Browse Scrum.org Certification Guides

PSM-AI Essentials Confidentiality, Access, and Data Handling

April 9, 2026

Study PSM-AI Essentials Confidentiality, Access, and Data Handling: key concepts, common traps, and exam decision cues.

On this page

AI tools can create value quickly, but they can also create security and confidentiality risk just as quickly. PSM-AI Essentials questions often test whether you know when AI use is inappropriate because the context, data, or access model is unsafe.

Guardrail table

Question Stronger action
Does the prompt include sensitive or protected information? reduce, anonymize, or avoid the tool entirely
Is the AI tool approved for the context? verify before use
Can the output affect a meaningful team or product decision? require human review and traceability

Safer-use filter

    flowchart LR
	    A["Need AI help"] --> B["Is the data sensitive or personal?"]
	    B --> C["Minimize, anonymize, or avoid sharing it"]
	    C --> D["Use only approved tooling"]
	    D --> E["Review the output before acting"]

What stronger answers protect

The stronger answer usually starts with exposure risk, not output convenience. Scrum transparency does not mean unrestricted sharing of sensitive information with external tools.

Decision cues

Situation Stronger Scrum Master instinct
personal or conflict-heavy information avoid raw sharing unless the context is clearly safe and approved
team notes that influence action require review before decisions are made
convenience is the only clear benefit slow down and reassess the real need

Example

A Scrum Master wants AI to summarize a team conflict discussion that contains personal performance details. The stronger answer is to avoid sharing that raw content with an unsafe or unapproved tool and to protect confidentiality before seeking convenience.

Exam scenario

A Scrum Master wants to paste raw one-on-one feedback, salary frustrations, and interpersonal conflict notes into an AI tool to prepare for a Retrospective. The stronger answer usually rejects that approach first on confidentiality and context grounds, even if the generated summary might be useful.

Common pitfalls

  • Treating internal information as automatically safe to paste into any tool.
  • Assuming a good use case removes the need for access review.
  • Focusing only on output quality and ignoring data exposure.
  • Confusing team openness with public disclosure.

Sample Exam Question

What is the strongest first check before using AI on Scrum Team content?

A. Whether the data can be shared safely in that tool and context
B. Whether the tool produces polished language
C. Whether the Scrum Master can save time by automating the step
D. Whether the team finds the tool enjoyable to use

Best answer: A

Why: Responsible AI use starts with safe data handling and context-appropriate access.

Why the others are weaker: B, C, and D may matter later, but they do not outrank security and confidentiality.

Revised on Monday, April 27, 2026
2.2 Human review, bias, and Done