Subscribe to the Non-Human & AI Identity Journal

Who is accountable when personalised communications are wrong or intrusive?

Accountability sits with the firm’s data, advisory, and channel owners together, because personalised communications are a shared outcome of content, access, and workflow design. If behavioural data is reused beyond its intended purpose or a machine prompt bypasses human review, ownership needs to be explicit before the message reaches the client.

Why This Matters for Security Teams

Personalised communications fail in two different ways: they can be materially wrong, or they can be technically accurate but operationally intrusive. The accountability question matters because the harm rarely comes from a single decision. It usually emerges where data governance, content approval, channel orchestration, and identity controls overlap. When behavioural data is reused beyond its original purpose, the issue is not just messaging quality, but whether access and purpose limitation were enforced at all.

That is why this is not simply a marketing governance problem. It is also a control problem tied to non-human identities, workflow automation, and the permissions that let systems assemble and send messages at scale. NHIMG’s Ultimate Guide to NHIs notes that 97% of NHIs carry excessive privileges, which helps explain how automated communication paths can expand faster than oversight. In practice, many security teams encounter intrusive client messaging only after a workflow has already routed the wrong data through the wrong channel.

How It Works in Practice

Accountability should be assigned to the firm’s data owner, the advisory or product owner, and the channel owner, but their responsibilities are different. The data owner determines whether the data can be used for personalisation. The advisory or product owner defines whether the message is appropriate for the client context. The channel owner controls how the message is assembled, approved, and delivered. If an AI agent or automation chain is involved, the system itself must also be treated as a governed workload with explicit identity, scoped access, and logging.

Good practice is to separate three controls: purpose approval, content approval, and delivery approval. That separation reduces the chance that a single prompt, template, or integration can bypass review. The NIST Cybersecurity Framework 2.0 is helpful here because it reinforces ownership, risk management, and continuous oversight, even when the workflow is automated.

  • Use named business owners for personalisation logic, not just platform administrators.
  • Log which data fields were used, which identity accessed them, and which workflow sent the message.
  • Require human approval for higher-risk segments, sensitive life events, or regulated advice.
  • Limit machine-generated content to approved templates and controlled data sources.
  • Review non-human identities, service accounts, and API keys with the same seriousness as human access.

Where this becomes especially important is in AI-assisted channel orchestration. If a model can generate a message, select a segment, and trigger delivery, then the control boundary is no longer only about content review. It is about whether the agent had the right to infer, decide, and act on behalf of the firm. Best practice is evolving, but current guidance suggests that approval records should show who allowed the data use, who approved the message logic, and who authorized the final send. These controls tend to break down in high-volume personalisation environments because rapid campaign changes outpace permission reviews and human sign-off.

Common Variations and Edge Cases

Tighter approval controls often increase operational overhead, requiring organisations to balance speed against client protection. That tradeoff becomes visible in fast-moving campaigns, cross-sell journeys, and service communications where teams want automation to reduce friction. But not every personalised message carries the same risk. A routine account reminder is different from a message that references spending patterns, health signals, vulnerability cues, or financial stress.

There is no universal standard for this yet, but current guidance suggests using risk tiers. Low-risk communications can use pre-approved templates and standard workflow checks. Higher-risk communications need stronger review, tighter data minimisation, and clearer audit trails. If an AI system is generating or adapting the message, the firm should also consider whether the underlying non-human identity has been granted more access than the task requires. The NHIMG Ultimate Guide to NHIs is especially relevant on this point because remediation often lags behind exposure, leaving long-lived credentials and overly broad access in place after workflows have changed.

In edge cases, accountability can also extend to third-party processors, cloud channel providers, or embedded automation tools, but the firm remains accountable for the decision to use them. In regulated environments, that means ownership must be documented before the message is sent, not reconstructed after a complaint arrives.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-01 Personalised messaging workflows rely on NHIs with excessive access.
NIST CSF 2.0 GV.RM-01 Risk ownership and accountability are central to personalised communications.
NIST AI RMF AI RMF governs accountability for automated content generation and use.

Document who authorizes model use, review, and final send decisions for personalised messages.