Data Privacy Day, sometimes called Data Protection Day, is observed every January 28. The international effort focuses on raising awareness about data privacy, data protection and trust. For some it is now Data Privacy Week, running from January 27 to 31 this year.
 |
| Source: BeyondTrust. Haber. |
"Data Privacy Day serves as a crucial reminder of the importance of protecting personal information in an increasingly digital world. As organisations grapple with evolving regulations and the ever-growing volume of data, a strong commitment to data privacy is no longer just a compliance requirement, but a fundamental principle for building trust with customers and stakeholders," he said.
John Yang, VP APJ for Progress, also called the the day a reminder. "Data Privacy Day is a vital reminder of the importance of safeguarding personal and organisational data in our increasingly connected world. With data breaches and cyber threats becoming more sophisticated, organisations must prioritise robust data privacy measures, ensuring compliance with regulations like GDPR and CCPA while safeguarding sensitive information. By integrating privacy by design into technology and processes, companies can not only mitigate risks but also build long-term trust with their customers," he said.
 |
| Source: Progress. Yang. |
"As we celebrate this day, let’s recognise the shared responsibility of safeguarding data. Together, through collaboration, education, and innovation, we can create a more secure digital ecosystem that respects the privacy of every individual.”
CCPA stands for the California Consumer Privacy Act.
Regulations
"Key regulatory frameworks like India’s upcoming Digital Personal Data Protection Bill, Singapore’s revised Personal Data Protection Act, and China’s Personal Information Protection Law are reshaping how APAC nations govern personal data. Alongside these, the APEC Privacy Framework and Cross-Border Privacy Rules (CBPR) systems are gaining traction, providing regional guidance on data governance and fostering consistency across borders," observed Clement Lee, Security Architect, APAC, Check Point Software Technologies.
"However, this evolving regulatory landscape presents multinational organisations with the challenge of navigating different definitions of sensitive data, varying breach notification timelines, and specific cross-border data transfer restrictions—all in the context of increasing cloud adoption and hybrid work models."
.jpg "Source: CyberArk. Lim Teck Wee.") |
| Source: CyberArk. Lim Teck Wee. |
"It's essential that business and cyber leaders continue to prioritise proactive measures to safeguard data privacy amid the evolving technological and cybersecurity landscape. The ever-expanding volumes of data, rapid advancements in technologies like AI, and increasingly sophisticated threat actors demand unwavering focus and action."
Jasie Fon, Regional VP of Asia at Ping Identity, said that data privacy goes beyond compliance to being a matter of trust and transparency. "According to our survey last year, most Singapore consumers (86%) do not fully trust the organisations that manage their identity data. Doing online shopping (72%) made consumers feel most vulnerable to identity theft, followed by accessing or using online banking (69%) and using social media (68%)," she said.
Lee added that the rise of emerging technologies further complicates the safeguarding of personal information. "Artificial intelligence, while driving efficiency and innovation, also magnifies concerns about responsible data usage, algorithmic bias, and transparency in decision-making. The Internet of Things (IoT), from smart city infrastructure to consumer devices, creates new vulnerabilities, expanding the entry points for data breaches," he noted.
"Blockchain’s decentralised and immutable nature conflicts with the 'right to be forgotten' under GDPR, which allows individuals to request the deletion of their personal data. While GDPR requires organisations to obtain explicit consent and grants individuals rights like data access, rectification, and erasure, Blockchain's design ensures that data cannot be easily altered or erased, creating friction between privacy rights and technology. In this landscape, privacy-by-design has evolved from a best practice to a fundamental necessity for earning trust and ensuring compliance."
Jan Sysmans, Mobile App Security Evangelist, Appdome, touched on an evolving cybersecurity landscape in the mobile space. "On Data Privacy Day, we emphasise the growing importance of safeguarding mobile data in today’s interconnected world. Mobile apps are central to consumer and business interactions, making robust security a necessity for developers. Evolving threats like AI-driven attacks and account takeovers exploit app vulnerabilities, compromising user accounts, data, and brand trust," he said.
"To combat these risks, mobile businesses must adopt comprehensive, lifecycle-focused security measures."
Cybersecurity was a focus for several industry observers. Cybercriminals are increasingly sophisticated, leveraging advanced tactics to exploit weaknesses within organisations. "According to recent studies, 41% of businesses in the APAC region experienced a data breach in the past year, with nearly half reporting more than 10 incidents. This growing threat is exacerbated by poorly-secured privileged accounts, which, if compromised, can provide attackers with full access to critical systems, exfiltrate sensitive data and wreak havoc on business operations," said Keeper Security's CEO and Co-Founder Darren Guccione.
 |
| Source: Cohesity. Lim Hsin Yin. |
Lim Hsin Yin, VP, Sales - ASEAN, Cohesity, said that data protection must evolve. "As we mark World Data Privacy Day, the growing surge in cyberthreats underscores the urgency to re-evaluate our approach to data protection. It is crucial for organisations to incorporate proactive measures like AI-powered threat simulations and advanced encryption, moving beyond traditional security strategies to build up true cyber resilience. Conventional cybersecurity is no longer adequate to withstand external threat actors; organisations need to anticipate and mitigate emerging risks," she said.
"By aligning with the ASEAN Guide on AI Governance and Ethics and countries’ national cybersecurity regulations, businesses are able to innovate while maintaining a strong focus on robust security. In Singapore, the Model AI Governance Framework for Generative AI seeks to build a governance framework that aims to protect users while balancing the need to drive innovation.
"For businesses, critical systems are best protected when ethical AI and resilient data practices are given priority. Doing so fosters enhanced credibility, ensures business continuity, and drives long-term growth in today’s integrated digital ecosystem."
Darren Thomson, Field CTO EMEAI at Commvault, agreed that cybersecurity needs to be revisited. "As we embrace the new year and Data Protection Day rolls around once again, the core themes from cybersecurity companies remain the same: cyberattacks are not only increasing in volume but are also becoming alarmingly more sophisticated. It is no longer enough to focus solely on defending against these attacks - organisations must prioritise rapid recovery and minimising downtime to bolster their cyber resilience," he said.
Arun Kumar, Regional Director for APAC, ManageEngine said: "Safeguarding data is essential, not only to prevent financial loss, reputational damage, and loss of intellectual property, but also to uphold customer trust. This requires a comprehensive approach that integrates people, processes, and technology frameworks.
"For instance, solutions like security information and event management (SIEM) leverage AI and automation to proactively identify, manage, and neutralise potential threats. These tools provide organisations with real-time alerts, enhancing their ability to respond swiftly to security incidents. However, technology alone is not enough. Data privacy also involves educating employees and fostering a culture of shared responsibility where everyone adheres to robust data protection policies and practices."
Kumar also pointed out that data privacy ultimately goes beyond compliance with regulations. "It empowers organisations to take control of their data and protect the rights of individuals, ensuring their information is handled transparently and responsibly. By doing so, businesses build long-lasting trust with their customers while securing their most valuable asset: data," he added.
The human factor
"Human error also remains a major contributor to breaches, with 74%
involving the human element, including stolen or weak passwords,
credentials and secrets. It’s essential for organisations to invest in
employee training on strong password practices and the risks associated
with privileged accounts. Insider threats – whether accidental or
malicious – also complicate matters, as privileged access can be
exploited by trusted individuals," said Guccione.
Leadership
Strong leadership is fundamental in fostering a privacy-centric culture, Lee suggested. "Executives who advocate for privacy at the board level signal to regulators, customers, and partners that data protection is a priority. By investing in cross-functional data governance teams, embedding privacy impact assessments early in the project lifecycle, and providing ongoing employee training, leaders can protect their organisation's reputation while aligning with regional laws. In this way, a privacy-first approach becomes both a safeguard against fines and data breaches, and a competitive differentiator that enhances credibility," he said.
A minimum viable company
"To achieve (cyber resilience), businesses must embrace the concept of a minimum viable company - the ability to maintain essential operations and services even in the aftermath of a cyberattack. Traditional reliance on backups is no longer enough, as cybercriminals have adapted, embedding malware into backups or using sleeper ransomware that activates after restoration. This makes clean recovery strategies essential," said Thomson.
"Having a
minimum viable company requires the ability to restore critical systems
in a secure, malware-free environment, which is possible today thanks to
virtual cleanrooms in the cloud. These environments can be adapted as
needed, allowing for regular testing at a minimal cost and ensuring
rapid, reliable recovery when it matters most."
Thomson said that there is more to the equation, however. "Rebuilding cloud
applications is often the most time-consuming task, as organisations
cannot function without their core systems. What was once a laborious,
manual process can now be streamlined through modern automation
technology. Critical cloud applications can be swiftly reconstructed in a
secure cleanroom, reducing recovery times from days or weeks to mere
hours or minutes. This is the essence of true cyber resilience - the
ability to recover, adapt, and maintain operations even in the face of a
crisis - and is something organisations can no longer afford to
ignore."
Identity management
"Digital identity is the
front door to any digital experience. Organisations need to ensure that
businesses are investing in the latest technologies such as customer
identity and access management (CIAM) and decentralised identities (DCI)
to secure consumers’ identities and prevent fraud," Fon said.
"Organisations
are also responsible for ensuring customers understand how data is
collected and are given a clear opt-in or opt-out option to feel secure
and respected. This transparency goes a long way toward building brand
loyalty and a positive customer experience."
"Identity security is a critical pillar of data privacy. Deploying robust workforce identity management solutions and protecting user credentials are key steps in preventing breaches. Prioritising identity security will not only ensure compliance with local data protection laws; it will also ensure that organisations are mitigating risks and protecting customer trust," agreed Lim from CyberArk.
Privileged access management
Guccione noted that privileged accounts are often the most valuable to attackers."Protecting privileged accounts is becoming increasingly difficult due to the expanded attack surface created by cloud adoption, remote work and hybrid environments. As businesses embrace digital transformation, new vulnerabilities arise – particularly concerning privileged accounts. Employees accessing systems from multiple devices and locations make consistent security measures harder to maintain," he elaborated.
Privileged access management (PAM), the strategies and
tools that help organisations control and monitor accounts with access
to privileged information, could provide greater visibility into IT
infrastructure, Guccione said, "enabling organisations to manage
third-party access, monitor user activity, ensure compliance and
mitigate the risk of cyberattacks".
"By reducing the number of
users with elevated privileges, PAM minimises the attack surface, making
it harder for cybercriminals to exploit vulnerabilities. It also helps
prevent insider threats by controlling who has access to sensitive
systems, offering strict access controls and real-time activity
monitoring. This proactive approach helps organisations identify and
stop malicious behaviour before a breach occurs," Guccione said.
"Many
regulatory frameworks require organisations to implement access
controls and auditing for privileged accounts. PAM solutions support
compliance by providing the necessary reporting and oversight to meet
these standards."
Zero-knowledge encryption
Guccione also noted the pivotal role of zero-knowledge encryption in protecting businesses against cyberthreats. "Zero-knowledge encryption is as secure as it gets. It ensures that only the user has access to their data – period. With true zero-knowledge encryption, your information is encrypted and decrypted directly on your device, meaning the service provider doesn’t hold the keys, even for recovery or troubleshooting," he explained.
"This level of control goes beyond what traditional security tools, or even 'almost' zero-knowledge solutions, can offer. 'Almost' solutions still leave potential vulnerabilities, with access points or backdoors that undermine your security. With zero-knowledge, there are no loopholes – just absolute confidentiality."
New strategies
Lee advised businesses to consider regulations, technologies, and processes to ensure trusted relationships with stakeholders. "Looking ahead, enforcement in APAC is poised to intensify, with higher penalties and evolving guidelines—particularly around AI and cross-border data flows. Privacy-enhancing technologies, post-quantum encryption, and Zero-Trust security models will be integral to an organisation’s data protection strategy. To stay ahead, businesses must map data flows comprehensively, harmonise compliance across jurisdictions, and maintain proactive communication with regulators. In an age where personal data is an invaluable asset, robust privacy practices will not only meet legal requirements but also strengthen the trust that underpins enduring relationships with customers and partners," he said.
Thales' five steps for better privacy include:
1.
Create a culture of privacy. This can be done by educating employees on
their obligations to protect personal information and ensuring that
staff know how data security is applied in their daily work.
2.
Conduct a privacy impact assessment. This will determine how and where
data is stored, backed up, and disposed of, what data security measures
are currently implemented, and where systems may be susceptible to a
data privacy breach.
3. Transition from a reactive
cyberdefence stance to a proactive one. Security programme
transformation is characterised by proactive defences that enable
operators, developers and other users to adopt new technologies safely,
Thales said. According to Thales’ 2024 Data Threat Report, organisations
have identified the emerging areas of generative AI, cloud, IoT/5G and
quantum computing for proactive security measures.
4. Keep up
to date with security technologies. Staying abreast of technological
developments in the industry is essential. With the increase in phishing
attacks and identity infrastructure attacks, organisations should
consider how workforce identity and access management, along with
customer identity and access management, can enhance their existing
security measures.
5. Foster stakeholder buy-in to enhance
overall organisational security. Security leaders should focus on
empowering stakeholders to play an active role in safeguarding the
organisation. For instance, developers could adopt user-friendly methods
for customer onboarding and authentication, while security champion
programmes can inspire more developers to embrace secure development
practices. These initiatives help embed robust security measures across
the organisation, creating a culture of security that extends beyond its
boundaries.
“Ultimately, these steps will enable businesses
to deepen customer trust, strengthen organisational resilience through
better threat management, and improve ROI from generative AI and cloud
investments through better data control,” said Andy Zollo, Senior VP, Application and Data
Security for Thales in Asia Pacific & Japan. ROI stands for
return on investment.
Explore
The data privacy focus continues with a discussion on AI at https://www.techtradeasia.com/2025/01/data-privacy-in-2025-ai-adoption.html
Read about data privacy research on consumers from Acronis at https://www.techtradeasia.com/2025/01/acronis-privacy-survey-data-breaches.html
Hashtag: #DataPrivacy2025
No comments:
Post a Comment