Definition
Lack of clarity on the policy around retention of personal, sensitive, or confidential data of data subjects.
Controls & guardrails that address this
3Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.
Preventive ยท 3
Data retention schedules defined at design
Define data retention schedules for all AI data categories at design stage, covering training, test, and production data.
Lifecycle stage1 โ Use Case Context & Design
Retention tagging with automated deletion at collection
Tag data with retention periods at collection and automate deletion. Document automated deletion configuration.
Lifecycle stage2 โ Data Acquisition & Processing
Automated retention and deletion across artefact types
Implement automated retention and deletion controls for all artefact types (training data, models, logs). Test before deployment.
Lifecycle stage3 โ Onboarding, Build & Review
Other risks in Legal & Regulatory
#16 Inability to ensure location compliance for model hosting and data processing#17 Unclear data ownership#18 Unauthorised data transfer and storage#19 Breach or misalignment with regulatory or organisational standards#20 IP infringement#21 Unavailability of IP protection#22 Inadequate privacy protection