A blog about Product Management, Data Management and Self-Driven Learning
Generative AI complicates data deletion compared to traditional governance, as it involves multiple artefacts like logs and user memories. Organisations must define clear deletion policies for each artefact, including user-triggered options and emergency controls. Balancing auditability and privacy is crucial, necessitating regular reviews of retention policies for compliance and risk management.
Deploying Generative AI fundamentally alters creation and decision-making processes. Proper governance in its "Use" stage is essential to prevent risks such as hallucinated facts and harmful content. By categorising use cases into risk levels and implementing structured review processes, organisations can ensure safe and effective usage of GenAI technologies.
Generative AI systems retain various types of sensitive data, necessitating expanded governance over storage, memory, and logging practices. Organisations should segment data storage by sensitivity and purpose, implement role-based access controls, and ensure safe logging, embedding, and memory management. Clear user communication and a structured governance matrix are essential for effective oversight.
In Generative AI, the concept of "Acquire" extends beyond training data to include fine-tuning, retrieval contexts, and prompts. Effective governance is crucial to prevent issues like IP leakage and bias. A structured approach involves defining data usage policies, curating knowledge sources, and treating prompts as governed assets, ensuring safety and compliance in AI initiatives.
The DASUD framework—Design, Acquire, Store, Use, Delete—serves as a valuable model for AI governance, enhancing existing data management practices. It outlines a structured approach to integrate governance throughout the AI lifecycle, ensuring clarity in decision-making, accountability, and risk management while adapting familiar processes for AI applications.
Nigel D'Souza 