The recent arrival of DeepSeek AI not only sent shockwaves throughout Silicon Valley but once again brought some very important data privacy issues back to the surface. Authorities in the Netherlands, Australia, Ireland and France have already begun examining the vendor’s data practices, with privacy worries front and center. In Italy, the regulator has already asked the government to ban the app to protect the data of Italian users.
AI tools aside, these issues are perennial headline-grabbers across the business ecosystem, with organizations everywhere struggling to build strategies that give stakeholders and regulators the certainty they need. The underlying paradox illustrates the depth of the challenge: data is an organization’s most valuable asset, but it can also be its greatest potential risk.
So, what more can organizations do to improve privacy? What approaches represent best practice and, aside from the obvious, what are the upsides of getting privacy processes right?
The foundation for addressing privacy is to first get insights into the data accumulating in the environment. With those insights available, there are three areas to address:
First, identify file types that are not to be stored on corporate systems. While inefficient, the accumulation of non-business-related content can lead to the introduction of ransomware or even silent data exfiltration in the event of a breach.
Second, examine the aging profile of existing datasets. The less data present on a system, the easier it is to ensure the adequate protection of private or sensitive data. A data lifecycle policy should be enacted to ensure that as data ages, it is relocated to the appropriate location for long-term storage until its final disposition.
Third, it makes sense to classify sensitive datasets and then ensure that any data tagged as sensitive or private is stored in areas with highly restricted access permissions.
Many organizations face difficulties coping with the sheer volume of unstructured data being collected, retained, and used. To cope, they need a solution that is agnostic to the variety of vendor platforms deployed. They also need the flexibility to gain insight into and act on all their unstructured data, whether stored in file or object form—in the cloud or on premises. Acting on what has been observed in the environment will lead to positive downstream outcomes, as outlined above.
Therefore, what’s required instead is a shift to proactively manage the data, leveraging key insights on the data estate. This will enhance the protection of private or sensitive data in the environment. The legacy (and reactive) approach has been to store all data in perpetuity, but this is no longer a viable approach.
Meeting governance goals
In this context and driven by widespread and costly data privacy failures, the governance environment has become significantly more complex and demanding. Authorities are now armed with stringent regulatory frameworks and the teeth to impose massive fines.
For organizations focused on compliance – which should, of course, be all of them – effective data governance is dependent on enterprise-wide visibility. Understanding what data exists, where it resides, who owns it and how it is used needs to be backed by a policy-driven approach that enforces strict controls over data classification, access and retention. This is essential to align with both internal requirements and external regulations, such as DORA, GDPR, APRA, CCPA, and HIPAA, among others.
Once governance policies are in place, businesses must continuously monitor and audit their data environments to detect and mitigate risks. The most effective automated tools can enforce compliance by identifying high-risk or sensitive data to ensure it is properly documented, secured and handled to meet governance standards.
Advanced vendor-agnostic data management technologies can also seamlessly integrate unstructured data across diverse storage systems, applications and cloud systems. For those organizations with complex, multi-environment architectures, this is becoming an essential requirement for the delivery of effective governance.
Given the widespread of data-driven technologies (of which GenAI is one), privacy will continue to occupy the minds of business leaders as they look to balance opportunity with risk. Those who do so successfully can enjoy the prospect of a win-win situation where data stays safe but also transforms organizational effectiveness.
