Yes, this is obviously one question that can't be answered in a single, general manner.
* If some I2C transmission replies with a NACK, there is no data to speak of. If that was a write transfer that is supposed to trigger an action on the I2C slave and you get a NACK, then you just don't know. The slave device may have received the command and executed it, and the NACK comes from a signal integrity problem. Or the device may just have malfunctioned and done nothing at all. Or something you didn't expect.
* If all your transfers get an ACK, that's not always sufficient to assume that everything went right. If you are reading data and the values are critical, ideally select an I2C device that has embedded CRC - quite a few sensors do have that. Favor devices that compute CRCs and check the CRCs.
* If you have no way of checking data integrity (such as CRCs), then you are on your own and will do what needs to be done when measurements can't be trusted. It all depends on the application. Sometimes just an average is OK. Other times you'll add redundancy with additional sensors. You'll also check the returned values to reject values that make no sense. It can be tricky. Doing that can lead to rockets crashing.
* When the associated risk is critical, it's tough shit.
But to sum up:
- Use CRCs when CRCs are available and favor devices that handle them.
- Use redundancy if that's economically viable.
- Validate sensors values just as you should validate all of your inputs. (This one can get very tricky though as I said above. But do it at least as best as you reasonably can.
- Unless not critical at all, never assume anything about the range of values you *should* be getting, never settle for "this particular case should never happen, so let's ignore it." It rarely ends well.
Just a few pointers. Now the way to handle things if none of the above leads to a recoverable state entirely depends on the application.