Module: 2/4
Lesson: 7/6
Exercises:
Previous Next
Module 2 | Exercises

Your Personal Data Policy

Exercise 4: Your Personal Data Policy

This is the core exercise. Write down three specific data categories that you will handle differently starting now. For each category, document: What was your previous practice? What will your new practice be? What alternative approach — a different tool, manual work, local AI, or something else — will you use when this data type comes up?

These three data categories are your personal data policy. They are the boundaries you're setting for yourself. They should be specific enough that you can apply them: not "sensitive data" but "client names and project details," "medical appointments," "financial account information," or whatever actually applies to your situation.

Your personal data policy doesn't need to cover every possible data type. It covers the specific areas where you've made a conscious decision to change. This exercise is meant to be action-oriented: after you complete it, you have documented boundaries that you can follow.

Module 2 Deliverable

Your personal data policy: three specific data categories you will handle differently starting now, with the reasoning documented. This is the tangible output of this module. It doesn't need to be long. It should be specific and actionable.

What This Module Didn't Cover

This module does not provide guidance on enterprise data governance architecture and frameworks, or on regulatory compliance in technical depth (GDPR, HIPAA, CCPA, SOC 2). It does not address data loss prevention systems or formal data classification methodology in a technical sense. If your role involves formal compliance obligations — if you work in legal, healthcare, finance, or a similar regulated field — the information in this module is context for your decision-making, not a substitute for consulting with your legal or compliance team. Know your organization's legal obligations and ask your compliance team how they apply to AI tools.

Connecting Forward

Module 3 shifts the focus from your data to the AI tools themselves as a vulnerability. When AI processes external content — emails, documents, web pages — that content can be manipulated. Your data is one exposure. The attack surface created when you build or use AI-powered workflows is another. That's what Module 3 covers.

Module 2 · AI Security Essentials

🔒

This lesson is premium

Get full access to AI Security Essentials — all modules, all lessons, lifetime access.

Already purchased? Sign in to restore access.

Previous Next