SAIL

/

Build - AI Security Posture Management

/

Misclassified or Undocumented Sensitive Data Usage

3.7

.

Misclassified or Undocumented Sensitive Data Usage

sail
3.7
Risk

Misclassified or Undocumented Sensitive Data Usage

Description

Sensitive data is misclassified, undocumented, or used without proper authorization, leading to security or compliance risks

Example

Sensitive user data is used for fine-tuning without being documented or classified, resulting in lack of controls and auditability.

Assets Affected

Dataset / RAG

Model metadata

Model files

App Usage log

Mitigation
  • Implement and enforce strict data classification policies
  • Train personnel on data handling and classification
  • Validate data classifications during discovery audits
  • Document data resources thoroughly
Standards Mapping
  • ISO 42001: A.7.3, A.7.6, A.5.2
  • OWASP Top 10 for LLM: LLM02
  • NIST AI RMF: MEASURE 2.10, MAP 5.1
  • DASF v2: RAW DATA 1.2, DATASETS 3.2