In light of the recent controversy surrounding Italy’s OpenAI’s ChatGPT, expert Richard Forrest emphasizes the importance of being vigilant while using AI tools in any work environment. In particular, he has provided practical guidance on how to use such tools in a safe, secure and compliant manner.
Despite the potential benefits of Generative AI tools, such as ChatGPT, for companies and organizations, many are not educated on how to use these tools. In particular, caution must be taken to ensure confidential data and information is not disclosed, as this may put the business in a breach of GDPR regulations.
Recent investigations conducted by Cyberhaven revealed that sensitive data makes up 11% of the information being copied and pasted into OpenAI’s ChatGPT. The research even highlighted a medical practitioner who inputted a patient’s details into the chatbot, thus illustrating the potential ramifications of using these tools carelessly.
Because of this, is it essential for businesses to proactively protect themselves and ensure compliance. An effective way to do this is to provide staff with training on introductory topics such as personal data protection and security. Furthermore, employees should be aware of current legal requirements, and what they need to do to maintain compliance.
Apart from regular training, businesses should also take great caution when dealing with Large Language Models (LLMs). For example, it is important to consider the implications of ChatGPT using personal data for training and whether this data could regurgitated to a third party. It is also essential to make sure that any confidential business information, such as trade secrets or client data, is not recklessly entered into the chatbot.
Following Italy’s recent run-in with OpenAI’s ChatGPT, the data protection regulator has requested the AI tool to provide users with specific methods, logic and tools to ensure they remain compliant with GDPR and can request the deletion of any personal data inaccurately generated. However, it is yet to be seen whether these measures are sufficient to address potential risks.
Thus, businesses must be proactive in protecting themselves to ensure compliance with GDPR. By offering staff data protection and security training and implementing measures to prevent confidential information being exposed, businesses can be better equipped to protect themselves from inadvertently breaching GDPR regulations.
