As we observe Data Privacy Day, 2026 marks a pivotal moment in the integration of artificial intelligence (AI), data privacy, and cybersecurity. Rapid advancements in AI are not only redefining industries; they are reshaping the data protection and data privacy landscape in profound ways.
Through this evolution, we have noted three primary trends emerging that demand immediate attention from organisations in Asia Pacific (APAC):
- The amplification of security threats powered by AI
- A renewed focus on data privacy through AI-driven governance
- The elevation of data trust to a critical priority for the C-suite
It is important to make a clear distinction between the concepts of data privacy and cybersecurity. The former is really about the ethical use of data, user rights, and ensuring that information is not misused by internal teams or third parties. The latter is the defence mechanism that prevents unauthorised access.
However, in the era of AI, these two disciplines have converged, such that having a robust privacy policy will not mean much if the underlying infrastructure is vulnerable to exploitation. Simply put, one cannot have AI privacy without AI security.
Security as the foundation of privacy
See also: Google Android told by EU to open up to rival AI systems
AI stands as both an indispensable ally and a notable adversary. While AI tools help defend systems, the complexity of modern data environments is creating new vulnerabilities that directly threaten user privacy.
According to a recent IDC whitepaper on “AI-Ready Data Storage Infrastructure”, IT organisations are currently dealing with an average of 6.4 data silos per organisation and must manage 13 copies of data spread across primary storage, secondary storage, the cloud, and the edge.
This fragmentation creates a massive, unmonitored attack surface. Cybercriminals are leveraging AI to identify these "forgotten" data silos, breaching systems to exfiltrate sensitive personal data that organizations may not even know they have. The risk of accidental exposure to unauthorised users increases exponentially with every unmanaged copy of data. In this context, security is not just about protecting the network, but also about keeping the promise of privacy made to customers.
See also: Oracle joins Singapore's enterprise AI push with support for 300 local firms
AI drives a data governance revolution
As AI’s role expands, so does the criticality of robust data governance. The challenge is the "form" the data takes. The IDC research highlights that 92.3% of stored data is unstructured or semi-structured, and this category is forecast to grow at a 21.4% CAGR through 2028.
Governing structured databases is one thing; governing petabytes of unstructured audio, video, and text documents is another. This is why governance has become an enterprise priority.
Organisations must integrate AI-driven governance solutions to safeguard this unstructured information and ensure compliance with regulations like the GDPR and Singapore’s PDPA.
Imagine a company that uses AI to deliver personalised customer experiences. With AI-powered governance controls, the organisation can monitor unusual data access patterns, enforce granular access permissions, and comply seamlessly with global privacy laws—all while maintaining customer trust.
The infrastructure pivot: Intelligent, unified, and fast
Addressing these security and governance challenges requires more than just policy updates; it demands a fundamental rethink of the underlying data infrastructure. To support privacy in the AI era, modern storage infrastructure is evolving to deliver on three critical capabilities:
To stay ahead of the latest tech trends, click here for DigitalEdge Section
- Intelligent protection: Modern infrastructure must be an active defender. Businesses now require storage platforms with built-in security functions such as AI and machine learning for real-time threat detection, as well as automated classification for privacy guardrails. By automating classification and anonymisation directly at the storage layer, these systems ensure sensitive PII is masked before it is ever exposed to AI models or unauthorised users.
- Unified data management: To eliminate the silos where sensitive data hides, infrastructure must be unified. By consolidating block, file, and object data onto a single operating system, organisations ensure that privacy policies are applied consistently across the entire data estate, closing the compliance gaps that disparate systems create.
- Performance without compromise: Security cannot come at the cost of speed. Modern AI workloads demand massive throughput, which the latest data infrastructure today can deliver with sub-millisecond latency, running essential security checks in the background without slowing down innovation.
The zero trust imperative: A data-centric approach
To secure this data in an AI-driven world, organisations must move beyond perimeter defences and adopt a zero-trust architecture.
Zero trust is a security framework that assumes no entity, whether inside or outside the corporate network, can be trusted by default. Traditionally, this has been a network-centric approach. However, NetApp is taking a data-centric approach to Zero Trust, in which the storage management system becomes the segmentation gateway to protect and monitor access to your customer's data.
This approach aligns with the core tenets of Zero Trust:
- Never trust, always verify
Eliminate implicit trust. Every access request must be authenticated and authorized, regardless of its origin. - Least privilege
- Ensure users and AI models have the minimum level of access required. This limits data exposure strictly to teams that require access, preventing internal privacy violations.
- Micro core and perimeter (MCAP)
Define an interior protection zone around your data assets, making the concept of a secure outer perimeter obsolete.
By looking to industry-leading Zero Trust best practices around data, including Write Once, Read Many (WORM) technologies that lock files against alteration to guarantee immutability, organisations can prevent insider threats and limit the "blast radius" of any potential breach.
Privacy becomes a strategic C-suite imperative
Gone are the days when privacy was exclusively a compliance concern. The same IDC research reveals a stark reality: less than half (44%) of AI pilot projects advance into production.
One of the primary reasons for this high failure rate is the lack of a "single source of truth" and the inability to guarantee data quality and privacy. This elevates data trust to a critical conversation at the executive level. Privacy failure does not just mean a fine; it means a failed AI strategy.
When privacy is a C-suite priority, organisations allocate the resources needed to protect that privacy. CEOs who champion these initiatives not only avoid regulatory penalties; they also build a competitive edge by ensuring their AI projects reach completion.
Building the future of AI-driven data privacy
The convergence of AI and data privacy presents challenges, but also an unprecedented opportunity. Enterprises that lean into this powerful intersection will emerge stronger. To thrive in 2026 and beyond, organisations must address these foundational imperatives:
- Adopt data-centric zero trust: Verify every access point and protect data where it lives.
- Prioritise intelligent data governance: Use AI to classify and secure your unstructured data to meet regulatory standards like the PDPA.
- Make trust a leadership priority: Integrate privacy strategies into business plans to ensure your AI pilots survive production.
By leveraging intelligent data infrastructure to fortify cybersecurity and data governance measures, organisations can transform threats into opportunities. It is not just about defending your digital assets; it is about building a resilient, tech-forward enterprise prepared for whatever comes next.
Elaine Chan is the director and Apac head of AI Sales and GTM at NetApp
