Pride Month is a time to celebrate visibility, acceptance and belonging. But in an era where information moves seamlessly between systems, vendors and AI tools, it should also raise another question: How do we ensure that people are only exposed when they choose to be?
To answer that question, it helps to move beyond slogans and look at the details.
An employee signs up for an internal Pride event. They provide their name, email address, department, perhaps pronouns, accessibility requirements or dietary preferences. Registration is handled by a third-party vendor. Photos are taken at the event. Some are shared on LinkedIn. The attendee list is stored in a shared drive, an event platform or an HR system. Later, an enterprise AI tool may summarize, categorize, analyze or connect that information with other datasets.
As information accumulates across systems and over time, it can reveal far more than any single piece of data ever could.
For most people, privacy sounds like a setting buried somewhere in an application. For others, it can mean the difference between controlling their personal story and having it revealed without their consent.
For many LGBTQ+ individuals, coming out represents freedom, safety and belonging. Often, it is the result of years spent navigating uncertainty, assessing environments and searching for spaces where they can be fully themselves. Visibility matters, but only when it remains a choice.
Someone may be open with friends but not with family. Comfortable in one environment but cautious in another. Willing to participate in a Pride event at work, but not comfortable having their image stored indefinitely by a third-party vendor or connected to other information years later.
Privacy is not the opposite of Pride. It is what allows people to decide when, where, how and with whom they share who they are.
When data speaks before people do
It used to be easier to separate different parts of life. Not always, and certainly not for everyone, but the boundaries between work, family, community, social platforms and personal relationships were often more defined. Today, those boundaries are increasingly blurred.
Information collected in one context can easily resurface in another. Event registrations. Conference photos. Location data. HR records. Employee resource groups. Survey responses. Interactions with third-party vendors.
Each data point may seem insignificant on its own. Together, they can create a detailed picture of someone's identity, relationships, habits and personal boundaries. This is where AI changes the equation.
In the past, sensitive information was often explicitly labeled and managed as such. Today, AI systems can infer sensitive attributes from information that appears entirely ordinary. They can connect signals, identify patterns and draw conclusions that individuals never intended to share.
You do not need a field labeled "sexual orientation" to learn something about a person's identity. Data does not have to be leaked to cause harm.
Sometimes it is enough for it to be used outside the context in which it was originally collected.
That means organizations need to ask more than just, "What data are we collecting?" They also need to ask: What can be inferred from it? Who has access to it? How long is it retained? Which vendors process it? Can AI systems interact with it? And what happens when information is used for purposes beyond those for which it was originally collected?
The human cost behind the data
This conversation is particularly relevant during Pride Month, but it extends far beyond the LGBTQ+ community.
Everyone has aspects of their identity that they choose to share selectively: health conditions, beliefs, relationships, gender identity, sexual orientation, family history, political views, location or digital habits.
Data is often discussed in terms of systems, records and fields. In reality, every record represents a person. Often, a person who shared information in a specific context with the expectation that it would remain there.
It is easy to publish a Pride post. It is easy to organize an event, share employee photos and talk about values. Many of those things matter.
The real test happens behind the scenes. Who has access to participant lists? Where are photos stored? Which vendors manage registrations? Is information deleted when it is no longer needed? Can employees request corrections or deletion? Has anyone assessed whether internal AI systems can access data they were never intended to process?
Moving from policy to trust
After years working in privacy, I have learned that compliance is only the starting point. Laws and regulations matter. But they do not replace judgment, accountability or trust.
Trust is built when people believe an organization understands not only what information it collects, but also the responsibility that comes with it - what can be inferred from that information, what risks emerge when it leaves its original context and what safeguards exist to protect it.
Consent must evolve as well. It cannot be buried in lengthy legal documents or reduced to another checkbox on the path to using a product. Meaningful consent must be clear, specific, understandable and tied to the moment information is collected or used. Otherwise, people are not truly making a choice. They are simply clicking "accept" and moving on.
In the age of AI, this becomes even more important. Organizations need data to innovate. But high-quality data does not come from a lack of trust. People are more willing to share information when they understand what is being collected, why it is being used, who can access it and what protections are in place.
Innovation built on trust lasts longer. To earn that trust, organizations must demonstrate that they can manage personal information with care, transparency and accountability.
Pride Month reminds us of the right to be visible. In the age of AI, it should also remind us of the right to choose when, how and to whom we reveal ourselves.
This is not just a compliance issue. It is not just a risk management issue. It is a trust issue.
Because ultimately, an organization that does not know where its data is cannot truly know who it is protecting.
- Ron De Jesus is chief trust officer and head of privacy strategy at Mine.