Categories
DTQ Data Trust Quotients Events

Report: AI Memory and Data Retention- How Much Should Machines Be Allowed to Remember?

Categories
DTQ Data Trust Quotients Events

Report: AI Memory and Data Retention- How Much Should Machines Be Allowed to Remember?

A report on the closed-door leadership dialogue hosted by DTQ (Data Trust Quotient), bringing together CISOs, risk advisors, and AI governance leaders to examine whether enterprises can truly delete what an AI system has learned.

About the Platform: DTQ

DTQ — the Data Trust Quotient — is a leadership dialogue platform focused on AI governance, privacy, and data security. The series brings together the people directly responsible for these decisions: Chief Information Security Officers (CISOs), data protection leads, and AI governance practitioners, for candid, closed-door conversations about where the industry is heading.

This session opened with the discussion around a real-world flashpoint: a U.S. court order compelling OpenAI to preserve all ChatGPT conversations — including those users had deleted — as part of its ongoing copyright litigation with The New York Times. The episode illustrated how, once a machine has “remembered” something, true deletion becomes a far harder problem than most organizations assume.

The Panel

The discussion was steered by a moderator and featured three senior practitioners spanning cybersecurity, enterprise IT, and risk advisory:

RolePanelist & Profile
ModeratorMohit Sharma — Cybersecurity Advisor, Baker Hughes. Works in industrial and operational technology, where questions of what gets logged, stored, and retained carry real operational consequences.
PanelistAniruddha Mehta — Partner, Risk Consulting, EY. Advises organizations on data privacy, the DPDP Act, and AI/data risk governance as regulation evolves.
PanelistVinod Nair — CISO, leading cybersecurity and IT infrastructure across large enterprise and SAP environments, bringing a practitioner’s view of enterprise data governance at scale.
PanelistRohit Ponnapalli — Global CISO, Envoy Global. Over 14 years building security from the ground up, including running information security for 30,000 people across 11 locations and architecting security operations centers for state governments and India smart-city projects.

Session Report

Opening Question: Who Wins — Privacy Law or Algorithmic Memory?

Moderator Mohit Sharma framed the central tension: privacy laws are built on the principle that individuals can be forgotten, while AI systems are built on the principle of learning from what they remember. He asked the panel directly — in one line, can a company truly forget a person today?

“This is the illusion of absolute erasure in Gen AI. The right to be forgotten, codified under Article 17 of GDPR and Section 12(3) of India’s DPDP Act, grants data principals the right to demand erasure — but generative AI systems store data in two distinct states: explicit storage and implicit parametric storage. Erasing from explicit storage (vector databases, caches, logs) is technically feasible. Erasing from implicit parametric storage — the billions of weights inside a trained model — is practically impossible, because no single data point resides in an isolated, identifiable location.”

— Aniruddha Mehta, Partner – Risk Consulting, EY

Mehta outlined four technical paths organizations can use to bridge this gap:

  • Exact unlearning — deleting clearly targeted data outright.
  • Approximate unlearning — offering no absolute guarantee of erasure, but relying on probabilistic reduction of a data point’s influence.
  • Concept-level / cohort unlearning — removing influence at the level of a defined group (e.g. by department or team), which is easier to isolate and action.
  • CSA architecture (shared, isolated, sliced, and aggregated training design) — a more efficient, consent-aligned design for targeted retraining.

His conclusion: the tension between contextual utility and legal liability is best managed not as a fight between privacy and AI, but through responsible AI design as the operating principle.

Panelist Vinod Nair added a regulatory-timeline perspective, noting that India’s IT Act 2000 was followed by the IT Rules 2021 and that the DPDP Act is expected to come into force around May 2027. He stressed the need to track evolving model architectures — autoregressive LLMs, masked language models, sequence-to-sequence and retrieval-augmented models — and to embed standard data-loss-prevention (DLP) practices directly into AI deployments.

Rohit Ponnapalli, Global CISO at Envoy Global, offered a starkly practical view: with prompts, chat histories, and retrieval-augmented (RAG) models now layered across every tool and vendor in an enterprise, organizations frequently have no reliable way of knowing where their data actually resides — making proof of deletion nearly impossible at scale.

“Every department has multiple third-party vendors, and every tool has AI built in already. Where do you even delete the data — your laptop, your AI models, or your vendor’s systems? We have no idea where the data resides with all this AI in place.”

— Rohit Ponnapalli, Global CISO, Envoy Global

Ponnapalli proposed grounding AI memory governance in privacy-by-design and zero-trust principles, layered across three planes: strategy (how long data should be retained), tactics (how AI models and third parties are onboarded), and operations (data mapping). His view: if an organization can achieve reliable data mapping, retention controls and purpose definition become possible — and roughly 90% deletion success is achievable even in the AI era.

Categorizing AI Memory by Risk

Moderator Sharma turned the discussion toward practice: should session memory, user memory, organizational memory, and training data be treated as different risk categories — and what should be kept?

Mehta proposed a four-part risk-utility framework for classifying data before deciding how it should be governed:

Data ClassAI UtilityRegulatory RiskRecommended Action
Interaction / informal data (logs, raw text)Low long-term valueHigh — unsolicited PII riskAggressive erasure; automated TTL protocols
Inferred / analytical data (behavioral profiles, risk flags)High — personalization, automationSevereCohort-level unlearning; purpose-bound grouping
Demographic / trend data (anonymized)High — fairness tuning, model stabilityLow, if irreversibly anonymizedRetain under audit; verify re-identification resistance
Sensitive financial / health dataFraud detection, diagnosticsMaximum — sector and cross-border lawsFederated architecture; strict access controls; segregate memory from weights

Vinod Nair built on this with an enterprise security lens, identifying three foundational controls: a documented data inventory and classification system, enforced identity controls, and encryption that is never standardized indefinitely — since static encryption algorithms become predictable targets over time. He also called for regular red-team exercises, defined playbooks for memory abuse or model leakage, and clear deletion workflows tied to defined retention periods.

He further distinguished organizational memory needs by seniority and exposure: persistent profiles tied to senior executives (e.g. a CIO or CEO) require separate, higher categorization and protection than standard user or session memory, given the greater risk of profiling or targeted leakage.

Should AI Remember Everything It Can?

Sharma posed a pointed question to Ponnapalli, whose background spans smart-city and public-sector systems: just because a system can remember something, does it mean it should?

“Just because you have unlimited data storage, you should not keep storing the data. There should be a boundary to what you want to store.”

— Rohit Ponnapalli, Global CISO, Envoy Global

Ponnapalli illustrated the point with a consumer example — automated calls nudging customers to complete abandoned cart purchases — to show how easily “customer experience” framing can stretch the boundary of acceptable data use. He recommended segregating storage by data type (PII versus service-quality or analytics data), applying regulation-driven retention periods (citing seven years as a common standard for PII in his sector), and using DLP and DSPM tooling to maintain visibility into where data is flowing and which systems are using it.

He also offered a candid status check on enterprise AI maturity: most organizations remain at the proof-of-concept stage, with AI largely permitted to read data — but not yet trusted to write, execute, or delete it autonomously.

Board-Level Governance and Accountability

As the discussion moved toward governance at the top of organizations, Mehta argued that overseeing AI memory has moved beyond a technical concern into a fiduciary duty for boards, particularly where AI informs credit decisions, financial crime monitoring, and forecasting.

“A company may execute a delete query on a relational database to satisfy a regulatory audit, but if the AI system continues to make automated decisions based on hidden patterns learned from those deleted records, the board remains exposed to severe legal, financial, and reputational jeopardy.”

— Aniruddha Mehta, Partner – Risk Consulting, EY

He set out three governance imperatives for boards:

  • Demand algorithmic transparency and explainability — rejecting black-box systems for critical operations, and ensuring decisions can be traced back to the parameters and data that drove them.
  • Implement responsible AI checkpoints — maintaining an enterprise-wide inventory of all AI models (built, deployed, or procured), with mandatory Data Protection Impact Assessments (DPIAs) before deployment and risk-tier classification across the AI lifecycle.
  • Enable human accountability in agentic systems — building clear boundaries, accountability mechanisms, and human-in-the-loop overrides directly into system architecture as AI moves from flagging issues to acting on them autonomously.

Audience Q&A Highlights

The moderator relayed several audience questions from the chat for rapid-fire responses:

  • Do we need dedicated standards for AI memory and retention, similar to information security standards? Vinod Nair: Yes — existing frameworks such as ISO/IEC 27001 and 42001 provide a starting control criteria, but organizations need specific, auditable controls mapped to applicable regulations (IT Act, DPDP, and sector-specific clauses) to track AI-specific risks such as RAG pipeline design and vector database/cache access.
  • How should AI data governance be embedded into vendor relationships? Aniruddha Mehta: Treat data protection policy as a core part of vendor assessment and re-assessment, the same way sectors like pharma conduct vendor risk reviews before deployment.
  • Is compliance ever a fixed, one-time state? Rohit Ponnapalli: No — there is no such thing as point-in-time compliance. An organization can be compliant at the moment of an audit and fall out of compliance shortly after as systems and data continue to evolve, which is why governance must be continuous and unbiased.
  • If advising a startup building AI with persistent memory, what is the first question founders should ask? Rohit Ponnapalli: Start with the basics — what data is being collected, and specifically what is the AI being asked to remember (PII, behavioral data, business intelligence)? Then stress-test the downside: what happens if this data leaks, and what would that cost the business in trust, customers, or survival?

Key Insights

  • Complete erasure from a trained AI model is not currently achievable — deleting a source record removes it from explicit storage, but its statistical “fingerprint” can remain embedded in the model’s parametric weights.
  • Four technical approaches — exact unlearning, approximate unlearning, cohort-level unlearning, and federated (CSA) architecture — offer practical, if imperfect, paths to manage this gap.
  • Not all AI memory carries equal risk. A four-tier data classification framework (interaction data, inferred/analytical data, anonymized trend data, sensitive financial/health data) helps determine the right retention and governance response for each.
  • Most organizations cannot currently map where their data — or its AI-driven derivatives — actually reside across departments, vendors, and embedded AI tools, making provable deletion a major operational gap.
  • Responsible AI governance must operate at three levels simultaneously: strategic (policy and retention limits), tactical (model and vendor onboarding), and operational (data mapping and controls).
  • Boards are increasingly exposed to fiduciary liability when AI systems continue to act on patterns learned from data that has technically been deleted from source systems.
  • As AI moves toward agentic, autonomous action, human-in-the-loop oversight and clear accountability boundaries must be designed into system architecture from the outset — not added afterward.
  • Compliance is not a fixed, point-in-time state; with AI systems continuously evolving, governance and audit processes must be continuous and unbiased.
  • Regulatory timelines are tightening — India’s DPDP Act is expected to be enforced around May 2027 — making early investment in data classification, vendor assessment, and retention controls a near-term priority rather than a future concern.

Closing Note

The session closed with the panel agreeing that the boundaries of “responsible AI” are still being actively written, and that the conversation — including several audience questions that could not be addressed live — is expected to continue in a follow-up DTQ session. The discussion underscored a consistent theme across all four speakers: as AI systems become more persistent and context-aware, remembering and forgetting are no longer purely technical actions — they are business, security, and governance decisions that boards, CISOs, and risk leaders must own together.

Categories
Success Stories

Starbucks’ Digital Flywheel: Revolutionizing Customer Experience Through AI

Categories
Success Stories

Starbucks’ Digital Flywheel: Revolutionizing Customer Experience Through AI

To meet and surpass client expectations in the dynamic retail and service sectors, businesses must continuously innovate. Starbucks, a market leader in coffee shops worldwide, has demonstrated this with its ground-breaking Digital Flywheel approach. Starbucks has created a smooth and customized customer experience by utilizing data analytics and artificial intelligence (AI), which not only increases customer pleasure but also boosts operational efficiency. This case study explores Starbucks’ Digital Flywheel strategy’s main elements and effects, showing how the business has used technology to maintain its lead in a cutthroat industry.

Key Components of the Digital Flywheel

Analytics and Data Gathering

The foundation of Starbucks’ Digital Flywheel strategy is data collection and analytics. Starbucks collects a lot of information about its customers’ tastes, buying patterns, and contextual elements like location and weather thanks to its rewards program and mobile app, which have over 17 million users. Starbucks’ individualized marketing strategy and product offerings are based on this data. Starbucks can adjust its marketing strategies to match the unique requirements and preferences of its consumers by examining what they order, when they order it, and how frequently they come.

• Data Integration: Starbucks is able to develop a thorough picture of every consumer by combining data from several sources. By using a comprehensive strategy to data collecting, the business is able to comprehend the complex tastes and behaviors of its clientele.


• Contextual Insights:
Starbucks’ marketing techniques are greatly influenced by variables like geographical information and weather. For example, the app may recommend a cold beverage on a hot day and a hot cup of tea or coffee on a chilly day.

Personalized Customer Experience

The Digital Flywheel strategy’s capacity to deliver a customized client experience is one of its most notable aspects. Starbucks is able to provide its consumers with personalized recommendations by utilizing artificial intelligence. For instance, the point-of-sale system can recognize a consumer via their app and recommend their preferred orders when they visit a new location. Similar to being recognized by a familiar barista, this customized touch gives consumers a sense of worth and understanding.

• Targeted promos: By sending personalized promos according to each user’s past purchases, the app increases user engagement and promotes return visits. The purpose of these promos is to appeal to the individual tastes of each consumer, increasing the likelihood that they will take action.

• AI-Powered Suggestions: By utilizing AI, Starbucks is able to continuously improve its suggestions, guaranteeing that consumers find fresh goods that suit their preferences. The consumer experience is kept interesting and novel by this dynamic approach.

Seamless Ordering Process

Convenience and efficiency are essential to the Digital Flywheel approach. Customers may submit orders ahead of time with features like Mobile Order & Pay, which drastically cuts down on wait times. With mobile transactions making up around 25% of total purchases, this service has been incredibly successful. Customers may now place orders via voice commands or SMS thanks to the addition of a virtual barista feature, which greatly simplifies the ordering procedure.

• Order Customization: Clients may tailor their orders to their precise requirements, guaranteeing that they will always receive what they need.
• Real-Time information: The app keeps users informed at every stage of the order’s journey by providing real-time information on its status, from preparation to pickup.

Continuous Innovation

Starbucks’ use of consumer data to guide menu changes and product development demonstrates its dedication to ongoing innovation. Starbucks may launch new goods that address changing consumer tastes by examining purchase patterns. For example, insights from user data led directly to the creation of unsweetened iced tea choices.

Product Testing: Before launching new items worldwide, Starbucks tests them in a few markets using data. This data-driven strategy guarantees that consumers will accept new products.
• Finding New Products: The business uses machine learning methods to continuously improve its suggestions, making sure that clients find new products that suit their preferences.

Impact on Customer Satisfaction

Starbucks has seen a number of benefits from the implementation of the Digital Flywheel strategy, including a notable increase in customer happiness and operational effectiveness.

Increased Customization

Consumers take pleasure in a customized, engaging, and intimate experience. Having the option to get specials and recommendations that suit their tastes promotes repeat business and loyalty. Customers feel appreciated and understood because to this individualized approach, which is similar to interacting with a friendly barista.

Enhanced Practicality

For busy customers, being able to place their orders in advance and avoid lineups has changed everything. Wait times are greatly decreased by mobile order and pay, especially during busy hours. For consumers who value efficiency in their everyday activities, this convenience is essential.


• Time Savings: By avoiding large lineups and having their orders ready when they arrive, customers save a significant amount of time.
• Less Friction: Customers may more easily and swiftly obtain their preferred food and drink products thanks to the smooth ordering process.

Stronger Customer Engagement

Customers remain interested in the Starbucks brand thanks to tailored recommendations and targeted advertising. The app’s capacity to give pertinent deals and recommendations improves consumer engagement and strengthens their sense of brand loyalty.

• Loyalty Programs: By providing points and discounts, the rewards program encourages return business and bolsters client loyalty.
• Interactive Features: Customers get a more engaging and interactive experience thanks to features like real-time order updates and a virtual barista.

Improved Operational Efficiency

Starbucks can react quickly to shifting customer preferences by using data analytics for product offers and inventory management. Through resource optimization and waste reduction, this agility guarantees that the business successfully satisfies client needs.

• Inventory Optimization: Starbucks lowers the risk of overstocking or understocking by using predictive analytics to manage inventory more skillfully.
• Supply Chain Efficiency: Starbucks is able to ensure that the correct items are accessible at the right time by streamlining its supply chain using data-driven insights.

Takeaway

Starbucks’ Digital Flywheel approach demonstrates how AI and data analytics may revolutionize consumer experiences. Starbucks has developed a customer-centric strategy that meets the demands of contemporary consumers by combining data collecting, tailored suggestions, easy ordering procedures, and ongoing innovation. Stronger client interaction, more convenience, better customisation, and higher operational efficiency are all clear benefits of this approach. Starbucks is in a strong position to hold into its top spot in the cutthroat coffee shop industry as long as it keeps innovating and improving its Digital Flywheel.

Categories
Applied Innovation Retail

From Chatbots to Humanoids: A Look at the Diverse World of Virtual Beings

Categories
Applied Innovation Retail

From Chatbots to Humanoids: A Look at the Diverse World of Virtual Beings

A Virtual Being is a conversational avatar intended for lifelike human interaction driven by AI. An avatar is a digital representation of a person in a virtual environment used for communication or self-expression. Virtual beings, on the other hand, rely on cutting-edge technology like AI, NLP, and ML and are more complicated creatures created to interact with people in a lifelike manner. Even though both involve developing a digital image of a person, virtual beings are far more advanced and have a wider range of practical uses.

Virtual beings can be used for a range of tasks, including companionship, customer service, and entertainment. The capability of virtual entities to converse with humans in normal language is one of their distinguishing characteristics. They can appear in a variety of ways, such as animated characters on a screen or as humanoid robots. Additionally, they can be tailored to fit particular requirements and preferences by changing things like age, gender, and personality. Virtual beings can be endowed with a variety of different technologies, like facial recognition, emotion detection, and gesture recognition, in addition to their conversational skills. This enables individuals to react to non-verbal cues and engage in more subtle interactions with people.

Examples of Virtual Beings

Chatbots and realistic humanoid robots are only two examples of increasingly common virtual entities. Mitsuku, a chatbot created by Steve Worswick, has received recognition for its capacity to carry on frank discussions with people. Another chatbot that adapts its replies based on human input is Replika. Magic Leap’s AI-driven chatbot Mica employs spatial computing to provide an immersive experience. Hanson Robotics created Sophia, a humanoid robot that can replicate facial expressions and have casual conversations with people. Last but not least, Soul Machines’ AI-powered virtual Zoe has been deployed in customer service applications and can communicate authentically with people.

Technologies Used in Virtual Beings

Virtual beings are made possible through a combination of several technologies, including artificial intelligence (AI), natural language processing (NLP), computer graphics, and machine learning (ML). AI forms the foundation of virtual beings, enabling them to understand and respond to human input in a natural and engaging way. NLP is used to teach virtual beings to understand and interpret human language, from casual speech to formal language. Computer graphics play an essential role in creating the visual representation of virtual beings, including their appearance and movements. ML algorithms train virtual beings to recognize patterns and make predictions based on large datasets of information, such as language or image data. Augmented reality (AR) and virtual reality (VR) technologies can be used to create immersive experiences with virtual beings, overlaying virtual objects onto the real world or creating entirely virtual environments for users to explore. As these technologies continue to evolve and improve, virtual beings will become even more advanced and capable, opening up new possibilities and applications in various industries

Natural language processing (NLP), machine learning (ML), and computer graphics are some of the technologies used to program virtual entities. The construction of a 3D model or avatar that will serve as the virtual being’s representation is usually the first step in the programming process for virtual beings. This may entail creating the avatar’s physical attributes, such as its look, attire, and range of motion. Next, natural language processing is used to give the virtual being the ability to comprehend and react to human input. For the virtual entity to comprehend and provide natural language replies, extensive linguistic training is required.

The market for Virtual Beings:

In a number of sectors, including healthcare, education, and entertainment, virtual beings are becoming more and more common. They provide a number of advantages, including scalability, personalization, and availability around the clock.

The market for virtual beings is expected to grow significantly in the coming years. According to a report by MarketsandMarkets, the global virtual and augmented reality market, which includes virtual beings, is projected to reach USD 125.32 billion by 2026, with a compound annual growth rate (CAGR) of 43.8% from 2021 to 2026.

The use of virtual beings is becoming increasingly popular in a range of industries, including healthcare, education, entertainment, and customer service. In the healthcare industry, virtual beings are being used to provide patient support and therapy, while in education, they are being used for virtual tutoring and training.

In the entertainment industry, virtual beings are being used for gaming and virtual experiences, while in customer service, they are being used to provide personalized assistance and support. The COVID-19 pandemic has also accelerated the adoption of virtual beings, as more companies and organizations look for ways to interact with customers and users remotely.

As virtual beings become more advanced and capable, they are likely to be used in even more industries and applications. For example, virtual beings could be used in manufacturing and industrial settings to improve productivity and safety, or in the automotive industry to provide virtual driving assistants.


Overall, the market for virtual beings is expected to continue growing as more companies and organizations look for ways to leverage AI and virtual technologies to improve customer experiences and streamline operations.

Virtual Beings in the Clothing Industry :

Virtual beings can be used in the clothing industry in a number of ways, including virtual try-on experiences, personalized styling, and virtual assistants. One of the most common applications of virtual beings in the clothing industry is virtual try-on experiences. These experiences allow customers to virtually try on clothing items and see how they would look on them before making a purchase. This can be done using augmented reality (AR) or virtual reality (VR) technology, which creates a realistic virtual representation of the clothing item on the customer’s body.

Another use of virtual beings in the clothing industry is personalized styling. Virtual beings can use data about the customer’s body type, style preferences, and past purchases to provide personalized recommendations for clothing items. This can be done through a chatbot or voice assistant that interacts with the customer and offers suggestions based on their input. Virtual assistants can also be used to help customers navigate the online shopping experience. These assistants can answer customer questions, provide product recommendations, and help with checkout and payment processes. They can be powered by AI and NLP technology to provide a natural language conversation experience.

Overall, virtual beings offer a range of opportunities for the clothing industry to enhance the customer experience, increase sales, and improve customer satisfaction. However, the ethical and social ramifications of virtual creatures, such as how they could affect human relationships and how they might be abused, are also a source of worry. It’s important to ensure that these technologies are used in a way that is ethical, transparent, and respects customer privacy.

Please write to us at open-innovator@quotients.com to learn more about Virtual Beings and startups working on its diverse use cases.