Amid rising concerns over data privacy breaches and the evolving landscape of artificial intelligence, Australian businesses are feeling the heat to revamp their data management strategies, especially as they mark Data Privacy Day. Recent statistics from the Office of the Australian Information Commissioner (OAIC) reveal a staggering 532 notifiable data breaches during the first half of 2025, with each incident impacting an average of over 10,000 individuals. Experts point to these alarming figures as indicators of fundamental flaws in how organizations are storing and overseeing their data.
Garry Valenzisi, Vice President for Australia at Iron Mountain, emphasized that many firms continue to retain vast amounts of unmanaged data, enhancing their vulnerability to cyber incidents and regulatory scrutiny. “As we enter 2026, Australian organizations must tackle a data environment increasingly characterized by heightened cyber threats and continuous regulatory vigilance. Data Privacy Day serves as a crucial moment for boards and executives to exhibit accountability and implement a comprehensive approach to information governance,” Valenzisi explained.
Drew Bagley, Vice President and Counsel for Privacy and Cyber Policy at CrowdStrike, echoed similar sentiments, highlighting how the integration of AI tools is deepening the connection between privacy and security. “The interplay between privacy and cybersecurity is crucial,” Bagley stated. “As AI becomes more integrated into operations and workflows, the dynamics of data access and sharing are changing, necessitating proactive measures in visibility, privacy by design, and real-time resilience.”
Valenzisi noted that recent OAIC findings underline the correlation between inadequate information governance and the rising risk of data breaches. “These indicators highlight a fundamental truth: the risk associated with privacy increases as organizations continue to accumulate unmanaged, unclassified, and outdated data,” he remarked.
Looking ahead to 2026, Valenzisi predicts a shift in how corporate boards will approach information security. “Australian organizations will increasingly shift their focus from perimeter defense to comprehensive governance throughout the entire information lifecycle—from creation and storage to secure disposition.” He asserts that with most of enterprise data now unruly, organizations must possess clarity about what data they have, where it resides, and who has access to it.
Both Valenzisi and Bagley pointed to the significant implications of AI for privacy obligations as companies increasingly utilize large language models and other AI technologies to process sensitive information. “Organizations now face expanded privacy obligations that require careful oversight of how data interacts with AI. Without such oversight, they risk exposing sensitive information during audits or cyber incidents,” Valenzisi described.
Bagley added that with the complexity introduced by AI adoption and relentless data relocation, organizations should renew their attention to foundational principles such as data visibility and privacy by design. He cautioned that businesses may not fully grasp the extent to which data flows across various systems and vendors amid ongoing digital transformation initiatives.
Executives anticipate a growing emphasis on information governance as a critical measure of resilience and trustworthiness in 2026. Valenzisi asserted that as expectations evolve, privacy and security fundamentals must be recognized as essential board-level metrics. Organizations that efficiently manage data throughout its lifecycle—from creation to secure disposal—will be in the best position to protect their customers and preserve enterprise value.
In this evolving environment, organizations should focus on reducing the amount of redundant, obsolete, and trivial data—commonly referred to as ROT. Valenzisi explained that this data often resides in legacy systems and personal drives long after its usefulness has waned. “Tackling ROT not only lowers exposure to breaches and contributes to cost-efficiency but also enhances overall privacy postures and aligns data governance strategies with AI readiness for effective business operation,” he concluded.
