COMMENTARY: Data Privacy Day, which falls on Jan. 28 this year, always prompts renewed conversation about whether privacy still matters in an era dominated by social media, cloud computing, and artificial intelligence (AI).It’s often tempting to believe that we've already lost the data privacy war, or that individuals and organizations have simply accepted exposure as the cost of digital progress.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Despite many skeptics, data privacy remains alive and well, and its importance underscored by the steady stream of high-profile data breaches that continue to dominate headlines. These incidents don’t just disrupt businesses. They expose sensitive personal data, erode consumer trust, and create long-lasting financial and reputational damage.Left unaddressed, data breaches will happen and pose a direct threat to long-term business resilience and consumer trust. Mitigating that risk, however, demands action — not acceptance — from organizations and individuals alike.Just as important, users should demand better security from the companies they trust. People should challenge or avoid organizations that fail to offer basic protections like MFA or transparent, enforced privacy policies.In today’s environment, security and privacy are no longer confined to IT departments. They are foundational business concerns that directly influence brand reputation, customer loyalty, and long-term viability. For the most mature organizations, security teams aren’t seen as part of the IT department, but rather are viewed as a critical risk management function alongside teams like legal and finance.Organizations that experience breaches often face regulatory penalties, legal exposure, customer churn, and sustained reputational damage. To effectively manage modern threats and protect sensitive data, security programs must mature beyond reactive controls and barebones compliance and focus on comprehensive exposure management.This requires strengthening three critical pillars:Data Privacy Day serves as an important reminder that privacy has not disappeared, but rather, it has simply become harder to protect. As digital ecosystems grow more complex and interconnected, safeguarding data requires sustained commitment from both organizations and individuals.For individuals, this means staying informed, adopting stronger personal security practices, and holding organizations accountable for how personal data is collected, used, and protected. For businesses, it means embedding privacy and security into every layer of operations, from third-party risk management to incident response readiness.Data Privacy Day isn’t about acknowledging defeat in the face of cyber threats. It’s about recognizing that privacy remains achievable when it’s treated as a priority rather than an afterthought. In an era where trust is increasingly fragile, protecting data represents one of the most powerful ways organizations can demonstrate responsibility, resilience, and respect for the people they serve.Nathan Wenzler, Field CISO, OptivSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Why breaches keep happening
Organizations today face the rapid expansion of their attack surface. Cloud infrastructure, SaaS applications, APIs, remote work environments, third-party integrations, and AI-driven services have grown at a rate that far outpaces the amount of time and resources security teams currently have to wrap their brains around the situation.At the same time, cybercriminal operations have evolved into highly organized, well-funded enterprises. Many now employ large teams and offer retirement plans and health care benefits like any other corporation. They’ve also implemented enterprise-scale automation to let their “workers” more quickly and effectively identify vulnerabilities and launch attacks continuously and at scale.This imbalance between the speed of digital transformation and the resources required to secure it versus the efficiency and speed of criminal actors reinforces a long-standing security truth: it’s never a question of if an attack will occur, but when.While defenders have a daunting task, meaningful progress has been made in protecting personal data. Governments around the world continue to introduce regulations that strengthen consumer rights, mandate stronger security controls, and hold organizations accountable for data misuse, identity theft, and financial harm.Still, regulations alone aren’t enough. Users must take a more active role in protecting their own data by adopting stronger security habits, including:- Enable multi-factor authentication (MFA) on any site or service involving financial transactions, such as shopping platforms, banks, trading services, and payment apps.
- Regularly change passwords and avoid the use of the same password for multiple sites and user accounts.
- Actively monitor credit cards and financial accounts for unfamiliar or suspicious activity and reporting issues immediately.
- Place credit freezes with credit bureaus to prevent unauthorized account creation unless explicitly unlocked.
- Use identity and breach-monitoring services to gain early awareness when personal data is exposed.
- Proactive visibility: Continuously assess the full attack surface — including cloud assets, third-party vendors, partners, applications, and services — to identify vulnerabilities before attackers do.
- Real-time detection and response: Build resilient monitoring, detection, and response capabilities to identify and stop attacks as they occur.
- Robust incident response: Maintain a well-rehearsed incident response program that can quickly contain threats, minimize impact, and assess exposure to customer data.





