AI is “forcing a fundamental shift” in data privacy and governance

Enterprises are shaking up their approach to data privacy and governance, new research shows, largely due to added risk factors created by AI adoption.

According to Cisco's 2026 Data and Privacy Benchmark Study, nearly all companies are expanding privacy programs and governance frameworks to protect their data.

AI is the main reason for 90%, with 93% saying they planned further investment to keep up with the complexity of AI systems and the expectations of customers and regulators.

The survey found that 38% spent at least $5 million on their privacy programs in the past year – marking a dramatic increase from just 14% who spent over that threshold in 2024.

Notably, these programs appear to be working well. An overwhelming 96% of organizations reported that robust privacy frameworks were helping unlock AI agility and innovation, and 95% said privacy was essential for building customer trust in AI-powered services.

One interesting change spotted by the researchers is that trust is no longer just a question of meeting regulatory requirements.

Data governance is now seen as a strategic business enabler, with 99% of organizations reporting at least one tangible benefit from their privacy initiatives, such as enhanced agility, innovation, and greater customer loyalty.

Almost half said that clear communication about how data is collected and used is the most effective way to build customer confidence.

As a result, governance is evolving – although many organizations are still working to define and establish the structures they need to manage AI responsibly.

While three-quarters report having a dedicated AI governance body in place, only 12% describe it as mature. Meanwhile, 65% of organizations struggle to access relevant, high-quality data efficiently.

"AI is forcing a fundamental shift in the data landscape, calling for holistic governance of all data – both personal and non-personal,” said Jen Yokoyama, senior vice president, legal innovation and strategy, at Cisco.

“Organizations must deeply understand and structure their data to ensure every automated decision is explainable. It’s not just for compliance, but a necessary scaling engine for AI innovation.”

Data requirements are causing headaches

While 72% of respondents were generally positive about data privacy laws, there is a growing push to streamline and update data requirements, Cisco found.

Just over eight-in-ten organizations surveyed face heightened demand for data localization and global data complexity - and 85% said this adds cost, complexity, and risk to cross-border service delivery. #

Similarly, 77% report these requirements limit their ability to offer seamless 24/7 service across markets.

On top of this, the assumption that locally stored data is inherently more secure is gradually eroding, from 90% in 2025 to 86% in 2026.

“To capture the potential of AI, organizations (83%) are advocating for a shift toward harmonized international standards,” said Harvey Jang, Cisco vice president and chief privacy officer.

“They recognize that global consistency is an economic necessity to ensure data can flow securely while maintaining the high standards of protection required for trust.”

Cisco said enterprises should invest in robust data infrastructure, prioritizing transparency, and embedding security and privacy throughout AI initiatives.

Elsewhere, they should make sure they're making informed decisions about data localization, establish strong AI governance, and kit out their teams with comprehensive training and safeguards.

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.