The National Cybersecurity Alliance (NCA) has launched Data Privacy Week 2026, running from January 26-30, 2026. This year’s theme, “Take Control of Your Data,” emphasizes individuals’ fundamental rights to manage their digital footprints while challenging organizations to adopt more transparent data practices.
Event overview
| Attribute | Details |
|---|
| Dates | January 26-30, 2026 |
| Theme | Take Control of Your Data |
| Organizer | National Cybersecurity Alliance |
| Format | Virtual webinars, educational sessions, resources |
| Cost | Free participation |
| Website | staysafeonline.org/data-privacy-week |
History and significance
Data Privacy Week evolved from Data Privacy Day, established in the United States and Canada in January 2008 as an extension of Europe’s Data Protection Day. The date commemorates the January 28, 1981 signing of Convention 108—the first legally binding international treaty dealing specifically with privacy and data protection.
| Milestone | Date | Significance |
|---|
| Convention 108 signed | January 28, 1981 | First international privacy treaty |
| Data Protection Day (Europe) | 2007 | Annual observance established |
| Data Privacy Day (US/Canada) | January 2008 | Extended to North America |
| Expansion to full week | 2022 | Reflects growing privacy complexity |
| Data Privacy Week 2026 | January 26-30, 2026 | Current observance |
The expansion from a single day to a full week reflects the growing complexity and importance of privacy issues in the digital age.
2026 session schedule
| Date | Time (ET) | Session | Focus |
|---|
| January 26 | 2:00 PM | Talking to AI: Where Does Your Data Go? | AI chatbot data practices |
| January 27 | 2:30 PM | Children’s Privacy in a Digital World | K-12, teens, COPPA, COSA |
| January 28 | 1:00 PM | Privacy Law, Made Simple | Regulations, user rights, enforcement |
| January 29 | 1:00 PM | Dynamic Pricing: When Algorithms Set the Cost | Personal data and pricing |
| January 30 | 1:00 PM | The Right to Be Forgotten | Data deletion rights and processes |
AI and privacy session highlights
The opening session on AI data practices explores:
| Topic | Discussion |
|---|
| Prompt storage | What happens to prompts submitted to AI chatbots |
| Behavioral data | How AI systems process and store user interactions |
| Model training | Whether sensitive information may be used for training |
| Data retention | How long AI companies keep user data |
| Practical protection | Steps to minimize AI data exposure |
Children’s privacy session
The Tuesday session addresses evolving challenges facing children, teens, parents, and educators:
| Topic | Coverage |
|---|
| Age verification | Technical and policy approaches |
| EdTech privacy | Data protections in K-12 and higher education |
| COPPA compliance | Requirements for services targeting children |
| Children’s Online Safety Act (COSA) | Pending legislation and implications |
| First Amendment considerations | Privacy vs. free expression balance |
Privacy law session
Wednesday’s session breaks down current privacy regulations:
| Concept | Explanation |
|---|
| Consent requirements | What constitutes valid consent |
| Data access rights | How to request your data |
| Deletion rights | ”Right to be forgotten” processes |
| Portability | Moving data between services |
| Enforcement | How regulators investigate violations |
Key privacy concerns for 2026
The NCA has identified several priority areas for this year’s campaign:
Data minimization
| Principle | Application |
|---|
| Collect only necessary data | Don’t gather more than needed for stated purpose |
| Purpose limitation | Use data only for disclosed purposes |
| Storage limitation | Delete data when no longer needed |
| Legal basis | GDPR Article 5, US state law requirements |
Consent management
| Challenge | Solution |
|---|
| Opaque consent dialogs | Clear, plain-language explanations |
| Dark patterns | Honest UI that doesn’t manipulate |
| Buried settings | Accessible privacy controls |
| Default opt-in | Privacy-protective defaults |
Cross-border transfers
| Region | Framework |
|---|
| European Union | GDPR, adequacy decisions, SCCs |
| United States | State patchwork (19+ laws) |
| Asia-Pacific | Varied national frameworks |
| Latin America | Emerging comprehensive laws |
AI and personal data
| Question | Consideration |
|---|
| Training data | Is personal data used to train models? |
| Opt-out rights | Can individuals exclude their data from training? |
| Inference data | What does AI infer about users? |
| Automated decisions | When does AI make decisions affecting individuals? |
Biometric data
| Data type | Privacy concern |
|---|
| Facial recognition | Mass surveillance potential |
| Fingerprints | Irrevocable identifier if compromised |
| Voice prints | Authentication and tracking |
| Behavioral biometrics | Keystroke dynamics, gait analysis |
Children’s online privacy
| Issue | Status |
|---|
| COPPA (under 13) | Existing federal law |
| Teen privacy (13-17) | Limited federal protection |
| Age verification | Technical challenges |
| Educational data | FERPA and state laws |
Champions program
The NCA’s Data Privacy Week Champions program allows organizations and individuals to demonstrate their commitment to privacy without financial obligations.
Champion benefits
| Benefit | Description |
|---|
| Educational materials | Customizable guides and presentations |
| Social media toolkits | Ready-to-use content templates |
| Best practices guides | Implementation recommendations |
| Recognition | Listing on NCA platforms |
| Network access | Connection with privacy community |
How to participate
| Step | Action |
|---|
| 1 | Register at staysafeonline.org |
| 2 | Download provided resources |
| 3 | Customize for your organization |
| 4 | Share on organizational channels |
| 5 | Host internal privacy awareness activities |
Organizational participation guide
| Activity | Description | Effort |
|---|
| Privacy settings audit | Review and update account configurations | Low |
| Policy review | Update privacy policies for clarity | Medium |
| Impact assessments | Conduct PIAs for new projects | Medium |
| Employee training | Educate staff on data handling | Medium |
| Vendor review | Assess third-party data practices | High |
| Data inventory | Map data collection and flows | High |
Individual privacy actions
| Action | Time required |
|---|
| Review app permissions | 15 minutes |
| Check social media privacy settings | 20 minutes |
| Enable MFA on critical accounts | 30 minutes |
| Install password manager | 45 minutes |
| Review data broker exposure | 1 hour |
Ongoing practices
| Practice | Frequency |
|---|
| Review privacy policies before signup | Each new service |
| Opt out of data sharing | When offered |
| Exercise data deletion rights | Quarterly |
| Use privacy-focused browsers | Daily |
| Audit connected apps | Monthly |
Privacy landscape 2026
Data Privacy Week 2026 arrives amid significant regulatory developments:
United States
| Development | Status |
|---|
| State privacy laws | 19+ states with comprehensive laws |
| Federal legislation | Ongoing discussions, no comprehensive law |
| FTC enforcement | Active against deceptive practices |
| State AG actions | Increasing enforcement activity |
State privacy law map (2026)
| State | Law | Effective |
|---|
| California | CPRA | Already active |
| Virginia | VCDPA | Already active |
| Colorado | CPA | Already active |
| Connecticut | CTDPA | Already active |
| Utah | UCPA | Already active |
| Iowa, Indiana, Tennessee, etc. | Various | 2024-2026 |
| Additional states | Pending/enacted | 2025-2027 |
International
| Jurisdiction | Development |
|---|
| European Union | AI Act enforcement beginning February 2026 |
| United Kingdom | Post-Brexit data framework evolution |
| Canada | Privacy law modernization discussions |
| Brazil | LGPD enforcement maturation |
About the National Cybersecurity Alliance
The NCA is a nonprofit organization dedicated to creating a safer, interconnected world through education and advocacy.
Key initiatives
| Initiative | Timing |
|---|
| Cybersecurity Awareness Month | October |
| Data Privacy Week | January |
| CyberSecure My Business | Ongoing SMB program |
| See Yourself in Cyber | Year-round campaign |
Partners
| Sector | Examples |
|---|
| Government | CISA, FTC |
| Industry | Major technology companies |
| Academia | Universities and research institutions |
| Nonprofit | Privacy and consumer advocacy groups |
Resources
Free materials available
| Resource | Format |
|---|
| Educational guides | PDF, web |
| Social media content | Images, text templates |
| Presentation slides | PowerPoint, Google Slides |
| Infographics | PNG, PDF |
| Webinar recordings | Video (post-event) |
For different audiences
| Audience | Available resources |
|---|
| Individuals | Personal privacy guides |
| Small businesses | SMB privacy toolkit |
| Enterprise | Policy templates |
| Educators | Classroom materials |
| Parents | Family privacy guide |
| Category | Examples |
|---|
| Password managers | 1Password, Bitwarden, Dashlane |
| Privacy browsers | Firefox, Brave, Safari |
| Search engines | DuckDuckGo, Startpage |
| Email | ProtonMail, Tutanota |
| VPN | Mullvad, ProtonVPN (for specific use cases) |
| Ad blockers | uBlock Origin |
Context
Privacy has evolved from a compliance checkbox to a competitive differentiator. Organizations that demonstrate genuine respect for user data build trust; those that don’t face regulatory penalties, reputational damage, and customer attrition.
| Era | Privacy approach |
|---|
| Pre-2018 | Afterthought, minimal compliance |
| 2018-2022 | GDPR-driven compliance focus |
| 2023-2025 | Competitive differentiator |
| 2026+ | AI governance integration |
Data Privacy Week provides an opportunity to reset organizational practices and individual habits around data protection. The “Take Control of Your Data” theme acknowledges that privacy is ultimately about empowerment—giving people meaningful choices about their information rather than burying controls in settings menus.
The convergence of AI proliferation, expanding state privacy laws, and increasing consumer awareness makes 2026 a pivotal year for privacy practices. Organizations that invest in transparent, user-respecting data practices now will be better positioned as regulatory requirements continue to expand.
Visit staysafeonline.org/data-privacy-week for full event schedules, registration, and downloadable resources.
