Data privacy urged as strategic board issue in AI era

Cybersecurity executives are urging boards and governments to treat data privacy as a core strategic priority rather than a mere compliance exercise, as World Data Privacy Day highlights the escalating volume of personal data in an AI-driven economy. Senior leaders from Exabeam, BeyondTrust, and Check Point Software Technologies warned that organisations face mounting legal and reputational risks, noting that consumers currently have few practical means to opt out of pervasive digital data collection.

These warnings coincide with a global tightening of privacy regulations and the rapid enterprise adoption of automation, behavioural analytics, and AI systems - all of which rely on large-scale data processing.

Board focus

Gareth Cox, Vice President APJ at Exabeam, said privacy has moved firmly onto board agendas as a result of its broader impact on business value.

"Privacy is now a strategic issue that demands board-level attention. It carries financial, legal, and reputational risk if customers believe their information isn't being protected. Meeting these obligations consistently and at scale is therefore critical. However, attempting to meet the strengthened privacy reforms with manual processes is not only inefficient but can also put an organisation at risk. If there is still a reliance on spreadsheets, shared documents, and ad hoc reporting to demonstrate compliance, this increases the chance of errors," said Cox, Vice President APJ, Exabeam.

Automation is becoming a central focus for privacy and security teams that must manage large audit trails, incident logs and regulatory reporting.

"Automation is the first step to moving on from this scenario. Routine tasks like data mapping, log correlation, and compliance reporting can be handled far more accurately and quickly with automated systems, reducing the likelihood of human error. AI and machine-learned behavioural analytics add another layer of value. By continuously learning what is normal within an organisation, these systems can surface unusual activity in real time and highlight risks that may require attention. Integration across tools is equally important as privacy obligations touch nearly every part of the technology stack. Fragmented solutions create gaps that make it harder to prove compliance or detect risks," said Cox.

Cox said investments are shifting towards integrated platforms that give security and risk teams a consolidated operational view of data use and access.

"If your serious about data privacy in 2026, consider investment in the deployment of modern platforms with open integrations which bring data together into a single view, giving teams the visibility they need to streamline compliance, detect threats earlier, and accelerate incident response," said Cox.

Data everywhere

BeyondTrust Chief Security Advisor Morey Haber said data privacy now reflects the deep interconnection of individuals, businesses and states, rather than a narrow corporate control.

"Data privacy is no longer a cybersecurity business control or a risk mitigation compliance checkbox. It reflects how deeply interconnected the modern world has become between businesses, governments, travellers, and citizens. Every interaction, financial transaction, remote authentication, and geolocation ping generates personal data. That data moves across borders, clouds, applications, partners, and marketing algorithms at machine speed and far beyond what most individuals realise in terms of data broker destinations. As a result, personal data privacy is harder to achieve than at any point in history, not because of negligence, but because of scale, dependency, design, and business models design to monetise the information itself," said Haber, Chief Security Advisor, BeyondTrust.

Haber said everyday digital services now rely on constant identity verification and data-rich telemetry.

"Truthfully, digital participation using anything online from smart phones to surfing the web is now the foundation for our modern life. Work, healthcare, finance, travel, education, news, and social media depend on persistent connectivity. Each service demands a user identity (even if it is a guest), authentication, filtering, context, and user behavioural telemetry to function. The more customised the experience, the more data is shared behind the scenes to present tailored content just for you. This can appear based on merchandise that you have previously viewed online all the way through news and social media based on lag times during a "doom scrolling" session. Personal data privacy erodes not only through cybersecurity breaches, but through thousands of legitimate exchanges that aggregate into detailed digital profiles about us," said Haber.

He said opting out of digital life is no longer feasible in practice for most citizens.

"For almost all countries with an online presence, staying entirely off the grid is no longer realistic or potentially even possible. This starts simply at the day we are born with the electronic records of our arrival. Mobile devices, national ID systems, cloud hosted government services, and regulated digital records make participation unavoidable. Even opting out of services creates its own signal and gaps based on the shear absence of data. This draws a simple conclusion, there is no such thing as absolute data privacy, but rather what data are you willing to share? The gambit today ranges from personally identifiable information through sanitised application telemetry and the controls you have to manage granularity do not exist for all use cases," said Haber.

Haber said organisations still lean heavily on traditional security controls while data monetisation and analytics outpace policy and user control.

"Bluntly, we have an unusual challenge. Data privacy strategies have not evolved at the same pace as data creation and monetised analytics. Organisations still focus on cyber security defences while data flows freely through APIs, SaaS platforms, AI models, and third-party ecosystems. True personal data privacy requires visibility into all of this data with control being assigned to the individual user and not the business or government entity based on regulations. Without the user knowing who and what is accessing data, why it is being accessed, and how long the data will be archived, data privacy will remain an abstract concept with individuals only loosely being able to opt of data storage and profiling. In the online world today, personal data privacy is not disappearing. It is being redefined and many users may simply be comfortable with the modern definition," said Haber.

AI and trust

Check Point Software Technologies ANZ Managing Director David Caspari said the adoption of AI has pushed data privacy into the centre of digital trust debates.

"Data privacy is no longer a legal obligation alone - it is the foundation of digital trust in an AI-driven world. As AI accelerates how data is created, shared, and analysed, organisations must move beyond reactive controls and adopt prevention-first strategies that protect personal information across users, networks, cloud environments and AI systems. On World Data Privacy Day, the message is clear: those who secure data by design will earn trust, resilience, and long-term confidence in the digital economy," said Caspari, Managing Director ANZ, Check Point Software Technologies.