Data Privacy Day 2025: What Tech Experts Say About Data Privacy and Security
As the digital world changes quickly, keeping personal and organisational data safe is more important than ever. To honour Data Privacy Day, leaders in the tech industry come together to stress how important it is to protect sensitive information in our connected environment. They share how to fight against data breaches and cyberattacks, as well as how to adapt to new privacy rules. Their insights reveal the steps organisations can take to secure their data better and earn their customers' trust.
This year's theme, 'Take Control of Your Data,' encourages everyone—individuals and businesses—to prioritise data privacy. With the rise of technologies like AI, cloud computing, and the Internet of Things (IoT), the way we collect, share, and store data has changed, putting privacy and security at greater risk.
In this article, we'll understand industry leaders' opinions as they explain why protecting data is essential, the hurdles presented by new technologies, and the strategies businesses can use to safeguard their digital assets. They share practical tips, like building privacy into design and using advanced security tools, to help organisations keep up in the ongoing effort to protect what is most important in a data-driven world.
Pratik Shah, Managing Director – India & SAARC, F5
The rapid adoption of emerging technologies such as AI, IoT, and brain-computer interfaces (BCIs) has dramatically increased the scale and sensitivity of data being exchanged, posing new challenges for privacy and security. At F5, we believe privacy and security must be built into every layer of digital interactions. Guided by our BeF5 value of 'doing the right thing,' we embed privacy in our solutions by design and default, ensuring transparency and respecting user choices. Beyond securing endpoints and networks, our solutions focus on securing the complex interplay of data flows at every intersection, providing security that not only protects data but also fosters trust and confidence. As India leads the charge in digital transformation, F5 remains committed to driving innovation while upholding the highest standards of data privacy and security.
Suvabrata Sinha, CISO-in-Residence, Zscaler India
Suvabrata Sinha, CISO-in-Residence, Zscaler India
Data is no longer confined by traditional boundaries; it flows freely across an interconnected digital ecosystem fueled by cloud technologies, artificial intelligence, and IoT. This paradigm shift has fundamentally redefined how we create, share, and protect sensitive information, challenging us to rethink security for a borderless world. In this new reality, safeguarding data is not merely about compliance but about securing trust, accelerating innovation, and enabling a resilient digital future. Security is no longer a back-office IT concern; it's a strategic boardroom priority that underpins reputation, customer trust, and long-term business continuity.
At Zscaler, we are committed to helping organisations take a proactive approach that secures data across all cloud services, devices, and locations with a simple, modern architecture. By offering advanced capabilities, advanced SSL inspection, Exact Data Match (EDM), real-time threat prevention, and comprehensive data loss prevention (DLP) integrated into Zscaler's cloud native security platform, we empower organisations to protect users and data across all locations, eliminating blind spots and minimising risks.
Mayank Baid, Regional Vice President - India and South Asia, Cloudera
Mayank Baid, Regional Vice President - India and South Asia, Cloudera
In today's digital world, where data drives business decisions and benefits, privacy is both a right and a shared responsibility. Data breaches and misuse expose individuals to risks like identity theft and financial fraud, while organisations face reputational damage, financial losses, and loss of trust. As India progresses on the path toward becoming a global digital hub, the emphasis on safeguarding sensitive information has become paramount.
Data Privacy Day is a timely reminder to prioritise privacy and trust across business functions. While enterprises often rely on data privacy measures such as encryption and backups, truly effective data safeguarding demands a comprehensive strategy that incorporates policies and processes to address key aspects like data governance. Leading the charge, the Government of India, and Indian enterprises champion data protection with frameworks like the Digital Personal Data Protection Act, 2023, emphasising privacy & trust through stringent mandates on sovereignty and security.
Another aspect to consider is the fast-growing adoption of AI, with India leading in AI adoption at 30%, surpassing the global average of 26%, according to a recent survey. No doubt, AI is a double-edged sword. It poses challenges to data privacy by enabling advanced data collection and analysis that can infringe on personal boundaries. At the same time, AI-driven privacy safeguards, such as anonymisation and automated compliance, can be vital to protect sensitive information.
Cloudera understands this and helps mitigate data privacy risks posed by AI by offering a secure, governed data platform that ensures compliance and transparency throughout the AI lifecycle. To sum up, the key is to secure & protect data throughout the lifecycle, ensuring the protection of both the business's interests and individuals' rights.
Mandy Andress, CISO, Elastic
Data Privacy Day serves as a critical reminder that privacy and trust are inseparable, underscoring the fundamental link between robust cybersecurity practices and the preservation of data privacy. With ransomware attacks surging to a record high of 574 incidents in December 2024 – marking the most significant monthly count in three years – businesses must remain vigilant. These figures not only highlight the increasing sophistication of the tools at threat actors' disposal, but also the evolution of their tactics, which are becoming more disruptive.
In today's multi-cloud environments, safeguarding data privacy demands a proactive and comprehensive security strategy. Understanding the movement of data across cloud platforms is crucial to maintaining control and ensuring it stays within defined boundaries. Techniques like micro-segmentation or virtual containerisation not only isolate workloads, but also impose strict controls on network traffic, reducing potential exposure to threats.
Adopting a 'deny all' policy for inter-system communications ensures that only essential traffic is permitted, providing an additional layer of defense. Beyond technical measures, organisations must also focus on security hygiene. This includes leveraging built-in security features of operating systems and cloud platforms, maintaining consistent patching schedules, and retiring outdated systems that may become vulnerable in interconnected environments.
Neglecting basic security practices or overlooking misconfigurations can jeopardise not only sensitive data, but also customer confidence and compliance standing. By strengthening their security posture and addressing these risks head-on, organisations will protect their most valuable asset: trust in their ability to safeguard personal and business-critical information.
Rohan Vaidya, Area Vice President, SAARC & India, CyberArk
Rohan Vaidya, Area Vice President, SAARC & India, CyberArk
“As Data Privacy Day approaches, discussions often focus on rising cyber threats and exposed data. However, India has made significant progress, notably with the Digital Personal Data Protection (DPDP) Act, which establishes robust frameworks for securing data privacy. It is a concrete step in our nation’s commitment to forging the right path towards data privacy and security. However, formidable challenges still remain to be tackled. This year’s theme, “Take Control of Your Data,” implies the shared responsibility of individuals and organisations to protect data privacy.
Identity security is a key element of this commitment. Robust workforce identity management and credential protection help minimise risks and prevent breaches. As human and machine identities continue to proliferate, data privacy is no longer just a policy, it’s a principle we should all abide by. Whether it’s ensuring that data is encrypted, access is restricted, or that automated systems respect privacy rights, the priority must be the same: trust is paramount. The need to put privacy first has never been more critical. When privacy is prioritised, we empower individuals and organisations alike to thrive safely in this age."
Bernard Montel, Technical Director and Security Strategist at Tenable
Bernard Montel, Technical Director and Security Strategist at Tenable
Data Privacy Day: Don't Be a Victim, Be in Control
”We live in a world where everything about us is data. While some information may be given willingly, other information is being captured invisibly. Consider a photograph, while you might be sharing an image of yourself, you're also revealing more than just your winning smile. An image’s metadata includes details about the camera, lens, and shooting settings, as well as information about the location and photographer. For a threat actor those details can build a different picture of you, one that can turn you into a victim.
“If you want to protect yourself from hackers, then you have to be shrewd about the information you disclose. Think about who you are sharing your personal information with. Think about what information you are sharing. Think about where you are sharing that information. Don’t invite strangers into your life by telling them all your intimate details on social channels. Think before you click. Anything that is public can be weaponised by malicious hackers.
Roopa Jayaraman – Chief Technology Officer (CTO), Odessa
Roopa Jayaraman – Chief Technology Officer (CTO), Odessa
“In today’s data-driven world, the sheer volume of information being generated brings both incredible opportunities and significant responsibilities. It’s a double-edged sword—data is critical for innovation and personalization, but it also demands vigilance. As users, we must stay informed about how our data is collected, stored and potentially used. Awareness is our first line of defense.
For organizations, the bar is even higher. Transparency and ethical stewardship of data aren’t just nice-to-haves—they’re business imperatives. Protecting user data isn’t about ticking boxes for compliance; it’s about earning trust.
Data privacy must be seen as a shared accountability between users and organizations. In an era where trust defines success, those who respect this balance will lead the way, proving that innovation and responsibility can—and must—coexist.”
Parag Khurana, Country Manager, India, Barracuda Networks
“Data Privacy Awareness Day is a timely reminder of the role data protection plays in safeguarding the privacy of personal information and the need to ensure the security of our digital data ecosystems. With the introduction of the draft framework for implementing the Digital Personal Data Protection Act (DPDPA), organizations in India now have a clear structure to help them strengthen their approach to data privacy and mitigate cybersecurity risks.”
“In practical terms, this means implementing robust measures such as encryption, access controls, authentication, and reliable data backup and recovery to keep sensitive information protected at all times. However, securing personal data goes beyond compliance—it requires building a strong, proactive security posture that can detect, block, investigate, and remediate unauthorized access swiftly.”
“To achieve this, organizations should adopt multi-layered, defense-in-depth security solutions. These include advanced threat detection and prevention capabilities as well as integrated incident response to address emerging threats effectively.”
“As India’s digital economy continues to grow, embedding privacy and security into the foundation of business operations will be essential—not only for regulatory compliance but also for maintaining trust and resilience in an increasingly connected world.”
Vishal Salvi, Chief Executive Officer, Quick Heal Technologies Limited
“As we observe Data Privacy Day, it is crucial to recognise that privacy and cybersecurity are two sides of the same coin. The recently released DPDP Act draft rules underscore this interconnectedness, setting a new standard for data protection. The landmark legislation is more than just about compliance; it is a call to action for organisations to build a digital ecosystem that is both secure and privacy-focused. The hefty fine of INR 250 crore for data breaches sends a clear message: protecting user data is not optional, it’s imperative."
"At Quick Heal Technologies Limited, it is a matter of immense pride for us that our comprehensive cybersecurity solutions play a vital role in helping businesses comply with these new regulations while maintaining the highest standards of privacy and security. We envision a safer Digital India where data privacy is not just a requirement but a fundamental right."
Harsha Solanki, VP GM Asia, Infobip
“Data privacy has become a critical concern for businesses worldwide. About 82% of Indian consumers consider the protection of their personal data one of the most crucial factors in building trust with businesses, showcasing the importance of prioritizing data security among businesses of all sizes. At Infobip, as a global cloud communications platform, we comply with privacy regulations in every region we operate, including GDPR, CCPA, and POPIA. We drive compliance strategies, train employees, build a culture of data protection, implement privacy requirements, conduct regular controls, and ensure adherence to global data protection laws.”
“The Digital Personal Data Protection (DPDP) rules in India present businesses with an opportunity to strengthen customer trust. Investments in robust data protection measures enable companies to safeguard customer data effectively. Adopting privacy-first practices – such as multi-factor authentication, regular audits, data minimization and anonymization, encryption of data in transit and at rest, and real-time threat detection – helps organisations mitigate risks while fostering customer loyalty in an increasingly digital landscape.”
Siddharth Sharma, Head of IT Operations, Digi Yatra Foundation
“As incidents of data breaches and cyberattacks surge, consumers are growing more mindful about the personal information they share with businesses, products, and services. Taking charge of one’s personal data is key to minimising risks such as identity theft, fraud, and other malicious threats. Consequently, safeguarding user data has evolved into a fundamental responsibility for businesses, not just to meet legal requirements but to uphold ethical standards. Securing explicit consent for data collection, usage, and sharing reflects an organisation’s commitment to protecting individual rights and building a culture of trust and transparency.
At Digi Yatra, we embed privacy at the core of our platform’s design. Our use of biometric technology enhances the efficiency of airport check-ins while maintaining stringent privacy standards by deleting facial scans within 24 hours. By consciously choosing not to store passenger data, we ensure our users' privacy is never compromised. Through our decentralised identity system, Personally Identifiable Information (PII) is securely stored on the user’s own device, granting them full control over their data. Additionally, users have the flexibility to opt out at any time, with the assurance that no data is retained by the platform. We practice data minimalization and process only what is necessary for the use case, e.g., while processing Aadhaar data, we do not fetch the user's address as that is not required for our use case. We also actively encourage users to stay aware of their data rights and play a role in raising awareness about the importance of safeguarding personal information.”
Darshil Shah, Founder and Director, TreadBinary
"On Data Privacy Day, we emphasize that safeguarding data goes beyond mere compliance—it’s a fundamental principle in our digital-first era. As the digital economy grows, so do threats such as data breaches, identity theft, ransomware targeting critical systems, and financial fraud. These evolving risks make it essential to take a proactive and adaptive approach to data privacy. Harnessing advanced AI and ML technologies is instrumental in this effort, offering real-time monitoring, quick threat detection, and effective responses to complex cyber challenges. Yet, technology alone isn’t enough. Building a culture of cybersecurity awareness is equally critical. This requires substantial investment in advanced security solutions and driving education through social media initiatives, public service announcements, community workshops, and other outreach efforts. Educating individuals about best practices, such as performing regular data backups, using encrypted storage, enabling multi-factor authentication, maintaining access controls, and keeping devices updated, adds another robust layer of defense. Proactive action is key to identifying and addressing vulnerabilities before they become significant threats. By prioritizing a secure and resilient digital ecosystem, we strengthen the trust and reliability that underpin our digital future."