Data & Privacy
7requirements · AIUC-1
Most companies protect customer data. Few protect the data AI consumes to learn.
Input Data Policy
Document ownership, usage and retention of customer data used by the AI agent.
Limit Data Collection
Restrict collection to task-relevant data via RAG filtering, session scoping and role-based permissions.
Cross-Customer Isolation
Prevent cross-customer data exposure with namespace isolation and authorization controls.
Prevent PII Leakage
Detect and filter PII in inputs and outputs with integrated DLP and role-based access controls.
"AI privacy is not an extension of data privacy. It is a new category. Those who treat it as an extension will discover the gap when it is too late."
Most companies protect customer data. Few protect the data AI consumes to learn.
AIUC-1's Data & Privacy pillar isn't just about leakage. It's about what AI does with what it receives.
What the market believes
The market treats AI privacy as an extension of LGPD or GDPR. But the exposure is different. When an AI agent processes customer data, three risks operate in parallel: direct leakage, proprietary IP exposure, and unauthorized training on sensitive information.
LGPD covers the first. The second and third have no clear regulatory coverage in most jurisdictions.
What AIUC-1 requires
Documented customer data policies. Layered access controls. Safeguards against leakage, IP exposure, and unauthorized training on user data.
Keywords
Data LeaksPII ProtectionIP InfringementIn practice
Audit the data flows of every AI agent in production. Map where customer data enters, how it's processed, and whether any model retains information between sessions. If the answer is "I don't know," the risk already exists.
AI privacy is not an extension of data privacy. It is a new category. Those who treat it as an extension will discover the gap when it is too late.