The Complex Landscape of Data Privacy Regulations
Data privacy has become a growing national concern, with various stakeholders from the federal government to small and medium-sized enterprises (SMEs) and individual employees worrying about how data is collected, stored, and accessed. The rapidly evolving nature of data privacy regulations is significantly influencing how businesses approach compliance this year. Matthieu Chan Tsin, SVP of Resiliency Services at Cowbell, explains that the situation is complicated due to multiple factors driving regulatory changes. These include technological advancements, increasing public awareness, and a growing recognition among users and regulators of the importance of data protection.
“In the US, there are state-level privacy laws,” Chan Tsin notes. “There’s also been a federal refocusing on data security as a national security matter, as highlighted by the Department of Data Security Program that went into effect in April 2025.” This has led to increased scrutiny of AI technologies and a global push for more stringent data protection measures. However, Chan Tsin points out that these regulations are not aligned, creating a disjointed landscape for businesses to navigate.
The challenge for businesses is how to innovate and grow while meeting shifting privacy requirements. “Governments and industries are studying ways to regulate AI and its uses; but AI is moving very quickly,” Chan Tsin observes. “Essentially, governments and industries are trying to regulate a technology that’s a quickly moving target whose impact is not yet fully understood.”
The Role of Cyber Insurance in Data Privacy
Cyber insurance has emerged as a critical factor in shaping the data privacy landscape. Historically a relatively new product, cyber insurance has evolved significantly over the past two decades. Chan Tsin notes that cyber insurance providers have established de facto soft regulations that aren’t tied to government laws but rather to insurers’ risk appetite. This market-driven approach has created a regulatory framework for data privacy during the underwriting process.
At Cowbell, Chan Tsin explains that they mandate the implementation of specific best practices and security solutions by linking these measures to incentives such as lower premiums, higher coverage limits, or eligibility for insurance. “Providers of cyber insurance coverage have created incentives for businesses to adopt better cybersecurity practices—to protect their network and, by extension, to protect the data that they store,” he says.
Building a Culture of Privacy and Security
Strong data compliance not only makes good business sense but also plays a vital role in establishing trust and enhancing brand reputation. Chan Tsin emphasizes that companies should display their compliance certifications, such as SOC 2 and NIST badges, online to demonstrate their commitment to data protection and transparency.
“Privacy and security are no longer IT problems,” Chan Tsin states. “It’s no longer a cyber issue. It’s no longer a top line, bottom line, middle line item. It is a business behavior item.” To build a culture of privacy, organizations must embed security into every level, including comprehensive policies, employee awareness, and leadership commitment.
“Compliance is no longer a task just for legal teams,” Chan Tsin concludes. “It’s become a team sport.” By fostering a culture of privacy and security, businesses can better navigate the complex regulatory landscape and protect their valuable assets in today’s high-risk digital environment.
