Categories
DTQ Data Trust Quotients Events

Report: AI Memory and Data Retention- How Much Should Machines Be Allowed to Remember?

Categories
DTQ Data Trust Quotients Events

Report: AI Memory and Data Retention- How Much Should Machines Be Allowed to Remember?

A report on the closed-door leadership dialogue hosted by DTQ (Data Trust Quotient), bringing together CISOs, risk advisors, and AI governance leaders to examine whether enterprises can truly delete what an AI system has learned.

About the Platform: DTQ

DTQ — the Data Trust Quotient — is a leadership dialogue platform focused on AI governance, privacy, and data security. The series brings together the people directly responsible for these decisions: Chief Information Security Officers (CISOs), data protection leads, and AI governance practitioners, for candid, closed-door conversations about where the industry is heading.

This session opened with the discussion around a real-world flashpoint: a U.S. court order compelling OpenAI to preserve all ChatGPT conversations — including those users had deleted — as part of its ongoing copyright litigation with The New York Times. The episode illustrated how, once a machine has “remembered” something, true deletion becomes a far harder problem than most organizations assume.

The Panel

The discussion was steered by a moderator and featured three senior practitioners spanning cybersecurity, enterprise IT, and risk advisory:

RolePanelist & Profile
ModeratorMohit Sharma — Cybersecurity Advisor, Baker Hughes. Works in industrial and operational technology, where questions of what gets logged, stored, and retained carry real operational consequences.
PanelistAniruddha Mehta — Partner, Risk Consulting, EY. Advises organizations on data privacy, the DPDP Act, and AI/data risk governance as regulation evolves.
PanelistVinod Nair — CISO, leading cybersecurity and IT infrastructure across large enterprise and SAP environments, bringing a practitioner’s view of enterprise data governance at scale.
PanelistRohit Ponnapalli — Global CISO, Envoy Global. Over 14 years building security from the ground up, including running information security for 30,000 people across 11 locations and architecting security operations centers for state governments and India smart-city projects.

Session Report

Opening Question: Who Wins — Privacy Law or Algorithmic Memory?

Moderator Mohit Sharma framed the central tension: privacy laws are built on the principle that individuals can be forgotten, while AI systems are built on the principle of learning from what they remember. He asked the panel directly — in one line, can a company truly forget a person today?

“This is the illusion of absolute erasure in Gen AI. The right to be forgotten, codified under Article 17 of GDPR and Section 12(3) of India’s DPDP Act, grants data principals the right to demand erasure — but generative AI systems store data in two distinct states: explicit storage and implicit parametric storage. Erasing from explicit storage (vector databases, caches, logs) is technically feasible. Erasing from implicit parametric storage — the billions of weights inside a trained model — is practically impossible, because no single data point resides in an isolated, identifiable location.”

— Aniruddha Mehta, Partner – Risk Consulting, EY

Mehta outlined four technical paths organizations can use to bridge this gap:

  • Exact unlearning — deleting clearly targeted data outright.
  • Approximate unlearning — offering no absolute guarantee of erasure, but relying on probabilistic reduction of a data point’s influence.
  • Concept-level / cohort unlearning — removing influence at the level of a defined group (e.g. by department or team), which is easier to isolate and action.
  • CSA architecture (shared, isolated, sliced, and aggregated training design) — a more efficient, consent-aligned design for targeted retraining.

His conclusion: the tension between contextual utility and legal liability is best managed not as a fight between privacy and AI, but through responsible AI design as the operating principle.

Panelist Vinod Nair added a regulatory-timeline perspective, noting that India’s IT Act 2000 was followed by the IT Rules 2021 and that the DPDP Act is expected to come into force around May 2027. He stressed the need to track evolving model architectures — autoregressive LLMs, masked language models, sequence-to-sequence and retrieval-augmented models — and to embed standard data-loss-prevention (DLP) practices directly into AI deployments.

Rohit Ponnapalli, Global CISO at Envoy Global, offered a starkly practical view: with prompts, chat histories, and retrieval-augmented (RAG) models now layered across every tool and vendor in an enterprise, organizations frequently have no reliable way of knowing where their data actually resides — making proof of deletion nearly impossible at scale.

“Every department has multiple third-party vendors, and every tool has AI built in already. Where do you even delete the data — your laptop, your AI models, or your vendor’s systems? We have no idea where the data resides with all this AI in place.”

— Rohit Ponnapalli, Global CISO, Envoy Global

Ponnapalli proposed grounding AI memory governance in privacy-by-design and zero-trust principles, layered across three planes: strategy (how long data should be retained), tactics (how AI models and third parties are onboarded), and operations (data mapping). His view: if an organization can achieve reliable data mapping, retention controls and purpose definition become possible — and roughly 90% deletion success is achievable even in the AI era.

Categorizing AI Memory by Risk

Moderator Sharma turned the discussion toward practice: should session memory, user memory, organizational memory, and training data be treated as different risk categories — and what should be kept?

Mehta proposed a four-part risk-utility framework for classifying data before deciding how it should be governed:

Data ClassAI UtilityRegulatory RiskRecommended Action
Interaction / informal data (logs, raw text)Low long-term valueHigh — unsolicited PII riskAggressive erasure; automated TTL protocols
Inferred / analytical data (behavioral profiles, risk flags)High — personalization, automationSevereCohort-level unlearning; purpose-bound grouping
Demographic / trend data (anonymized)High — fairness tuning, model stabilityLow, if irreversibly anonymizedRetain under audit; verify re-identification resistance
Sensitive financial / health dataFraud detection, diagnosticsMaximum — sector and cross-border lawsFederated architecture; strict access controls; segregate memory from weights

Vinod Nair built on this with an enterprise security lens, identifying three foundational controls: a documented data inventory and classification system, enforced identity controls, and encryption that is never standardized indefinitely — since static encryption algorithms become predictable targets over time. He also called for regular red-team exercises, defined playbooks for memory abuse or model leakage, and clear deletion workflows tied to defined retention periods.

He further distinguished organizational memory needs by seniority and exposure: persistent profiles tied to senior executives (e.g. a CIO or CEO) require separate, higher categorization and protection than standard user or session memory, given the greater risk of profiling or targeted leakage.

Should AI Remember Everything It Can?

Sharma posed a pointed question to Ponnapalli, whose background spans smart-city and public-sector systems: just because a system can remember something, does it mean it should?

“Just because you have unlimited data storage, you should not keep storing the data. There should be a boundary to what you want to store.”

— Rohit Ponnapalli, Global CISO, Envoy Global

Ponnapalli illustrated the point with a consumer example — automated calls nudging customers to complete abandoned cart purchases — to show how easily “customer experience” framing can stretch the boundary of acceptable data use. He recommended segregating storage by data type (PII versus service-quality or analytics data), applying regulation-driven retention periods (citing seven years as a common standard for PII in his sector), and using DLP and DSPM tooling to maintain visibility into where data is flowing and which systems are using it.

He also offered a candid status check on enterprise AI maturity: most organizations remain at the proof-of-concept stage, with AI largely permitted to read data — but not yet trusted to write, execute, or delete it autonomously.

Board-Level Governance and Accountability

As the discussion moved toward governance at the top of organizations, Mehta argued that overseeing AI memory has moved beyond a technical concern into a fiduciary duty for boards, particularly where AI informs credit decisions, financial crime monitoring, and forecasting.

“A company may execute a delete query on a relational database to satisfy a regulatory audit, but if the AI system continues to make automated decisions based on hidden patterns learned from those deleted records, the board remains exposed to severe legal, financial, and reputational jeopardy.”

— Aniruddha Mehta, Partner – Risk Consulting, EY

He set out three governance imperatives for boards:

  • Demand algorithmic transparency and explainability — rejecting black-box systems for critical operations, and ensuring decisions can be traced back to the parameters and data that drove them.
  • Implement responsible AI checkpoints — maintaining an enterprise-wide inventory of all AI models (built, deployed, or procured), with mandatory Data Protection Impact Assessments (DPIAs) before deployment and risk-tier classification across the AI lifecycle.
  • Enable human accountability in agentic systems — building clear boundaries, accountability mechanisms, and human-in-the-loop overrides directly into system architecture as AI moves from flagging issues to acting on them autonomously.

Audience Q&A Highlights

The moderator relayed several audience questions from the chat for rapid-fire responses:

  • Do we need dedicated standards for AI memory and retention, similar to information security standards? Vinod Nair: Yes — existing frameworks such as ISO/IEC 27001 and 42001 provide a starting control criteria, but organizations need specific, auditable controls mapped to applicable regulations (IT Act, DPDP, and sector-specific clauses) to track AI-specific risks such as RAG pipeline design and vector database/cache access.
  • How should AI data governance be embedded into vendor relationships? Aniruddha Mehta: Treat data protection policy as a core part of vendor assessment and re-assessment, the same way sectors like pharma conduct vendor risk reviews before deployment.
  • Is compliance ever a fixed, one-time state? Rohit Ponnapalli: No — there is no such thing as point-in-time compliance. An organization can be compliant at the moment of an audit and fall out of compliance shortly after as systems and data continue to evolve, which is why governance must be continuous and unbiased.
  • If advising a startup building AI with persistent memory, what is the first question founders should ask? Rohit Ponnapalli: Start with the basics — what data is being collected, and specifically what is the AI being asked to remember (PII, behavioral data, business intelligence)? Then stress-test the downside: what happens if this data leaks, and what would that cost the business in trust, customers, or survival?

Key Insights

  • Complete erasure from a trained AI model is not currently achievable — deleting a source record removes it from explicit storage, but its statistical “fingerprint” can remain embedded in the model’s parametric weights.
  • Four technical approaches — exact unlearning, approximate unlearning, cohort-level unlearning, and federated (CSA) architecture — offer practical, if imperfect, paths to manage this gap.
  • Not all AI memory carries equal risk. A four-tier data classification framework (interaction data, inferred/analytical data, anonymized trend data, sensitive financial/health data) helps determine the right retention and governance response for each.
  • Most organizations cannot currently map where their data — or its AI-driven derivatives — actually reside across departments, vendors, and embedded AI tools, making provable deletion a major operational gap.
  • Responsible AI governance must operate at three levels simultaneously: strategic (policy and retention limits), tactical (model and vendor onboarding), and operational (data mapping and controls).
  • Boards are increasingly exposed to fiduciary liability when AI systems continue to act on patterns learned from data that has technically been deleted from source systems.
  • As AI moves toward agentic, autonomous action, human-in-the-loop oversight and clear accountability boundaries must be designed into system architecture from the outset — not added afterward.
  • Compliance is not a fixed, point-in-time state; with AI systems continuously evolving, governance and audit processes must be continuous and unbiased.
  • Regulatory timelines are tightening — India’s DPDP Act is expected to be enforced around May 2027 — making early investment in data classification, vendor assessment, and retention controls a near-term priority rather than a future concern.

Closing Note

The session closed with the panel agreeing that the boundaries of “responsible AI” are still being actively written, and that the conversation — including several audience questions that could not be addressed live — is expected to continue in a follow-up DTQ session. The discussion underscored a consistent theme across all four speakers: as AI systems become more persistent and context-aware, remembering and forgetting are no longer purely technical actions — they are business, security, and governance decisions that boards, CISOs, and risk leaders must own together.

Categories
Events

A Powerful Open Innovator Session That Delivered Game-Changing Insights on AI Ethics

Categories
Events

A Powerful Open Innovator Session That Delivered Game-Changing Insights on AI Ethics

In a recent Open Innovator (OI) Session, ethical considerations in artificial intelligence (AI) development and deployment took center stage. The session convened a multidisciplinary panel to tackle the pressing issues of AI bias, accountability, and governance in today’s fast-paced technological environment.

Details of particpants are are follows:

Moderators:

  • Dr. Akvile Ignotaite- Harvard Univ
  • Naman Kothari– NASSCOM COE

Panelists:

  • Dr. Nikolina Ljepava- AUE
  • Dr. Hamza AGLI– AI Expert, KPMG
  • Betania Allo– Harvard Univ, Founder
  • Jakub Bares– Intelligence Startegist, WHO
  • Dr. Akvile Ignotaite– Harvard Univ, Founder

Featured Innovator:

  • Apurv Garg – Ethical AI Innovation Specialist

The discussion underscored the substantial ethical weight that AI decisions hold, especially in sectors such as recruitment and law enforcement, where AI systems are increasingly prevalent. The diverse panel highlighted the importance of fairness and empathy in system design to serve communities equitably.

AI in Healthcare: A Data Diversity Dilemma

Dr. Aquil Ignotate, a healthcare expert, raised concerns about the lack of diversity in AI datasets, particularly in skin health diagnostics. Studies have shown that these AI models are less effective for individuals with darker skin tones, potentially leading to health disparities. This issue exemplifies the broader challenge of ensuring AI systems are representative of the entire population.

Jacob, from the World Health Organization’s generative AI strategy team, contributed by discussing the data integrity challenge posed by many generative AI models. These models, often designed to predict the next word in a sequence, may inadvertently generate false information, emphasizing the need for careful consideration in their creation and deployment.

Ethical AI: A Strategic Advantage

The panelists argued that ethical AI is not merely a compliance concern but a strategic imperative offering competitive advantages. Trustworthy AI systems are crucial for companies and governments aiming to maintain public confidence in AI-integrated public services and smart cities. Ethical practices can lead to customer loyalty, investment attraction, and sustainable innovation.

They suggested that viewing ethical considerations as a framework for success, rather than constraints on innovation, could lead to more thoughtful and beneficial technological deployment.

Rethinking Accountability in AI

The session addressed the limitations of traditional accountability models in the face of complex AI systems. A shift towards distributed accountability, acknowledging the roles of various stakeholders in AI development and deployment, was proposed. This shift involves the establishment of responsible AI offices and cross-functional ethics councils to guide teams in ethical practices and distribute responsibility among data scientists, engineers, product owners, and legal experts.

AI in Education: Transformation over Restriction

The recent controversies surrounding AI tools like ChatGPT in educational settings were addressed. Instead of banning these technologies, the panelists advocated for educational transformation, using AI as a tool to develop critical thinking and lifelong learning skills. They suggested integrating AI into curricula while educating students on its ethical implications and limitations to prepare them for future leadership roles in a world influenced by AI.

From Guidelines to Governance

The speakers highlighted the gap between ethical principles and practical AI deployment. They called for a transition from voluntary guidelines to mandatory regulations, including ethical impact assessments and transparency measures. These regulations, they argued, would not only protect public interest but also foster innovation by establishing clear development frameworks and fostering public trust.

Importance of Localized Governance

The session stressed the need for tailored regulatory approaches that consider local cultural and legal contexts. This nuanced approach ensures that ethical frameworks are both sustainable and effective in specific implementation environments.

Human-AI Synergy

Looking ahead, the panel envisioned a collaborative future where humans focus on strategic decisions and narratives, while AI handles reporting and information dissemination. This relationship requires maintaining human oversight throughout the AI lifecycle to ensure AI systems are designed to defer to human judgment in complex situations that require moral or emotional understanding.

Practical Insights from the Field

A startup founder from Orava shared real-world challenges in AI governance, such as data leaks resulting from unmonitored machine learning libraries. This underscored the necessity for comprehensive data security and compliance frameworks in AI integration.

AI in Banking: A Governance Success Story

The session touched on AI governance in banking, where monitoring technologies are utilized to track data access patterns and ensure compliance with regulations. These systems detect anomalies, such as unusual data retrieval activities, bolstering security frameworks and protecting customers.

Collaborative Innovation: The Path Forward

The OI Session concluded with a call for government and technology leaders to integrate ethical considerations from the outset of AI development. The conversation highlighted that true ethical AI requires collaboration between diverse stakeholders, including technologists, ethicists, policymakers, and communities affected by the technology.

The session provided a roadmap for creating AI systems that perform effectively and promote societal benefit by emphasizing fairness, transparency, accountability, and human dignity. The future of AI, as outlined, is not about choosing between innovation and ethics but rather ensuring that innovation is ethically driven from its inception.

Write to us at Open-Innovator@Quotients.com/ Innovate@Quotients.com to participate and get exclusive insights.

Categories
Applied Innovation

Responsible AI:  Principles, Practices, and Challenges

Categories
Applied Innovation

Responsible AI:  Principles, Practices, and Challenges

The emergence of artificial intelligence (AI) has been a catalyst for profound transformation across various sectors, reshaping the paradigms of work, innovation, and technology interaction. However, the swift progression of AI has also illuminated a critical set of ethical, legal, and societal challenges that underscore the urgency of embracing a responsible AI framework. This framework is predicated on the ethical creation, deployment, and management of AI systems that uphold societal values, minimize potential detriments, and maximize benefits.

Foundational Principles of Responsible AI

Responsible AI is anchored by several key principles aimed at ensuring fairness, transparency, accountability, and human oversight. Ethical considerations are paramount, serving as the guiding force behind the design and implementation of AI to prevent harmful consequences while fostering positive impacts. Transparency is a cornerstone, granting stakeholders the power to comprehend the decision-making mechanisms of AI systems. This is inextricably linked to fairness, which seeks to eradicate biases in data and algorithms to ensure equitable outcomes.

Accountability is a critical component, demanding clear lines of responsibility for AI decisions and actions. This is bolstered by the implementation of audit trails that can meticulously track and scrutinize AI system performance. Additionally, legal and regulatory compliance is imperative, necessitating adherence to existing standards like data protection laws and industry-specific regulations. Human oversight is irreplaceable, providing the governance structures and ethical reviews essential for maintaining control over AI technologies.

The Advantages of Responsible AI

Adopting responsible AI practices yields a multitude of benefits for organizations, industries, and society at large. Trust and enhanced reputation are significant by-products of a commitment to ethical AI, which appeals to stakeholders such as consumers, employees, and regulators. This trust is a valuable currency in an era increasingly dominated by AI, contributing to a stronger brand identity. Moreover, responsible AI acts as a bulwark against risks stemming from legal and regulatory non-compliance.

Beyond the corporate sphere, responsible AI has the potential to propel societal progress by prioritizing social welfare and minimizing negative repercussions. This is achieved by developing technologies that are aligned with societal advancement without compromising ethical integrity.

Barriers to Implementing Responsible AI

Despite its clear benefits, implementing responsible AI faces several challenges. The intricate nature of AI systems complicates transparency and explainability. Highly sophisticated models can obscure the decision-making process, making it difficult for stakeholders to fully comprehend their functioning.

Bias in training data also presents a persistent issue, as historical data may embody societal prejudices, thus resulting in skewed outcomes. Countering this requires both technical prowess and a dedication to diversity, including the use of comprehensive datasets.

The evolving legal and regulatory landscape introduces further complexities, as new AI-related laws and regulations demand continuous system adaptations. Additionally, AI security vulnerabilities, such as susceptibility to adversarial attacks, necessitate robust protective strategies.

Designing AI Systems with Responsible Practices in Mind

The creation of AI systems that adhere to responsible AI principles begins with a commitment to minimizing biases and prejudices. This is achieved through the utilization of inclusive datasets that accurately represent all demographics, the application of fairness metrics to assess equity, and the regular auditing of algorithms to identify and rectify biases.

Data privacy is another essential design aspect. By integrating privacy considerations from the onset—through methods like encryption, anonymization, and federated learning—companies can safeguard sensitive information and foster trust among users. Transparency is bolstered by selecting interpretable models and clearly communicating AI processes and limitations to stakeholders.

Leveraging Tools and Governance for Responsible AI

The realization of responsible AI is facilitated by a range of tools and technologies. Explainability tools, such as SHAP and LIME, offer insight into AI decision-making. Meanwhile, privacy-preserving frameworks like TensorFlow Federated support secure data sharing for model training.

Governance frameworks are pivotal in enforcing responsible AI practices. These frameworks define roles and responsibilities, institute accountability measures, and incorporate regular audits to evaluate AI system performance and ethical compliance.

The Future of Responsible AI

Responsible AI transcends a mere technical challenge to become a moral imperative that will significantly influence the trajectory of technology within society. By championing its principles, organizations can not only mitigate risks but also drive innovation that harmonizes with societal values. This journey is ongoing, requiring collaboration, vigilance, and a collective commitment to ethical advancement as AI technologies continue to evolve.

Reach out to us at open-innovator@quotients.com or drop us a line to delve into the transformative potential of groundbreaking technologies. We’d love to explore the possibilities with you