๐Ÿ”AI RiskAtlas
โ† Risk Taxonomy
#23

Unclear data retention and deletion

Risk taxonomy

Definition

Lack of clarity on the policy around retention of personal, sensitive, or confidential data of data subjects.

Controls & guardrails that address this

3

Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.

Preventive ยท 3
Data retention schedules defined at design

Define data retention schedules for all AI data categories at design stage, covering training, test, and production data.

Lifecycle stage1 โ€“ Use Case Context & Design
Retention tagging with automated deletion at collection

Tag data with retention periods at collection and automate deletion. Document automated deletion configuration.

Lifecycle stage2 โ€“ Data Acquisition & Processing
Automated retention and deletion across artefact types

Implement automated retention and deletion controls for all artefact types (training data, models, logs). Test before deployment.

Lifecycle stage3 โ€“ Onboarding, Build & Review
Open these in the Control Library โ†’

Other risks in Legal & Regulatory

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning โ€” not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading โ†’ยทBuilt by Shi Yuan โ†—