RAIDP04-BP04 Establish governance procedures for managing your datasets
Maintain procedures for managing dataset access, retention, and deletion throughout the AI system lifecycle. Implement mechanisms to handle individual data requests, including the ability to remove individual data points when contributors withdraw consent. Document data lineage and retention policies that specify how long different types of data can be stored and used. Create procedures for handling governance-related dataset updates.
Level of risk exposed if this best practice is not established: High
Implementation considerations
-
Create clear retention policies that specify how long different types of data can be kept and when they need to be deleted.
-
Build workflows that let you quickly find and remove specific data points when people request deletion or withdraw their consent. Your system should be able to trace individual data samples across training sets, evaluation datasets, and cached model outputs without disrupting other parts of your data.
-
Document the complete journey of your data from collection to deletion, including who accessed it, when it was modified, and which models or evaluations used it. This data lineage assists you to understand the impact when you need to remove or modify datasets for compliance-aligned reasons.
-
Consider governance reviews with your legal team where you check that your data handling practices match your policies and legal obligations, including, but not limited to data retention schedules, deletion requests, and access controls.
Resources
Related documents: