STARCIO

drive digital transformation

STARCIO

StarCIO Digital Trailblazer Community - Confidence to lead, community to advise

StarCIO Digital Trailblazer Community

Weโ€™ll recap Data Privacy Week, what we learned, and why it matters, at this weekโ€™s Coffee With Digital Trailblazers. I deliberately chose to cover data privacy one week after its commemorative Data Privacy Week. Organizations need action more than words and policies. As AI increases dataโ€™s use cases and value, areas of data privacy, security, and governance are falling behind.

Data Privacy Week Is Over. Now Comes Leadership Accountability

Top data breaches in January included:

  • A 1.4 TB internal breach at Nike.
  • Mellwoodโ€™s ransomware attack may have exposed customer data.
  • A breach at SNP Transformations exposed social security numbers.

Stinson reports a surge in lawsuits related to online privacy. They tracked claims filed in 315 courts across 45 states and DC against 3,512 unique defendants. While 20 US states passed comprehensive privacy laws, none were added in 2025.

My main takeaway from Data Privacy Week is that executives need to step up. Hereโ€™s a recap of three of my discoveries.

Safety, security, and privacy are all C-leader responsibilities

The Coffee With Digital Trailblazers episode on CIO and CMO: Partnering on AI to Drive Growth took an unexpected turn. We had plenty of growth examples that I will share in a future article. But CMOs quickly highlighted the importance of data privacy and security in their marketing responsibilities.

โ€œSafety and security are not one departmentโ€™s job,โ€ said Adrianna Hosford, chief communications officer and head of marketing at Artera. โ€œThe CMO and the leadership team need to know that, because sometimes I think relationships can go wrong when thereโ€™s a dialogue in which the CMO wants one thing and the CIO wants another. But truly, if everyone is here to grow the business and do whatโ€™s best for it, we actually share many goals. At our company, security is one of those.โ€

Hereโ€™s how Adrianna explains the importance of data security to marketers. โ€œIf there is a security breach, a reputational issue, or a major crisis, guess whoโ€™s dealing with it? You, marketer. Youโ€™re dealing with it from a brand, PR, and reputation perspective. So itโ€™s in your personal best interest to make sure that safety and security are a culture across your whole company,โ€ said Adrianna.

CISOs, chief privacy officers, and CIOs, take note. Lead steps to get your CMOs and communication heads on board with the data privacy, security, and governance agenda.

AI governance is lagging behind the drive for experimentation

Hereโ€™s another reason to involve the CMO and marketing in advancing the data privacy, security, and governance priorities.

According to the 2025 SAS Report on Marketers and AI: Navigating New Depths, 85% of marketers are using GenAI, and 93% have a dedicated GenAI budget for 2025/2026. But only 8% of marketers are very confident in their organizationโ€™s AI governance. Also concerning is 45% of agentic AI adopters identified data privacy as a concern with AI use in their organizations.

Iโ€™m floored by the low confidence. Itโ€™s like the Board approved a fat budget to test-drive Ferraris. Then, CMOs gave those Ferraris to their staff to drive at 180mph without teaching them how to or ensuring there were safety guardrails in place.I

If marketers arenโ€™t confident in their organizationโ€™s AI governance, they should step in and take appropriate data privacy measures for the data they use most โ€“ customer data.

Worse, if 45% of AI adopters have concerns about data privacy, that implies 55% do not.

โ€œAt the organizational level, adopting a privacy-first approach to data management is no longer optional,โ€ says Greg Clark, director of product management and strategy OT enterprise cybersecurity at OpenText. โ€œBuilding privacy into data practices from the start helps reduce the risk of breaches, regulatory exposure, and operational disruption. Just as importantly, it enables secure collaboration and analyticsโ€”allowing teams to share, analyze, and extract value from data with confidence, rather than locking it down or slowing the business.โ€

Data privacy recommendations for CMOs

  • If you canโ€™t champion and market your organizationโ€™s approach to data security and privacy to your customers, then raise the concerns with the executive leadership team and drive the closure of gaps as a strategic priority.  
  • Hire a third-party auditor to determine whether data privacy guardrails align with policies.
  • Train staffers in marketing, IT, and infosec on data policies, regulations, and objectives. Foster a shift-left mentality around data security and privacy, so that they are addressed in parallel to AI initiatives.

Data privacy and security need action, not just policies

Training is a key element of data governance, security, and privacy. Gary Orenstein, chief customer officer at Bitwarden, says itโ€™s clear that privacy is no longer defined by where data lives, but by how access to it is controlled.

Orenstein says, โ€œDigital lives across work and personal environments now coexist on the same devices, accounts, and browsers, blurring access boundaries and expanding the exposure of any single privacy gap. Modern security strategies must account for the fact that the same credentials unlock work systems, personal accounts, and family devices, so privacy canโ€™t be treated as a downstream add-on.โ€

So, identity is an issue, endpoint security is a major concern, and access control is a growing challenge. Locking down systems is no longer an optiomn. To become a data-driven organization and build smarter AI models, data has to be moved to where users, models, and AI agents need it.

โ€œWhen vendors tighten commercial or technical controls, it stops being about security and starts being about control,โ€ says  Fivetran CEO George Fraser. โ€œCustomers should decide how and where their data moves. Restricting access forces sensitive data to stay inside a single vendorโ€™s stack, limiting transparency, independent auditing, and the privacy safeguards customers rely on. If customers canโ€™t use the tools of their choice to move their own data into platforms like Snowflake, thatโ€™s not protecting privacy. Itโ€™s reducing it.โ€

CIOs, chief data officers, and CISOs should consider horizontal approaches to managing data security and privacy. Data fabrics and data movement platforms can expand access to data. Data security posture management (DSPM) brings several data security practices into a single management framework.

What lessons did you learn this week about data privacy and security? Join the conversation at this weekโ€™s Coffee With Digital Trailblazers!

Hello,

Digital Trailblazer Community

Isaac Sacolick

Our community of Digital Trailblazers are for leaders of digital transformation initiatives, people aspiring to tech/data/AI leadership roles, and C-level leaders who develop digital transformation as a core organizational competency.

Review the Community Guidelines

Let’s connect

Coffee with Digital Trailblazers

Digital Trailblazers on LinkedIn

Learning

Recent Coffee with Digital Trailblazers

Your Community Experts