AI outpaces data privacy, exposing governance gaps
Technology and security leaders are warning that rapid adoption of artificial intelligence is outpacing controls on how data is stored, accessed and governed, as organisations mark Data Privacy Week.
They describe a growing divide between AI investment and privacy oversight, and point to weaknesses in storage infrastructure, access controls and board-level governance as key sources of risk.
Industry figures from Seagate, Diligent and OpenText say AI is reshaping data creation and usage in ways many organisations did not anticipate, while privacy teams face shrinking budgets and expanding responsibilities.
AI drives data
Jeff Park, ANZ Country Manager at Seagate, said the growth of AI is multiplying both the volume and value of data that organisations hold.
"This Data Privacy Day, it is worth recognising a simple truth: Once data has value, it must be protected - and with AI proliferating, both its volume and value are rising exponentially, more than most organisations anticipated. This shift is fundamentally redefining how we store and protect data, therefore how privacy must be approached."
Storage serves as the backbone of digital trust. As AI accelerates data creation across complex, distributed environments, organisations require high-performance, mass-capacity, and resilient storage to process, retain, and protect data at scale. Without the right infrastructure, organisations risk creating blind spots where sensitive data is exposed, duplicated, or lost.
Put simply, AI doesn't exist without data - and data doesn't exist without storage. Protecting the value of data starts at its core: how it is stored, managed and safeguarded," said Park.
Park highlights storage as a structural element of privacy. He points to the risk of "blind spots" when organisations expand AI use without adjusting data infrastructure.
Governance gap
Board oversight is not keeping pace with AI deployment, according to Monica Landen, CISO at governance, risk and compliance software provider Diligent.
"Data Privacy Week comes at a moment when the gap between AI adoption and AI governance has never been wider. Business leaders are doubling down on AI investments, yet many organizations are racing to implement AI tools without putting the right data governance frameworks in place. In some instances, companies have deployed generative AI solutions only to discover too late that they have inadvertently exposed sensitive customer data or violated compliance requirements. The aftermath isn't pretty, leading to reputational damage, regulatory penalties, and considerable loss of revenue."
"So how do companies actually protect their data when AI enters the picture? Recent research shows that 97% of organizations that experienced an AI-related security incident lacked proper AI access controls - a striking and preventable gap. This isn't just a technology problem. It's a governance failure. While 22% of boards have adopted formal AI governance, ethics or risk policies, another 31% have only discussed it without putting policies in place. The potential for AI-related data privacy incidents is no longer just a theoretical concern; it has become a critical governance challenge that many organizations are struggling to overcome," said Landen, CISO, Diligent.
Landen describes AI-related incidents as a boardroom issue rather than a purely technical problem. She cites research that links the absence of access controls to the majority of AI security events.
Risk-first data
Greg Clark, Director, Product Management and Strategy OT Enterprise Cybersecurity at OpenText, said organisations are expanding AI use at the same time as privacy resources tighten.
Industry research continues to show that data privacy teams and budgets are shrinking while AI is being used more than ever to access and act on sensitive data. As organizations mark this year's Data Privacy Day, the gaps between data use and risk readiness are becoming harder to ignore.
For privacy and security teams, the challenge in 2026 is to do more with less - by rethinking data management through a risk-first lens. Teams are consolidating tools and clarifying ownership, focusing on what matters most. With better visibility into where sensitive data lives, how it is used and who or what can access it - including AI and non-human actors, organizations can reduce complexity and maintain control as data volumes grow and budgets remain constrained.
At the organizational level, adopting a privacy-first approach to data management is no longer optional. Building privacy into data practices from the start helps reduce the risk of breaches, regulatory exposure and operational disruption. Just as importantly, it enables secure collaboration and analytics-allowing teams to share, analyze, and extract value from data with confidence, rather than locking it down or slowing the business.
Employees play another critical role in effective data management. Staying alert to evolving phishing tactics, understanding insider risk and reinforcing the fundamentals of data hygiene are increasingly important as AI continues to become a greater part of everyday work.
"Taking control of your data doesn't mean slowing innovation. With strong data governance and privacy practices in place, organizations can safely collaborate, adopt AI-driven analytics, and scale data use, even with leaner privacy teams, while maintaining trust with customers, regulators and partners," said Clark, Director, Product Management and Strategy OT Enterprise Cybersecurity, OpenText.
Clark links privacy with visibility over data location and access paths, including AI systems and automated processes. He also places responsibility on employees as data hygiene and phishing risks evolve with AI.
The comments come as regulators in multiple jurisdictions signal closer scrutiny of AI-related data use and as organisations reassess governance structures around sensitive information.