Encrypt all collected data at rest and in transit - Never exfiltrate real sensitive data (use proof tokens or synthetic data) - Securely destroy all engagement data after the reporting period - Maintain chain of custody documentation for any evidence collected