The state of data privacy: Where do we go from here?

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Protecting citizens' privacy is ingrained in the history of the United States; one can look back to the creation of the constitution for proof. For example, the fourth amendment protects against unreasonable search and seizure, while the fifth protects against self-incrimination. The nation's founders recognized the importance of guarding personal privacy to maintain citizens' safety and general well-being. As a result, individual citizens' right to privacy was woven into the country's fabric, and it has been reinforced time and time again in the centuries since. 

About the author

Grady Summers, Executive Vice President of Product at SailPoint.

The foundational values that informed these initial privacy laws can be viewed as a roadmap for today's privacy-related statutes. Take the California Consumer Privacy Act (CCPA), which was enacted in 2018 and regulates modern personal data collection and use to prevent an individual's privacy from being breached. Or Data Privacy Day originated 41 years ago and brings awareness to how European organizations and individual users can implement best practices in data protection. When enacting data privacy day four decades ago, it's doubtful the Council of Europe could foresee the digital landscape we operate in today and the increasing importance of data privacy – much less the U.S. founding fathers trying to comprehend digital data privacy more than two hundred years ago.

As modes of data creation, collection and use continue to evolve, governments and organizations across the world are tasked with evolving data privacy laws at the same rate. And while many countries have made great strides in upholding data privacy as our digital footprint has grown, the job is never done. What next steps can we take in ensuring that data privacy, a constitutional right, depending on interpretation, is maintained? From an organizational standpoint, evolution in protecting the data of individuals relies on further communication, compliance, and integrating privacy as a core value.

Communicate how data is used 

For enterprise organizations, user data is best protected when all affected parties are on the same page regarding where that data is stored and what it is used for. When data is siloed or individuals are left in the dark about how their information is leveraged, data is more susceptible to misuse. As a result, customers risk being uninformed when their personal identifiable information (PII) is tampered with, whether it be due to malpractice by the organization or theft by malicious hackers.

Organizations must be able to locate and retrieve user data upon individual request, and they have to let users know if their data has been impacted by any malicious activity. When it comes to data privacy, transparent communication is always a best practice. A user should always be informed about how their collected data is used, how it is protected, what privacy options they have, and how they can alter (or opt-out of) how their data is used. If those four boxes are checked, data misuse is far less likely. As a result, organizations must be able to locate and retrieve specific data points on-demand (more on that in a second). 

Comply with global regulatory laws 

Data privacy laws continue to grow in number and significance. The European Union's 2016 General Data Protection Regulation (GDPR) is a landmark example, setting guidelines for collecting and processing PII for Europeans. Awareness of and adherence to data privacy laws promotes a framework conducive to protecting user data and investing in the supportive technology needed.

Right-to-be-forgotten capabilities provide a great example. Is your organization technologically able to delete user accounts and any associated personal data on command? I hope so (GDPR already requires this capability). However, following right-to-be-forgotten regulations is not such a simple task when one considers that personal information for users is often located across various files, applications, and databases. Data subject access requests are another common feature in most global data privacy regulations, carrying similar complexities. Therefore, preparation and prioritization are key in ensuring data privacy regulation compliance.

Modern data privacy is shaped by the policies we've created and embraced globally. If such laws are not internalized and a reference by organizations, then data privacy will devolve.

Make data privacy a core value 

Adhering to the CCPAs and GDPRs of the world is an important step in protecting data privacy, but organizations must also prove that they are investing in privacy through technology integrations and a self-set policy. This is no easy feat, but businesses can more easily and efficiently comply with regulations and facilitate data access requests by leveraging AI.

AI has evolved from a supplement to a requirement for those striving for data privacy due to its contextual Natural Language Processing capabilities in file access. Proper AI implementation provides organizations with an efficient tool to recognize what stored data is PII (or regulated to a degree), where it is stored, who can access and who has accessed it. That last part is essential, as 95% of enterprise organizations have suffered identity-related data breaches.

Organizations hold the capability to model data management for AI and can teach it to understand normal and abnormal data access behavior. As a result, they can ensure that data protection is always accounted for, even when the human workforce is tending to matters elsewhere.

Ensuring data privacy must be a team effort. Individual users, organizations, and governing bodies must establish clear lines of communication and invest properly to secure personal data – a commodity that is practically equitable to gold in value today. In this digitally transformed age, users have a right to their data privacy, and organizations have a legal obligation to adhere to that right. Privacy looks different than it did 100, even 40, years ago, but the importance of privacy, and the protection it deserves will always remain an essential right now and in the future. 

Protect your privacy online with the best business VPN.

Grady Summers, Executive Vice President of Product at SailPoint.

Read more
Hands on a laptop with overlaid logos representing network security
Privacy must be a business priority: the urgent need for investment and action
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
The US privacy nightmare? What's changed after 30 days of President Trump's new administration
Collage of a group of people using smart phones in city, with TechRadar Data Privacy Week 2025 logo on the top right
Data Privacy Week 2025 – expert advice, tips, and experiences to use in the everyday
Cloud, networking and internet
Under the hood of data sovereignty
A person holding out their hand with a digital AI symbol.
DeepSeek kicks off the next wave of the AI rush
A digital representation of a lock
In the age of AI, everybody could lose the right to anonymity
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in Opinion
Judge sitting behind laptop in office
A day in the life of an AI-augmented lawyer
Cyber-security
Why Windows End of Life deadlines require a change of mindset
Polar Pacer
Polar's latest software update might have finally convinced me to ditch my Garmin
An image of the Samsung Display concept games console
Forget the Nintendo Switch 2 – I want a foldable games console
Image of Naoe in AC Shadows
Assassin's Creed Shadows is hands-down one of the most beautiful PC ports I've ever seen
Apple CEO Tim Cook
Forget Siri, Apple needs to launch a folding iPhone and get back on track