Related to Tampering in the STRIDE model for performing threat-modeling analyses:
Do you ensure that all data is collected before using it?
Do you have a way to determine if the data is valid or out of date?
Are protections in place to prevent tampering?
Do you have a data retention/deletion policy in place for each data store?