AAISM · Question #209
A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply wi
The correct answer is B. Maintaining a register of legal and regulatory requirements for privacy. According to the AI Security ManagementTM (AAISM) study framework, compliance with privacy and regulatory standards must begin with a formalized process of identifying, documenting, and maintaining applicable obligations. The guidance explicitly notes that organizations should ma
Question
A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply with regulatory standards?
Options
- AConducting quarterly retraining of the AI model to maintain the accuracy of recommendations
- BMaintaining a register of legal and regulatory requirements for privacy
- CEstablishing a governance committee to oversee AI privacy practices
- DStoring customer data indefinitely to ensure the AI model has a complete history
How the community answered
(44 responses)- A7% (3)
- B89% (39)
- C2% (1)
- D2% (1)
Explanation
According to the AI Security ManagementTM (AAISM) study framework, compliance with privacy and regulatory standards must begin with a formalized process of identifying, documenting, and maintaining applicable obligations. The guidance explicitly notes that organizations should maintain a comprehensive register of legal and regulatory requirements to ensure accountability and alignment with privacy laws. This register serves as the foundation for all governance, risk, and control practices surrounding AI systems that handle personal data. Maintaining such a register ensures that the recommendation system operates under the principles of privacy by design and privacy by default. It allows decision-makers and auditors to trace every AI data processing activity back to relevant compliance obligations, thereby demonstrating adherence to laws such as GDPR, CCPA, or other jurisdictional mandates.
Topics
Community Discussion
No community discussion yet for this question.