While a Non-Disclosure Agreement (NDA) ensures confidentiality and GDPR documents address broad regulatory compliance, a Data Processing Notice (DPN) serves a distinct, critical function: transparency. For an AI red team engagement, the DPN is a formal declaration to the client detailing precisely how, why, and for how long their data will be processed. It demystifies the “black box” of the testing process from a data governance perspective, building trust and ensuring all parties have a clear, shared understanding of data handling protocols.
This document is not merely a formality; it is a cornerstone of professional conduct and risk management. It preemptively answers questions from the client’s legal, compliance, and IT security teams, streamlining the engagement’s setup phase. By providing this notice proactively, you demonstrate a mature approach to data protection that goes beyond simple contractual obligations.
Key Components of a Data Processing Notice for AI Red Teaming
An effective DPN for an AI security engagement should be specific and unambiguous. It must address the unique nature of the data involved in testing AI systems. The following components form the backbone of a comprehensive notice.
| Component | Description & AI Red Teaming Context |
|---|---|
| Controller & Processor Identification | Clearly defines the roles. The client is the Data Controller, as they determine the purposes and means of processing. Your red team is the Data Processor, acting on the client’s instructions. |
| Purpose of Processing | This must be explicit. Go beyond “security testing.” Specify activities such as “adversarial prompt injection to test for instruction hijacking,” “model inversion attempts on anonymized data subsets,” or “simulated data poisoning attacks on a sandboxed copy of the training data.” |
| Categories of Data | Itemize the types of data you will handle. This may include:
|
| Legal Basis for Processing | Typically, the legal basis under regulations like GDPR is the “performance of a contract” (the red teaming agreement) and “legitimate interests” (the client’s interest in securing their AI system). Stating this explicitly demonstrates legal awareness. |
| Data Security Measures | Describe your technical and organizational controls. Mention encryption (e.g., AES-256 at rest, TLS 1.3 in transit), access control mechanisms (e.g., role-based access control, MFA), and secure environments (e.g., isolated cloud VPCs). |
| Data Retention & Deletion | State a concrete timeline. For example: “All client-provided and system-generated data will be securely deleted within 30 days of project completion and final report delivery. Red team-generated reports will be retained as per the contractual agreement.” |
| Sub-processors & Data Transfers | Disclose if you use any third-party services (sub-processors) to process data, such as cloud providers (AWS, GCP, Azure). If data is transferred across borders, specify the legal mechanisms used (e.g., Standard Contractual Clauses). |
Operationalizing the DPN in Your Workflow
The DPN should be integrated into your engagement lifecycle from the very beginning. It is not an afterthought but a foundational document presented alongside the Statement of Work (SOW) and NDA. This proactive approach prevents delays and demonstrates professionalism.
Sample Data Processing Notice Template
The following template provides a structural guide. You must adapt it to the specific legal requirements of your jurisdiction and the details of each engagement. Always consult with legal counsel.
Data Processing Notice for AI Red Teaming Engagement
Effective Date: [Date]
Engagement Reference: [Project ID / SOW Number]
1. Parties
Data Controller: [Client Name, Address] (“Client”)
Data Processor: [Your Company Name, Address] (“Processor”)
2. Purpose of Data Processing
The Processor will process data provided by the Client for the sole purpose of conducting a security assessment of the AI system known as [AI System Name]. Activities include, but are not limited to, testing for prompt injection vulnerabilities, evaluating model robustness against adversarial examples, assessing data privacy risks through model inversion simulations, and identifying potential for unintended biased outputs.
3. Categories of Data Processed
The following categories of data will be processed:
- Client-Provided Datasets: Anonymized/synthesized data subsets for testing purposes. No production PII will be processed without explicit, separate authorization.
- API Interaction Data: Prompts submitted to and outputs received from the AI system’s API endpoints during testing.
- System Logs: Relevant, time-limited access to performance and security logs of the sandboxed test environment.
4. Data Security & Confidentiality
All data will be processed within a secure, isolated environment hosted on [Cloud Provider, e.g., AWS] in the [Region, e.g., us-east-1] region. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Access is restricted to named personnel of the Processor via multi-factor authentication.
5. Data Retention and Deletion Policy
All Client-provided data and system-generated data related to this engagement will be processed for the duration of the project, [Start Date] to [End Date]. Following the delivery of the final report, all such data will be securely and permanently deleted from the Processor’s systems within 30 calendar days.
6. Acknowledgement
By proceeding with the engagement, the Client acknowledges they have read and understood this Data Processing Notice.