⭐ Data Rights Unwrapped 2025 is here, celebrating billions of choices honored. Learn more.

The 2026 playbook: Why "doing nothing" is no longer an option for AI & privacy

December 22, 20253 min read

In our special end-of-year edition of Dear Ron, I sat down with Ron De Jesus (Field CPO) and Aimee Cardwell (CISO in Residence) to enjoy some Glühwein and reflect on the whirlwind that was 2025.

We laughed about the "acronym graveyard" of manual compliance and debated the best Christmas movie (Home Alone), but underneath the holiday cheer, a serious theme emerged. The industry has shifted rapidly from "How do we secure AI?" to "Why aren't we moving faster?"

The reality for 2026 is clear: Ungoverned data is delaying your consumer AI rollouts.

While we kept things light on air, De Jesus and Cardwell touched on massive structural roadblocks that are keeping teams that touch consumer data up at night. Here's a deeper dive into the pains we discussed and the playbook you need to fix them going into 2026.

The "puzzle" of fragmented data

In our conversation, Cardwell mentioned a reality that should resonate with every security leader listening:

"The fragmented data that large enterprises have to deal with... feels like assembling a big puzzle with all these different data sources. That feels like a real productivity drain."

Cardwell is describing a security headache, but it is also a core dilemma for the CIO. You’re under pressure to reimagine your tech stack for AI and lead an enterprise transformation. But you can’t responsibly activate AI if your consumer data layer is passive, fragmented, and "untrustworthy."

If your data is a puzzle, you can’t see the full picture. This leads to stalled AI activation because you can’t align data to use cases or demonstrate governance. Plus, as Cardwell predicted, AI-powered attacks are coming in 2026.

If you don't know where your data lives, you can't protect it.

The fix: Find the missing pieces in real time

The old way to solve this was handing out surveys asking department heads, "What software do you use?" This is static and instantly outdated.

To fix this for 2026, companies need to abandon surveys and adopt automated infrastructure. As discussed on the show, you need a way to detect data silos as they appear, rather than waiting for a manual audit. By automating discovery, you transform your consumer data layer from a spreadsheet of guesses to a real-time inventory.

Why manual compliance kills growth

When I asked De Jesus about his least favorite acronyms, he immediately cited the manual drudgery of privacy impact assessments (D)PIAs.

"I still see a lot of manual programs... putting in their manual spreadsheets what to do with a notice or what's the nuance when it comes to their do not sell requirement."

For the digital leader, this manual work is also a blocker. You’re trying to launch omnichannel personalization or a new loyalty program, but you collide with legal checks that derail the project entirely. Why? Because the logic for consent and preferences is fragmented across dozens of different tools.

The cost here is twofold: you lose time on your roadmap, and you lose revenue when you can't effectively activate your total addressable audience.

The fix: Don't store data, route it

De Jesus's advice was simple: stop doing it by hand.

The companies winning in 2026 will be the ones moving from legal workflows to engineering workflows. Instead of relying on human review for every user request, successful teams are adopting a "federated" model, where the privacy infrastructure acts as a router, communicating consent and deletion requests directly to downstream systems via API.

When you automate these complex logic chains, digital initiatives move faster, the risk of error drops, and you can actually create omnichannel experiences since consent choices flow instantly across every touchpoint.

The 2026 prediction

We ended the episode with predictions for the future, and the consensus was that privacy and AI are merging.

For the CIO and CPO alike, this means moving from the "Department of No" to a strategic partnership. By unifying consumer data permissions and compliance logic across your ecosystem, you ensure your AI-powered transformations consistently operate on clean, consented data.

As De Jesus said, the companies that win in 2026 won't be the ones with the best spreadsheets. They will be the ones who let tech handle the compliance, so the humans can build the future.

You can also watch the interview directly on YouTube

Share this article

More resources

Field Trips with Aimee Cardwell, CISO in Residence at Transcend

Aimee Cardwell, Transcend’s CISO in Residence and former CISO at UnitedHealth Group, joins Ron De Jesus to explore how privacy and security teams can partner to manage risk and govern AI responsibly.

CPO Roundtable: What It Really Means to Be a CPO Today

Watch the first episode of CPO Roundtable, hosted by Transcend’s Field Chief Privacy Officer Ron De Jesus, as he sits down with privacy leaders Brandon Kerstens (Match Group), Adaora Amankwah (Yum! Brands), and Kelly Peterson (formerly Grindr) to explore how trust, tech, and AI are reshaping the future of privacy leadership.

What makes a great Chief Privacy Officer: Lessons from Verizon’s Sue Vinci

Verizon’s Chief Privacy Officer Sue Vinci joins Transcend Field CPO Ron De Jesus for a candid conversation about leadership, trust, and what it takes to build one of the world’s most sophisticated privacy programs.

AI at market speed, trust at enterprise scale.

AI is set to transform industries, but speed alone isn’t enough. To scale, enterprises must prove their AI is safe to adopt—backed by visibility, controls, and compliance that build confidence across customers and partners.