Privacy
The potential for the AI system to infringe upon individuals' rights to privacy, through the data it collects, how it processes that data, or the conclusions it draws.
ENTITY
2 - AI
INTENT
3 - Other
TIMING
3 - Other
Risk ID
mit165
Domain lineage
2. Privacy & Security
2.1 > Compromise of privacy by leaking or correctly inferring sensitive information
Mitigation strategy
1. Implement Data Minimization and Privacy-by-Design principles, ensuring the AI system collects and processes only the strictly necessary volume and scope of personal data required for its specified, legitimate purpose. 2. Mandate the application of state-of-the-art cryptographic and de-identification techniques (e.g., encryption, pseudonymization, differential privacy) to all datasets used for AI training and operation, supplemented by strict Role-Based Access Control (RBAC). 3. Establish clear mechanisms for obtaining informed, explicit consent from data subjects regarding data collection, storage, and use, and conduct mandatory, periodic audits (e.g., Data Protection Impact Assessments/DPIAs) to ensure continuous alignment with all relevant data protection regulations (e.g., GDPR, CCPA).