Privacy

What this means in practice

AI systems often require vast amounts of data, much of it personal, creating unique privacy challenges: models can memorize and potentially reconstruct training data, personal information may be repurposed for AI training without appropriate consent, and AI-generated inferences can reveal sensitive attributes not explicitly provided. Key privacy practices include data minimization (using only necessary data), purpose limitation (preventing unauthorized repurposing), and privacy-preserving techniques like differential privacy, federated learning, and synthetic data generation. The COMPEL framework addresses AI privacy through Domain 16 (Regulatory Compliance) and the Data Governance practices in Domain 6.

Why it matters

AI systems create unique privacy challenges because models can memorize training data, personal information may be repurposed without consent, and AI-generated inferences can reveal sensitive attributes never explicitly provided. Privacy failures trigger regulatory penalties, erode customer trust, and can halt AI programs entirely. Building privacy into AI systems from design is both a legal obligation and a competitive advantage in building stakeholder trust.

How COMPEL uses it

COMPEL addresses AI privacy through the Governance pillar's Domain 16 (Regulatory Compliance) and the Data Governance practices in Domain 6. During the Model stage, privacy requirements are designed into data governance frameworks including data minimization and purpose limitation. Privacy-preserving techniques like differential privacy and federated learning are assessed as part of the Technology pillar's architecture decisions.

Related Terms

Other glossary terms mentioned in this entry's definition and context.

• CCPA
• COMPEL Framework
• Data Governance
• Data Minimization
• Differential Privacy
• Federated Learning
• GDPR
• Model Stage
• Purpose Limitation
• Regulatory Compliance
• Stakeholder
• Synthetic Data