Events over the last few months, from concerns over how social media companies are using personal data to the roll out of the European Union’s General Data Privacy Regulation (GDPR) have brought a renewed focus to how both public and private sector organizations collect, use, and store personal information.

With both current events and regulations on their minds, many U.S.-based organizations are taking a close look at how they use and protect personal data. For the federal government, deciding how to manage and protect personal information is more than just a business decision, it’s a part of each agency’s duty of care and can be a key factor in ensuring national security. But is enough being done and are agencies equipped to provide sufficiently robust security?

These are some of the questions we posed to Malcolm Harkins, Chief Security and Trust Officer at Cylance, for the latest installment of the Government Technology Insider podcast. We wanted his thoughts on how agencies and businesses assess risk, make decisions, and implement reforms. We also wanted to know if the U.S. should institute across-the-board privacy regulations for businesses and government agencies. His answers were both surprising and insightful.

You can find out what Harkins thinks about the state of data privacy and hear more of his insights on data privacy and protection by clicking on the player below.