Privacy
Privacy is related to the ability of individuals to control or influence what information related to them may be collected and stored and by whom that information may be disclosed.
ENTITY
2 - AI
INTENT
3 - Other
TIMING
3 - Other
Risk ID
mit180
Domain lineage
2. Privacy & Security
2.0 > Privacy & Security
Mitigation strategy
1. Prioritize the application of **Privacy-by-Design (PbD) and Privacy Engineering principles**, specifically enforcing **data minimization** (only collecting necessary data) and **purpose limitation** throughout the entire data lifecycle to structurally limit the scope of collection and potential for misuse. 2. Implement a **comprehensive transparency and individual rights governance model**, ensuring **informed and explicit consent** is obtained for data processing, and providing clear, accessible mechanisms for data subjects to exercise their rights to **access, review, rectify, or withdraw** their personal information. 3. Enforce **robust security and access controls**, including mandatory **data encryption** (both at rest and in transit) and the application of the **Principle of Least Privilege** via Role-Based Access Control (RBAC) to precisely manage and audit who can access and to whom the data may be disclosed.