Personal data

Mitigation strategy

1. Enforce strict technical access controls, including mandatory multi-factor authentication (MFA) for all AI and data-handling systems, and implement Role-Based Access Control (RBAC) to ensure adherence to the principle of least privilege regarding sensitive personal data. 2. Mandate the use of strong, AES-256 or equivalent, encryption for all personal data, whether it is at rest in storage or in transit across networks, to ensure confidentiality even in the event of unauthorized access. 3. Deploy context-aware Data Loss Prevention (DLP) solutions tailored for Generative AI workflows, coupled with a robust employee security awareness and training program to actively monitor and prevent the inadvertent or malicious input/output of sensitive information.