Privacy, Data Handling, and AI Governance

Key Concepts

Privacy is the appropriate handling of personal information. Security protects confidentiality, integrity, and availability (the CIA triad); privacy asks whether personal information is collected, used, shared, retained, and disposed of in ways that are lawful, fair, transparent, and consistent with the stated purpose. The two overlap but are not identical: you can keep data perfectly confidential and still violate privacy by using it for an unapproved purpose.

Personally identifiable information (PII) includes names, addresses, government identifiers, financial records, health information, precise location, biometrics, account and device identifiers, and any combination that identifies a person. Some categories are sensitive PII because misuse causes serious harm, including health, biometric, financial, and children's data. Privacy scenarios ask whether the organization should collect less, restrict access, notify users, obtain consent, or pull in legal and privacy teams.

Data minimization is the practical core: collect only what is needed, use it only for the approved purpose, keep it only as long as required, then dispose of it securely. A newsletter signup that demands a passport number is a red flag because the data does not match the purpose. A support ticket that captures a full payment card number should be re-engineered to reduce collection and exposure.

AI governance for beginners

AI governance applies the same ideas to systems using machine learning or automated decision support. The CC outline taking effect September 1, 2026 integrates AI security across all five domains, so expect AI items. At the beginner level, focus on purpose, data quality, human oversight, privacy, transparency, fairness, and accountability. The organization should know what the system is for, what data it uses, who approved it, how outputs are reviewed, and how harmful effects are reported.

Model poisoning is the headline CC-level integrity example. If an attacker can influence training data, feedback data, labels, or update prompts, the model can learn incorrect or harmful behavior, so outputs can no longer be trusted, which is an integrity failure, not confidentiality. Controls include protecting training-data pipelines, validating data sources, limiting who can submit feedback, monitoring model behavior, reviewing changes, and keeping a trusted rollback version.

Exam Application

Transparency does not mean exposing trade secrets or sensitive security details. It means people get appropriate information about when automated systems are used, what they are for, and how to challenge or escalate important decisions. Non-bias means avoiding unfair treatment from skewed data, poor design, or untested assumptions. Bias appears when training data underrepresents a group, historical decisions embedded discrimination, or the model uses a proxy variable (such as ZIP code) that correlates with a protected trait.

Scenario: A hiring team wants an AI tool to screen resumes. Governance should require vendor review, privacy review, data minimization, bias testing, human oversight, approved retention, and clear instructions for candidates and HR. Uploading every resume to an unapproved tool for convenience is the wrong answer.

Scenario: A customer-support chatbot learns from user feedback, and attackers flood it with false answers until it recommends unsafe password practices. This is model poisoning. The practical response is to stop trusting unvalidated feedback, review recent training changes, restore a trusted model version, and add monitoring and approval controls.

For exam items, choose answers that protect personal data, limit use to approved purposes, preserve data and model integrity, and escalate novel AI uses through governance instead of allowing informal adoption.

PII categories and disposal

CC distinguishes ordinary PII from sensitive PII because the required protection scales with potential harm. A name or work email is PII; a Social Security number, medical diagnosis, fingerprint template, or full payment card number is sensitive and demands stronger access limits, encryption, and shorter retention. When a stem asks how to dispose of data, match the method to the medium: secure deletion or cryptographic erasure for live storage, degaussing or physical destruction (shredding, pulverizing) for retired drives and media. Simply pressing delete or formatting a disk does not reliably remove data and is a classic wrong answer.

Connecting AI risk to the CIA triad

Beginners sometimes lump every AI threat together, but CC wants you to classify it. Model poisoning is an integrity attack because it corrupts what the model knows. Leaking the training data or extracting personal information from a model is a confidentiality problem. A flood of requests that takes a model offline is an availability problem. Tying each AI scenario back to the affected pillar of the CIA triad makes the "which risk is this?" items straightforward.

Worked example: a fraud-detection model starts approving fraudulent transactions after attackers seeded its retraining queue with mislabeled examples. That is poisoned data degrading integrity, so the response is to halt automatic retraining, quarantine the suspect inputs, roll back to a trusted version, and add human review before future retraining.