Privacy & Confidentiality

https://taxonomy.eticas.ai/risk/privacy-confidentiality

Maturity: established

The risk that an AI system collects, processes, or infers personal information in ways that infringe on individuals’ rights to control their data (privacy), or that sensitive information is exposed, accessed, or shared without authorization (confidentiality). This includes risks from data leakage, re-identification, unauthorized use, or insufficient safeguards.

Also known as: Privacy · Data Privacy

Applies to: ALL
Lifecycle stages: Pre Processing, In Processing, Post Processing

Risk groups

Data collection & use — Risks from how personal data is collected, processed, and repurposed.
Data protection — Risks related to safeguards for stored and processed personal data.
Model-level privacy — Risks from AI models leaking or exposing private information through their outputs or structure.

Mappings to external frameworks

Compliance

Framework	Concept
EU AI Act (Regulation 2024/1689)	Article 10 — data and data governance
ISO/IEC 42001:2023 — AI Management System	Privacy considerations for AI systems
AIUC-1 — AI Underwriting Company Standard	Data & Privacy domain

Reference frameworks

Framework	Concept
NIST AI 600-1 — Generative AI Risk Profile	Data Privacy
NIST AI Risk Management Framework (AI 100-1)	Privacy-Enhanced
OECD AI Principles	Human rights, rule of law, fairness & privacy

Taxonomies & vocabularies

Framework	Concept
MIT AI Risk Repository	Compromise of privacy
W3C Data Privacy Vocabulary — AI Extension	Personal Data Handling
AIR 2024 / AIR-Bench 2024	Legal & Rights → Privacy (Unauthorized Privacy Violations × Sensitive Data types)
IBM AI Risk Atlas	Input → Data privacy + Output → Privacy violations

Part of the Eticas AI Risk Taxonomy. URI: https://taxonomy.eticas.ai/risk/privacy-confidentiality