One security breach of personally identifiable information (PII) is one too many, yet there were plenty of high-profile reports during 2020, and we can be sure that more will follow this year. Far too many organizations are failing in their data privacy obligations. There is more PII than ever for organizations to protect, including data held by government organizations engaged in the fight against COVID-19.

Furthermore, data is an essential component of AI models. Organizations can fall victim to AI data poisoning or misinformation from deepfakes as but two examples. Maintaining data privacy is no easy matter; the footprint of information within and beyond an organization's boundaries makes it difficult to get a handle on what data is where and how it is used. Yet control of the information footprint is essential to provide the appropriate protection. Ultimately, those responsible for data privacy at an organization should provide the same level of protection to the data it holds about individuals as they would expect other organizations to apply to data about themselves. Only then can we be sure that Data Privacy Day is making an impact. 

Key messages:

• Balance data privacy with the greater good
• Ransomware is up—organizations can become both criminal and victim
• Private data used in building and running AI outcomes must be properly managed and secured 
• Deepfakes require data and security professionals to take immediate action