

Anthony Woodward
CEO of RecordPoint

On Data Privacy Day, organisations should remember: you can’t govern AI or protect privacy without governing data. Strong data governance turns principles into accountable practice. You build trust with your customers when you protect their data, and you can do the same with regulators when you demonstrate control and accountability.

AI brings new responsibilities: Protecting data from breaches is one thing, but you must also use data ethically in automated systems. How do you do this?

Fortunately, but not coincidentally, the governance practices that make you trustworthy on security are the same practices that make you trustworthy on AI. Trust stems from demonstrable responsibility in handling data, regardless of whether that data feeds a security monitoring system or a machine learning model.

Jaren Nichols
COO and President of PDQ

Data Privacy Day is a good reminder that security isn’t just a policy - it’s a practice. And for most organisations, that practice lives with sysadmins and IT teams who are asked to keep everything running, all the time, without breaking trust.

From what we saw in this year’s State of Sysadmins report, one thing is clear: what IT professionals want more than anything is secure reliability. Systems that work. Reliability isn't a ‘nice to have’. It’s foundational to privacy.

And this year’s report makes that clear: for the fifth year in a row, security is the top concern for sysadmins. 62 per cent of the 1,000+ plus IT professionals we surveyed said security and data breaches were their top concerns (way ahead of system outages or legacy systems failing).

What often gets overlooked is that some of the most effective data privacy actions don’t look like security initiatives at all. Patch management rarely makes headlines. Automations aren’t usually framed as privacy tools. But in practice, they’re the front line.

Unpatched systems are still one of the most common ways organisations are compromised. Not because people don’t care about privacy – but because complexity, scale, and time are working against them. Our survey data reflects this tension clearly: sysadmins know what needs to be done, but the challenge is doing it consistently, across every device, without disrupting the business.

Security and data privacy may be a once-a-quarter training for most employees, but for IT professionals, even a single relaxing weekend a year can sound like a dream.

That’s where reliability becomes a privacy issue. When patching is timely and predictable, when routine work is automated instead of manual, fewer things slip through the cracks: fewer emergency fixes, fewer exposed systems, and less risk to the data people trust us with.

On Data Privacy Day, it’s worth recognising that protecting data doesn’t always start with a policy document. Often, it starts with the unglamorous work of keeping systems up to date, and the people who quietly make that happen every day.