Part 2 — For the Developer
Ch. 15 — Data Handling — Retention, Minimization, Encryption
How agents must handle data in motion and at rest — what to keep, what to drop, and how to protect it.
Agents are data-hungry by design. Every piece of data they touch becomes a compliance liability if it is retained longer than necessary, stored unencrypted, or sent to a third-party model without appropriate controls.
LLMs perform better with more context. That creates a constant architectural pressure to load everything available — full conversation history, broad retrieval results, complete records rather than relevant fields. The compliance answer runs directly against that pressure. You must design retrieval to be task-scoped1, not capability-maximizing.
This is not a guideline to follow loosely. Every major framework imposes the same constraint from a different angle:
Platform Agentic
Compliance, governance, and accountability for teams building agentic AI systems.