RAIBR02-BP04 Identify potential harmful events impacting privacy
Harmful events can result from using data that is confidential or personal in ways that do not align with the rules for correctly handling such data.
Level of risk exposed if this best practice is not established: High
Implementation considerations
-
Review the types of data that you expect to appear in development and operations (including user inputs and system outputs), and categorize the data as confidential, personal or other, as advised by your legal counsel. Consider harmful events resulting from errors in handling this data. For example, could data that is licensed only for training be accidentally output to a user?
-
Consider what types of data might unexpectedly appear in training or operations, whether the unexpected data could be confidential or personal, and what harms might result if this data was not blocked from flowing into development or operational pipelines.
Resources
Related documents:
-
Remove PII from conversations by using sensitive information filters
-
ISO/IEC 42001:2023
A.5.4 Assessing AI system impact on individuals or groups of individuals -
ISO/IEC 42001:2023
A.7.3 Acquisition of data
Related video: