How to “Forget” in GenAI: Deletion, Retention, and Kill Switches

Nigel D'Souza's avatarWritten by

Posted on Leave a comment

In traditional data governance, you’re used to thinking about retention schedules and disposal. With Generative AI, “Delete” becomes more complicated. You’re dealing with multiple layers: fine‑tuned models, logs, vector stores, and sometimes user‑specific “memories.” On top of that, users and regulators increasingly expect systems to forget on request.

If you don’t adapt Delete for GenAI, your systems can quietly become uncontrolled archives—hard to explain, harder to clean up.

The layers of GenAI you might need to delete

Start by mapping what actually exists in your GenAI stack:

  • Fine‑tuned models or adapters built on top of base models.
  • Training and evaluation datasets used for those fine‑tunes.
  • Prompt and output logs.
  • Embeddings and vector stores used for retrieval.
  • Conversation histories and personalisation settings.
  • Safety and feedback logs.

Each type of artefact has its own constraints and options for deletion.

Understand what you control (and what you don’t)

There’s an important distinction:

  • Base models Typically trained and operated by vendors. You can’t usually remove specific data from them yourself.
  • Your layers Fine‑tunes, adapters, RAG indexes, logs, memories—everything you build and host. These are under your control and must be governed.

For your layers, define:

  • What deletion means (hard delete, anonymise, archive).
  • Who can trigger deletion (users, admins, automated rules).
  • What remains for audit and observability.

Being clear about the limits of your control also shapes how you talk to users and regulators.

Design retention and deletion policies per artefact

Treat each artefact type in the GenAI lifecycle as you would a data category:

  • Chat histories and prompt logs For many internal uses, short retention windows (days or weeks) may be enough, especially if logs contain personal or sensitive content. Provide options for users to clear or disable history where feasible.
  • Embeddings and vector entries Tie vector entries to documents with explicit IDs and versions. When a document is updated or removed (e.g., due to corrections or “right to be forgotten”), ensure embeddings are updated or deleted as well.
  • Fine‑tuned models and adapters Define criteria for retirement (e.g., performance, policy changes). Archive important versions with metadata, but ensure retired variants cannot be used in production.
  • Safety and feedback logs Retain long enough to demonstrate your safety process and to investigate incidents; avoid unnecessarily storing raw user content indefinitely.

Document your rationale. If challenged, you’ll need to explain why certain artefacts are kept for particular periods.

Implement user‑triggered deletion and reset

Users increasingly expect control over their data and histories.

Where realistic, provide:

  • History deletion Allow users to delete conversation histories or specific threads. Implement back‑end processes that remove or anonymise related prompt/output logs, within technical limits.
  • Memory reset If you have personalisation or agent‑style memory, offer a “reset” function that clears the stored state for that user.

Be honest in your UI about what is deleted and what may still exist (e.g., aggregated metrics, anonymised data).

Design kill switches for GenAI capabilities

Beyond normal deletion, you need emergency controls—kill switches—for when something goes wrong.

Kill switches can operate at different levels:

  • Feature level Disable specific capabilities (e.g., code generation, summarising certain document collections, particular high‑risk prompts).
  • System level Temporarily disable a GenAI service entirely while you investigate an incident.
  • Integration level Disable GenAI features in a specific product or workflow, falling back to traditional behaviour.

Define in advance:

  • Which roles can trigger which kill switches.
  • Criteria for activation (e.g., severe incident, regulatory risk, repeated harmful outputs).
  • How to roll back and communicate restorations or changes.

Kill switches make your Delete stage responsive, not just scheduled.

Balancing auditability and privacy

As with data, you must balance two needs:

  • Auditability You need enough evidence of system behaviour to explain decisions and investigate incidents.
  • Privacy and minimisation You should not keep more personal or sensitive content than necessary, nor for longer than necessary.

One practical approach is:

  • Keep detailed logs for short windows; keep aggregated metrics and non‑identifying summaries longer.
  • Anonymise where possible, especially in logs used for long‑term analysis.
  • Review retention policies regularly as practices, regulations, and risk appetites evolve.

Making it concrete

For one GenAI system in your environment:

  • List all artefact types.
  • Define retention windows and deletion methods for each.
  • Specify user‑facing deletion/reset options.
  • Design kill‑switch scenarios and document who can use them.

Once Delete for GenAI is designed as carefully as Design and Use, you’ll be able to say—with evidence—that your AI doesn’t just grow and act; it also knows when and how to let go.

If you’d like assistance or advice with your Data Governance implementation, or any other topic (Privacy, Cybersecurity, Ethics, AI and Product Management) please feel free to drop me an email here and I will endeavour to get back to you as soon as possible. Alternatively, you can reach out to me on LinkedIn and I will get back to you within the same day!

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.