
Privacy Just Became Infrastructure. Most AI Programs Haven’t Noticed.
By DISC InfoSec
For twenty years, privacy compliance meant disclosure: post a policy, collect consent, answer the occasional access request. That era is over. In 2026, privacy is infrastructure — regulators are testing whether your controls actually work, not whether your privacy notice reads well.
I spend my days implementing management systems for companies where the data can’t leak — financial data rooms, M&A platforms, AI-enabled SaaS. Here’s what the privacy threat landscape actually looks like right now, and what I’d do about it.
In practical terms, it means:
- Privacy is built into systems by design. Organizations must embed privacy controls into applications, AI systems, cloud platforms, and data architectures from the beginning rather than adding them later.
- Privacy enables business operations. Just as networking, identity management, and cybersecurity are core infrastructure, privacy has become an essential capability that supports AI, data sharing, digital services, and regulatory compliance.
- Privacy is a technical and operational discipline. Engineers, architects, security teams, and AI governance professionals are now responsible for implementing privacy-enhancing technologies, data minimization, consent management, encryption, and access controls—not just legal or compliance teams.
For organizations deploying AI, the phrase is especially relevant because regulations and frameworks increasingly require privacy to be integrated into AI governance. This includes conducting privacy impact assessments, limiting unnecessary data collection, protecting personal information, and ensuring transparency and accountability throughout the AI lifecycle.
In short, “Privacy Just Became Infrastructure” means privacy is now a foundational capability that organizations must engineer, manage, and continuously maintain—just like cybersecurity, identity, and cloud infrastructure.
The pressure on industry, in general
The patchwork is now a wall. Twenty US states have comprehensive privacy laws in force. Indiana, Kentucky, and Rhode Island went enforceable this year. California’s updated CCPA regulations now mandate independent cybersecurity audits with certifications filed to the CPPA, and formal risk assessments before any “significant risk” processing begins. Rhode Island carries no cure period — day-one enforcement exposure. If your compliance program was built for one or two state laws, it’s already behind. Compliance is no longer optional or fragmented. The growing number of regulations now creates a comprehensive set of expectations that every organization must address.
Enforcement moved from awareness to action. California imposed its largest CCPA fine to date in 2025, targeting exactly the unglamorous stuff: broken opt-out mechanisms, missing processor contract clauses, notices that don’t match actual processing. California, Colorado, and Connecticut ran a joint sweep on Global Privacy Control compliance. Regulators are no longer reading your policy — they’re testing your website.
The data you forgot about is the data that kills you. The average US breach now costs over $10M. In almost every incident I’ve reviewed, the most damaging records were the ones nobody knew the company still held. No current data inventory means no defensible position — full stop.
Cross-border transfers are a moving target. DOJ’s bulk data transfer rule, Vietnam’s new PDPL, evolving adequacy politics — transfer assessments are now a living exercise, not a one-time SCC signing ceremony.
The pressure in the AI space, specifically
AI didn’t create new privacy principles. It broke every assumption the old controls were built on.
Training data is now a regulated disclosure. California’s AB 2013 requires generative AI developers to publicly summarize the categories and sources of their training data. If you fine-tuned a model on customer data and can’t document what went in, you have a transparency problem with an enforcement hook.
Inference is processing. Every prompt containing customer PII, every RAG pipeline pulling from a CRM, every AI agent reading a mailbox — that’s personal data processing, with all the lawful-basis, minimization, and retention obligations that implies. Most AI inventories I review don’t capture inference-time data flows at all.
Automated decisions are the new high-risk zone. Colorado’s AI Act, Texas TRAIGA, and California’s ADMT regulations converge on the same target: AI making consequential decisions about employment, credit, housing, healthcare. The EU AI Act’s high-risk obligations land in August. If your AI touches a consequential decision and you can’t produce a risk assessment, you’re the test case.
Models remember. Memorization and output leakage mean personal data put into a model can come back out — to a different user, in a different context. “We deleted the source record” doesn’t answer “is it still in the weights?”
Shadow AI is shadow processing. Employees pasting customer data into consumer AI tools is the 2026 version of the rogue file share — except the data leaves your control permanently and may train someone else’s model.
Where ISO 27701:2025 changes the math
Here’s the development most compliance teams haven’t caught up with: ISO 27701 was rebuilt as a standalone standard in October 2025. You no longer need ISO 27001 first — you can implement and certify a Privacy Information Management System (PIMS) on its own, with 78 Annex A controls split across PII controller obligations (A.1), processor obligations (A.2), and shared security controls (A.3). The 2025 edition explicitly added control coverage for cloud, IoT, and AI processing — the standard caught up to the threat landscape.
It also shares the same harmonized structure as ISO 27001:2022 and ISO 42001:2023. That matters practically: if you’re building AI governance and privacy management at the same time — and in 2026, you are — the clause structures interlock. One risk methodology, one internal audit program, one management review. I’ve run that integration play; the overhead savings are real.
One honest caveat, because practitioner credibility requires it: ISO 27701 is not a GDPR safe harbor. Certification doesn’t shield you from enforcement and carries no legal presumption of compliance. What it does provide is the thing regulators actually ask for — demonstrable accountability: a current RoPA, tested data subject rights procedures, documented DPIAs, processor contracts with the right clauses, and evidence behind every control. When the CPPA or a DPA comes asking, “we have a certified, audited PIMS” is a very different conversation than “here’s our privacy policy.”
(Already certified under the 2019 edition? You have until October 2028 to transition. Start scoping now — the control structure changed materially.)
My perspective: the threat is unmanaged processing, not AI
The core privacy threat in 2026 isn’t any single technology. It’s processing that nobody owns, nobody inventoried, and nobody assessed — and AI multiplies the amount of it exponentially. Every remediation path runs through the same discipline:
1. Inventory first. Build a unified data + AI inventory: what personal data you hold, which AI systems touch it, at training and at inference. You cannot protect what you cannot see.
2. Assess before you deploy. DPIAs for every AI system processing personal data, mandatory for anything touching consequential decisions. The EU AI Act, Colorado, and California all converge here — one good assessment process serves all three.
3. Fix the processor chain. Audit your DPAs and sub-processor terms against actual data flows, including AI vendors. Contract gaps are the most-fined, least-fixed problem in privacy.
4. Operationalize rights. Data subject requests must work end-to-end — including data that went into AI systems. Test them like you’d test a DR plan.
5. Put it in a management system. Point-in-time compliance decays. A PIMS under ISO 27701:2025 forces the loop — risk assessment, treatment, internal audit, management review, corrective action — that keeps the program alive between audits.
Privacy by design used to be a slogan. In 2026 it’s the enforcement standard. The organizations that treat privacy as infrastructure will spend less, move faster, and sleep better than the ones still treating it as paperwork.
DISC (CISSP, CISM, ISO 27001 & ISO 42001 Lead Implementer) Consultant at DISC InfoSec, helping B2B SaaS and financial services firms build integrated security, privacy, and AI governance programs — including taking a financial data room platform through ISO 42001 certification. Financial data rooms are the hard mode of compliance; privacy programs built for hard mode work everywhere.
Building or transitioning a PIMS? Start the conversation: info@deurainfosec.com | deurainfosec.com
AI Vulnerability Scorecard: Discover Your AI Attack Surface Before Attackers Do
Your Shadow AI Problem Has a Name-And Now It Has a Score
Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | AIMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
- 20 State Laws, One Enforcement Standard: Privacy by Design or Pay
- Compliance Event vs. Compliance Capability: Why ISO 42001 is How You Actually Meet the EU AI Act
- The AI RMF Gap Nobody’s Talking About: Why GOVERN-Heavy Programs Still Fail Audits
- ISO/IEC 27001:2022 — The Compliance Bedrock Every Serious InfoSec Program Is Built On
- One Audit – Four Standards – Zero Duplication
DISC InfoSec blog | DISC InfoSec Site



































