Data Privacy is Everyone’s Responsibility: BARR Advisory Champions Data Privacy Week 2025

Data Privacy Week 2025 has arrived—and this year, BARR Advisory is proud to once again be recognized as an official Data Privacy Week Champion, reinforcing our commitment to helping organizations build trust by keeping their customers’ and stakeholders’ data secure.

Data Privacy Week is an annual initiative hosted by the National Cybersecurity Alliance (NCA) with two distinct goals: helping individuals understand how to secure their private information online and helping organizations understand the importance of respecting and protecting users’ data.

BARR’s designation as a Data Privacy Week Champion means we believe all organizations share the responsibility of being conscientious stewards of personal information. If your team aims to prioritize data privacy in 2025, here’s where to start:

What is Data Privacy?

The NCA defines privacy as “the fundamental right to control access to your personal life and information.” When it comes to privacy on the web, protecting your data means not only locking down personally identifiable information (PII), such as your name and Social Security number (SSN), but also limiting access to data like your medical records and browsing habits.

The NCA cites three reasons why data privacy should be a top concern for consumers in 2025 and beyond:

• Security: With more data shared online, the risk of unauthorized access increases. Protecting sensitive information like health records or financial details reduces the chance of them being misused.
• Choice: Being aware of data privacy allows individuals to make informed choices about what to share. Many apps or websites might request access to data they don’t truly need—understanding your rights means you can decide what data you’re comfortable sharing.
• Balancing privacy and convenience: Data privacy often involves trade-offs. For example, a maps app needs location data to provide directions. Knowing how to balance these choices helps you manage what data you disclose.

According to a Pew Research Center study cited by the NCA, 79% of U.S. adults report being concerned about the way their data is being used by businesses. What’s more, a recent McKinsey survey found that 71% of consumers said they would stop doing business with a company if it gave away sensitive data without permission. 

In order to build and maintain trust with consumers, organizations across all industries must be transparent about what data is collected and how it is used. 

The Role of Cybersecurity Audits

One way for organizations to promote transparency, ensure compliance with industry regulations, and demonstrate their commitment to data privacy is to undergo a third-party assessment. 

A qualified cybersecurity auditor can take a deep dive into your systems to ensure compliance with one or more established frameworks for data security and privacy. Depending on your industry and the types of data you store and process, this might include one or a combination of assessments including SOC 2, ISO 27001, HITRUST, CSA STAR, and PCI DSS. With our own dedicated certification body, BARR is one of few U.S. firms that is qualified to perform audits against all of these highly regarded compliance standards.

In fact, unlike traditional firms that treat each audit separately, BARR can integrate multiple compliance frameworks into a single, coordinated process, reducing redundancies and allowing organizations to achieve their compliance goals in less time and with less friction.

Our coordinated audit approach:

• Reduces the risk of discrepancies and inconsistencies;
• Eliminates the need to balance multiple checklists and audit schedules;
• Streamlines communication with a consistent point of contact who understands your business and compliance needs; and,
• Minimizes disruptions to your daily operations by consolidating audit activities into a clear, unified process.

By leveraging BARR’s coordinated audit approach, Kinsta, a leading WordPress hosting provider, strengthened its data security program and accelerated growth internationally. 

“Achieving compliance has significantly boosted customer trust and satisfaction at Kinsta,” said Nathan Bliss, Kinsta’s chief sales officer. “Our SOC 2 report and ISO certifications have become key differentiators in the market, giving our customers confidence in our security and data management practices.”

Data Security is Everyone’s Responsibility

The NCA also recommends that business leaders and compliance managers educate members of their teams about the importance of data privacy and their roles in keeping consumers’ information protected. Securing user data is the responsibility of every individual within an organization. 

To build a companywide culture that prioritizes privacy, leaders should create policies and procedures that embed data privacy into every aspect of business operations. This might include:

• Creating a privacy policy for your company and ensuring all employees know and understand it;
• Teaching new employees about their roles in your privacy culture during the onboarding process;
• Engaging staff by asking them to consider how privacy and data security apply to the work they do on a daily basis;
• Promoting better security and privacy behaviors at home, which will translate to better security and privacy practices at work; and,
• Reminding employees to update their privacy and security settings on work and personal accounts.

It starts at the top—leaders within an organization must set a strong example by demonstrating these behaviors themselves. In addition, new systems and products, such as software features, must be designed with privacy in mind. 

It is easy to fall into the trap of excluding security considerations until the end of a project with the intent of “bolting on” the security controls after the fact. But pushing the integration of secure coding or design principles to the end of the development phase—delaying spending resources on security now with the intent of spending those cybersecurity resources at a later date—can have costly consequences. If you don’t build privacy and security best practices into your development processes from the start, your team members will be left scrambling to catch up.

By taking steps to educate employees on the importance of data privacy, designing systems with a privacy-first mindset, and undergoing regular compliance audits to ensure your organization is keeping up with cybersecurity best practices, your team can build trust with customers and stakeholders and demonstrate that you’re committed to safeguarding their sensitive information.

The BARR team is focused on promoting trust and data privacy year-round. Contact us today to learn more about how we can help you achieve your cybersecurity and compliance goals.