January 28, 2025 marks Data Privacy Day, an international event established to raise awareness for data protection best practices. Below, cybersecurity experts are sharing their insights on essential practices for protecting sensitive data.
Cyber preparedness
James Hadley, Founder and CEO of Immersive Labs, discuses the value of cyber training and preparedness.
Hadley
states, “In 2024, we witnessed the fallout of major record-breaking data breaches; some of which resulted in more than 100 million people having private info stolen. In a world where these types of data breaches are seemingly inevitable and increasingly detrimental, organizations and enterprises must be ready.
“Just because a workforce is well-certified with traditional training implemented, it does not mean it is prepared to face cyberattacks that compromise data privacy. The threat landscape is evolving rapidly and legacy certifications and training are not enough to confront the rapidly evolving threats we face in 2025.
“The best way to mitigate the impact of cyber crises and ensure businesses’ most sensitive data remains secure is through dynamic cyber drills and continuous exercising. CISOs and other tech leaders need to be able to prove and improve their organization’s knowledge, skills and judgment. From here, they can better understand their organization’s cyber resilience.”
Zero-knowledge encryption
Zero-knowledge encryption is a useful strategy for protecting enterprise data, says CEO and Co-Founder at Keeper Security Darren Guccione.
Guccione explains, “Global cyber threats are growing more prevalent and sophisticated every day. As we prepare to mark Data Privacy Day, there’s no better time to reflect on the pivotal role of zero-knowledge encryption in protecting your business against cyber threats.
“Zero-knowledge encryption is as secure as it gets. It ensures that only the user has access to their data — period. With true zero-knowledge encryption, your information is encrypted and decrypted directly on your device, meaning the service provider doesn’t hold the keys, even for recovery or troubleshooting. This level of control goes beyond what traditional security tools, or even “almost” zero-knowledge solutions, can offer. “Almost” solutions still leave potential vulnerabilities, with access points or backdoors that undermine your security. With zero-knowledge, there are no loopholes — just absolute confidentiality.
“As businesses, we hold a responsibility to protect client data, intellectual property and everything in between. Zero-knowledge encryption plays a pivotal role in fulfilling that duty. When your data is protected at every stage — whether in storage, transit or in use — you’re reducing the risk of exposure from every angle. True zero-knowledge encryption is a crucial step for businesses in building a comprehensive security strategy. As cyber threats grow in frequency and complexity, taking decisive action to protect your data is essential to staying ahead of bad actors.”
Going beyond regulatory compliance
When it comes to protecting sensitive data, adhering to regulatory standards is the bare minimum.
Konrad Fellmann, Chief Information Security Officer at Cubic Corporation, shares, “On this Data Privacy Day, I want to spotlight a critical challenge faced by service providers in the mass transit sector: managing personal information responsibly in an era of rapidly evolving privacy regulations. Emerging laws like the California Privacy Rights Act and General Data Protection Regulation are setting a higher bar for responsible data stewardship. These regulations emphasize principles like data minimization, limitations on usage for specific disclosed purposes, and user consent — mandating not just compliance, but a culture of privacy. For service providers and agencies collecting personal data for mass transit fare collection, this shift is monumental.
“Service providers act as intermediaries between transit agencies and the public, handling sensitive data like names, payment details, and travel patterns. While this data is critical to operational efficiency, it is also a potential target for misuse, fraud or criminal mischief. Moreover, transit agencies are increasingly holding their vendors accountable for meeting privacy and security standards to protect public trust.
Therefore, I urge service providers in the transit space to move beyond compliance and embrace a privacy-first mindset. It’s not just about adhering to regulations — it’s about earning the trust of agencies and the public we serve. After all, privacy isn’t just a legal obligation; it’s a fundamental aspect of ethical business. Together, let’s ensure that as the world moves forward with smart cities and digital transit, privacy is at the heart of every step.”
