Data privacy refers to the proper handling, processing, storage, and usage of personal or sensitive information. It's about ensuring individuals have control over how their data is collected and used.

Several data privacy regulations exist worldwide, such as: - GDPR (EU) - CCPA (California) - PIPEDA (Canada) - HIPAA (US Healthcare) These laws dictate how companies must protect user data and disclose practices.

- Heavy regulatory fines - Loss of consumer trust - Legal action and lawsuits - Operational disruption due to audits or bans

Privacy is now a core GRC pillar. Risk teams assess data-related threats, compliance teams manage privacy controls, and governance ensures policies align with legal obligations and stakeholder expectations.