























Drive has 700+ articles for digital transformation leaders written by StarCIO Digital Trailblazer, Isaac Sacolick. Learn more.
We’ll recap Data Privacy Week, what we learned, and why it matters, at this week’s Coffee With Digital Trailblazers. I deliberately chose to cover data privacy one week after its commemorative Data Privacy Week. Organizations need action more than words and policies. As AI increases data’s use cases and value, areas of data privacy, security, and governance are falling behind.

Top data breaches in January included:
Stinson reports a surge in lawsuits related to online privacy. They tracked claims filed in 315 courts across 45 states and DC against 3,512 unique defendants. While 20 US states passed comprehensive privacy laws, none were added in 2025.
My main takeaway from Data Privacy Week is that executives need to step up. Here’s a recap of three of my discoveries.
The Coffee With Digital Trailblazers episode on CIO and CMO: Partnering on AI to Drive Growth took an unexpected turn. We had plenty of growth examples that I will share in a future article. But CMOs quickly highlighted the importance of data privacy and security in their marketing responsibilities.
“Safety and security are not one department’s job,” said Adrianna Hosford, chief communications officer and head of marketing at Artera. “The CMO and the leadership team need to know that, because sometimes I think relationships can go wrong when there’s a dialogue in which the CMO wants one thing and the CIO wants another. But truly, if everyone is here to grow the business and do what’s best for it, we actually share many goals. At our company, security is one of those.”
Here’s how Adrianna explains the importance of data security to marketers. “If there is a security breach, a reputational issue, or a major crisis, guess who’s dealing with it? You, marketer. You’re dealing with it from a brand, PR, and reputation perspective. So it’s in your personal best interest to make sure that safety and security are a culture across your whole company,” said Adrianna.
CISOs, chief privacy officers, and CIOs, take note. Lead steps to get your CMOs and communication heads on board with the data privacy, security, and governance agenda.
Here’s another reason to involve the CMO and marketing in advancing the data privacy, security, and governance priorities.
According to the 2025 SAS Report on Marketers and AI: Navigating New Depths, 85% of marketers are using GenAI, and 93% have a dedicated GenAI budget for 2025/2026. But only 8% of marketers are very confident in their organization’s AI governance. Also concerning is 45% of agentic AI adopters identified data privacy as a concern with AI use in their organizations.
I’m floored by the low confidence. It’s like the Board approved a fat budget to test-drive Ferraris. Then, CMOs gave those Ferraris to their staff to drive at 180mph without teaching them how to or ensuring there were safety guardrails in place.I
If marketers aren’t confident in their organization’s AI governance, they should step in and take appropriate data privacy measures for the data they use most – customer data.
Worse, if 45% of AI adopters have concerns about data privacy, that implies 55% do not.
“At the organizational level, adopting a privacy-first approach to data management is no longer optional,” says Greg Clark, director of product management and strategy OT enterprise cybersecurity at OpenText. “Building privacy into data practices from the start helps reduce the risk of breaches, regulatory exposure, and operational disruption. Just as importantly, it enables secure collaboration and analytics—allowing teams to share, analyze, and extract value from data with confidence, rather than locking it down or slowing the business.”
Training is a key element of data governance, security, and privacy. Gary Orenstein, chief customer officer at Bitwarden, says it’s clear that privacy is no longer defined by where data lives, but by how access to it is controlled.
Orenstein says, “Digital lives across work and personal environments now coexist on the same devices, accounts, and browsers, blurring access boundaries and expanding the exposure of any single privacy gap. Modern security strategies must account for the fact that the same credentials unlock work systems, personal accounts, and family devices, so privacy can’t be treated as a downstream add-on.”
So, identity is an issue, endpoint security is a major concern, and access control is a growing challenge. Locking down systems is no longer an optiomn. To become a data-driven organization and build smarter AI models, data has to be moved to where users, models, and AI agents need it.
“When vendors tighten commercial or technical controls, it stops being about security and starts being about control,” says Fivetran CEO George Fraser. “Customers should decide how and where their data moves. Restricting access forces sensitive data to stay inside a single vendor’s stack, limiting transparency, independent auditing, and the privacy safeguards customers rely on. If customers can’t use the tools of their choice to move their own data into platforms like Snowflake, that’s not protecting privacy. It’s reducing it.”
CIOs, chief data officers, and CISOs should consider horizontal approaches to managing data security and privacy. Data fabrics and data movement platforms can expand access to data. Data security posture management (DSPM) brings several data security practices into a single management framework.
What lessons did you learn this week about data privacy and security? Join the conversation at this week’s Coffee With Digital Trailblazers!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。