<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Privacy Archives - Foster Institute</title>
	<atom:link href="https://fosterinstitute.com/category/privacy/feed/" rel="self" type="application/rss+xml" />
	<link>https://fosterinstitute.com/category/privacy/</link>
	<description>Cybersecurity Experts</description>
	<lastBuildDate>Wed, 04 Jun 2025 16:43:44 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://fosterinstitute.com/wp-content/uploads/2021/02/Favicon.png</url>
	<title>Privacy Archives - Foster Institute</title>
	<link>https://fosterinstitute.com/category/privacy/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>AI is Listening: What Executives Must Know about Privacy in the Age of Workplace AI Assistants</title>
		<link>https://fosterinstitute.com/type-and-talk-as-if-youre-being-watched-how-ai-is-erasing-executive-privacy/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Wed, 21 May 2025 02:25:04 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Executive Tips]]></category>
		<category><![CDATA[Executives and IT]]></category>
		<category><![CDATA[Privacy]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6043</guid>

					<description><![CDATA[<p>From now on, if you want to write something you expect to stay private, it&#8217;s a good idea to use a pen and paper or something other than your computer. What you say in online meetings can now be transcribed, stored, and retrieved. Even more concerning, anything you type into a document draft you save, [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/type-and-talk-as-if-youre-being-watched-how-ai-is-erasing-executive-privacy/">AI is Listening: What Executives Must Know about Privacy in the Age of Workplace AI Assistants</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p class="whitespace-normal">From now on, if you want to write something you expect to stay private, it&#8217;s a good idea to use a pen and paper or something other than your computer. What you say in online meetings can now be transcribed, stored, and retrieved. Even more concerning, anything you type into a document draft you save, including angry drafts, can be accessed by AI systems and potentially disclose what you believed to be private information. The same goes for email messages, sent and received. Deleting files, messages, and meeting information and preventing unauthorized copies are more crucial than ever.</p>
<p class="whitespace-normal">Some executives at my keynote presentations say, &#8220;I wish AI would give me answers based on what is happening in our company. I would get so much better results than my generic answers now!&#8221;</p>
<p class="whitespace-normal">Their wish is granted. Retrieval-augmented generation (RAG) means that AI can retrieve your organization&#8217;s information to provide relevant responses, including what&#8217;s happening in your organization. The process is designed to keep the information within your company and not leak it to other companies or third parties.</p>
<p class="whitespace-normal">Some newer workplace AI assistants, like the one you may use today, look at a user&#8217;s permissions and then access documents, meeting transcriptions, and email messages that the user can access, all in real time. If you remove a file, usually within minutes, the data is no longer available for AI retrieval. The rest of this article will refer to this newer type of retrieval. If your organization uses an internal vector database to store information for AI retrieval, deleting a source file won&#8217;t automatically remove the information from AI responses until the tool explicitly refreshes its index.</p>
<p class="whitespace-normal">But the dark side of this fantastic feature is reduced privacy. The AI tools with document or email access permissions are designed to enhance AI&#8217;s responses with information from meetings, emails you send and receive, and files you&#8217;ve saved. The AI tools examine all information, including files saved in your online storage that have accumulated over many years. If someone with the right privileges asks AI a question about a topic or person, unless you deleted all instances of the old meeting notes, email messages, files, and other sources of information, what you said in a meeting or typed into an email or a saved document might appear in the results. Angry messages, failed plans, and long-forgotten mistakes can be resurrected even though you&#8217;ve put them behind you. Undeleted inappropriate jokes a friend emailed you or private conversations with your loved ones through company email could be exposed, too.</p>
<p class="whitespace-normal">Before going any further, let&#8217;s explain what this article covers. When people talk about AI privacy, they are often concerned that what they type into an AI chat tool will leave their organization and show up somewhere else in the world. That&#8217;s not what we&#8217;re covering here. We&#8217;re covering the situation where, although the data stays within your organization, other people in your organization might find out more than they need to know, even without trying. Given a request, AI can quickly return data based on the user&#8217;s privileges without the user needing to find a specific file, message, or meeting. Unfortunately, they might see content they never expected or intended to see, perhaps private or sensitive information they shouldn&#8217;t have access to, a phenomenon dubbed AI &#8220;oversharing.&#8221;</p>
<p class="whitespace-normal">This article focuses on companies with multiple users sharing data instead of a single user or a tiny office with users not using shared storage. However, everyone, including single-computer organizations, should read the section below entitled &#8220;Potentially Dangerous Third-Party AI Assistants.&#8221;</p>
<p>Using AI assistants, information stored in your organization may be available to anyone else in your organization possessing the right access privileges. People no longer need to invest energy to search; as long as they have access rights, they can ask a simple natural language question using AI and find the data in the blink of an eye.</p>
<p>It&#8217;s becoming apparent that humans will be forced to accept this reality. Humans must be very cautious about what they say in a meeting or type into a file they save or in an email. Of course, you have no control over what information someone could send you in an email, making the situation worse.</p>
<p>The good news is that AI tools cannot retrieve data once it is permanently deleted from all systems and backups, assuming the tool you are using for RAG only accesses current content and does not save old content. As of this writing, most reputable tools from organizations with household names respect that once a file is deleted, it is no longer eligible for access by workplace AI assistants. However, due to the sheer volume of information accumulated over the years, finding and deleting old files, meetings, and messages could be nearly impossible.</p>
<p class="whitespace-normal">Software and operating systems that support gathering your and your organization&#8217;s data to provide more relevant answers (RAG) usually include multiple privacy safeguards. However, protections can be bypassed in certain circumstances, such as an official e-discovery.</p>
<p class="whitespace-normal">The way it typically works is for the AI tools to verify the user&#8217;s permissions to data before considering augmenting the response with additional information. When a user asks for information, the system is designed to provide information that the user has permission to see, a process called trimming.</p>
<p class="whitespace-normal">For example, workplace AI assistants integrated with your organization&#8217;s email applications have access to your messages. When you ask for information, the AI tools are designed only to give you information based on the contents of your email. Unless you&#8217;ve delegated email access to someone else, random people in your organization should be unable to receive answers augmented with information from your sent and received email messages.</p>
<p class="whitespace-normal">However, a technology leader at a leading provider told me that their AI tool does not respect the privacy of a user&#8217;s email when there is a misconfiguration or the interested party has elevated roles. He explained that all user email content is available to other users with enough privileges. He explained the trade-off between data access and privacy with this metaphor: Before AI augmentation, he said, finding sensitive data in a company was &#8220;like looking for a needle in a haystack&#8221; &#8211; scattered across random files and email messages. Now, he explained, with AI-powered tools, &#8220;you find the needle immediately just by asking a question.&#8221; He reminisced about asking one of his technical pros, &#8220;Show me email messages where anyone praised our competitors.&#8221; He said the results appeared instantly, with sender information fully visible. &#8220;The AI tool doesn&#8217;t give you a haystack,&#8221; he concluded. &#8220;It gives you a stack of needles.&#8221;</p>
<p class="whitespace-normal">A member of my team and I eagerly visited with AI technology leaders, hoping to persuade them to make conversations completely private for sensitive meetings such as coversations related an M&amp;A, personnel matters that require confidentiality, trade secrets, and new competitive products or services that would harm a company if the details are discovered prematurely.  The most senior person we visited, who influences AI privacy at a huge software company, was surprised to hear that I suggested that executives sometimes want discussions in online meetings to remain private forever.</p>
<p>He is not alone in believing that all executive communications should be discoverable. Executives&#8217; knowing that their conversations could be disclosed helps ensure corporate accountability and is a strong deterrent to executive misconduct. Transparency is required by some regulations and even by law in certain circumstances. Some people feel it is unfair for executives to enjoy privileged communications with immunity from e-discovery.</p>
<p>The senior executive with the power to set privacy related to AI emphasized that the whole point of AI ingesting meeting conversations and other data is to make information available for AI processing; any restrictions reduce the tool&#8217;s functionality. He explained that this reaffirms the position that productivity outweighs privacy. He acknowledged that there are concerning incidents of oversharing sensitive data to users, and he accurately pointed out that those are often due to their customers not properly preparing, deploying, or maintaining the AI tools and data governance privacy controls.</p>
<p>He retorted that executives who want to have private meetings with undiscoverable content should use some encrypted messaging apps like Signal and not his company&#8217;s online meeting platform. He also told me he appreciated my feedback about leadership sometimes needing absolute privacy, and that they&#8217;ll consider it.</p>
<p class="whitespace-normal">Yet their position is firm, and companies that use workplace AI assistant tools that access company information must now accept the specific privacy controls of that tool, which may include a significant drop in the privacy of sensitive company information within their company. While I acknowledge that many application providers build in protective controls, the reality is stark: complete privacy of workplace communication is in jeopardy.</p>
<p>There are many examples of data augmentation across the industry. One is Microsoft&#8217;s 365 Copilot, which can use RAG to augment responses using information in email, meetings, and files. It provides many advanced privacy controls, including those described below. Some more advanced protections, such as automatically labeling data sensitivity, are unavailable unless your organization invests in the top-tier &#8220;E5&#8221; license of 365. Companies with the &#8220;E3&#8221; license must manually label content or risk unexpected disclosure.</p>
<p>Microsoft&#8217;s free &#8220;Copilot with Enterprise Data Protection&#8221; differs from the free consumer version of Copilot in that it requires users to log in with work (Entra ID) credentials. It doesn&#8217;t automatically access your organization&#8217;s data, and users can only upload files manually for tasks like summarization. Your IT team can configure data loss prevention policies to prevent sensitive file uploads, but the protections aren&#8217;t enabled by default, so initially, any file can be uploaded. This free version doesn&#8217;t integrate with Microsoft 365 apps like paid Copilot, so it doesn&#8217;t provide real-time document editing, Teams meeting summarization, or Excel formula suggestions within your apps. However, it does provide web searches, document summarization, and general chat interactions. While it offers some enterprise protections when configured by IT, it&#8217;s not a complete company solution like paid 365 Copilot versions.</p>
<p>Google Gemini is now integrated with Google Workspace and can review and consider information in Google Workspace as it responds to user prompts. Google does not release information to the world by training Gemini on your data, and they provide strong security measures to help keep private data private. But, even with the provided settings, a qualified person in your organization must configure and keep those measures current. Sometimes the default settings favor functionality over privacy, so your team must be familiar with the settings and keep up with them as they change.</p>
<p class="whitespace-normal">From now on, you must carefully choose your words in online meetings and never say anything you don&#8217;t want discovered. Content discussed in meetings may be captured in AI-generated transcripts, summaries, or recordings, making even previously casual conversations potentially discoverable in legal proceedings. By default, permissions for AI to return results from the transcript are typically given to all meeting attendees. If someone is invited but late or a no-show at the meeting, avoid the temptation to say something joking or make an offhand comment about them. That person could later want to know if they&#8217;d missed anything important and ask AI, &#8220;Did anyone say anything about me?&#8221; Your comment will be disclosed. Depending on what you said and their level of sensitivity, you might find yourself in an HR nightmare. There is no such thing as &#8216;off-the-record&#8217; in meetings where AI transcription or summarization tools are active. With some commonly used operating systems and tools, this recording is always enabled and difficult to block.</p>
<p class="whitespace-normal">Distributing AI-generated meeting summaries to participants without a human reviewing them first for accuracy is dangerous. AI is prone to hallucinations and errors in transcription, especially if the audio quality is poor. AI also makes errors when people use ambiguous language, such as &#8220;They said it was approved.&#8221; Who is &#8220;they,&#8221; and what did they approve? AI will try to decide, but could get it wrong. Other examples are &#8220;We need to address the issue&#8221; or &#8220;Send it to them.&#8221; AI must make a guess, based on the context of the conversation, what &#8220;we,&#8221; &#8220;they,&#8221; &#8220;issue,&#8221; and &#8220;it&#8221; refer to. Sometimes AI, understandably, guesses wrong, and meeting summaries can include inaccurate information and topics never discussed.</p>
<p class="whitespace-normal">After Abraham Lincoln died, historians discovered in archives that he had written scathing letters to his generals but never sent them. If you sometimes type emotion-filled documents while &#8220;venting,&#8221; even if you never intend to share the information, the AI tools may index and analyze everything you type in the draft file you save. In an e-discovery situation, or if someone with elevated privileges asks a question, the AI tool could reveal what you never intended to share.</p>
<p class="whitespace-normal">One major provider of applications automatically saves a version history of the previous content, but their tool will use only the current content of the file to respond to a question entered by someone with a high enough security level. Break any habits of saving individual files in names such as &#8220;AngryLetter-v1,&#8221; &#8220;AngryLetter-v2,&#8221; etc. If you update a file for tone or accuracy, do so in the current file or delete old versions to keep previous content from showing up in AI answers. These strategies only work if your workplace AI assistant tool only accesses current data and does not store old content. Remember that if your system makes backups of your files, and someone with the capability restores a file you deleted or restores a version before you removed objectionable content, the information in that restored file may be available as if you never erased it.</p>
<p>Removing old email messages from showing up in responses can be slightly trickier since AI may respond with information stored in your deleted items folder. You must remember to empty your deleted items folder, or your IT team can set up specific retention policies that permanently delete email messages after a set date or message age. Of course, as with files, if the email messages are backed up somewhere and restored, the restored versions may appear in responses to AI prompts. And this also assumes that your workplace AI assistant tool does not save old messages elsewhere for retrieval. As of this writing, one of the largest workplace AI providers respects that boundary and doesn&#8217;t save snippets of data after the source is deleted.</p>
<p class="whitespace-normal">The goal isn&#8217;t to scare people away from using AI tools. It isn&#8217;t easy to turn off AI&#8217;s reading and recording anyway. Your safest bet is to behave as if everything you type or say will be available for easy retrieval by unexpected people.</p>
<p class="whitespace-normal">Let&#8217;s cover some things you can do.</p>
<p class="whitespace-normal">Be sure your IT team uses governance and privacy protections such as:</p>
<p class="whitespace-normal"><strong>DLP:</strong> Major enterprise software providers have highly effective data loss prevention (DLP) tools that help keep private information private and allow access only to people with specific or enough privileges. However, DLP systems are only as effective as their configuration and upkeep. IT professionals, compliance officers, and other privileged users typically have access to the DLP system and can circumvent restrictions and access data anyway. If users save documents in unprotected locations, DLP might be unable to protect the data.</p>
<p class="whitespace-normal"><strong>Data Sensitivity Labeling:</strong> Most enterprise AI assistant providers explain that their tools respect file permissions and features like Data Sensitivity Labeling. You and your users can specify data labels for your content, such as &#8220;private&#8221; or &#8220;confidential,&#8221; to further restrict who can see what data. However, if someone opens an e-discovery, all undeleted data is potentially available. Thus, nothing you say or type is wholly protected if the data still exists.</p>
<p class="whitespace-normal"><strong>Retention Limits:</strong> A representative from a major tech company suggested that executives can avoid e-discovery exposure of what they say in sensitive topic meetings by setting retention limits on meeting notes, files, and email. After the retention period, the system will erase the data after a mandatory holding period. Erased data will no longer appear in results if your AI assistant doesn&#8217;t save snippets of data elsewhere. However, it can be frustrating not to have access to old documents and meeting summaries after a retention policy triggers their deletion. He pointed out that if a meeting attendee puts notes or a summary in the meeting chat, that chat information will not be purged. If someone asks about the meeting in Copilot or during an e-discovery, the process will access the data saved in the chat. Remember to ensure the automatic deletion includes deleting all logs, training data, and monitoring records when setting retention policies. These may contain sensitive data in prompts or summaries, even after the original content is deleted.</p>
<p class="whitespace-normal"><strong>Why Deletion May Not Be Enough:</strong> As mentioned throughout this article, remember that one of your best protections is deleting files, chats, messages, meetings and backups you don&#8217;t want AI to use in responses. However, the effectiveness of this strategy depends on whether the tool&#8217;s RAG features save information elsewhere even after you&#8217;ve deleted it.</p>
<p class="whitespace-normal"><strong>Potentially Dangerous Third-Party AI Assistants:</strong> An IT Professional at one of our best customers called me last week in alarm because he noticed a new app on their system had rights to scour their email messages and file storage. What used to be a third-party meeting assistant tool has &#8220;upgraded&#8221; its feature set to include a system that performs an AI search across documents, notes, and email messages. When a third-party meeting tool accesses your file systems and mailboxes, do they save any snippets of your information on their company&#8217;s servers? If so, do they encrypt the data and automatically erase the data from their systems when you delete a sensitive file or remove an email from your account? Can they provide a log or audit trail of who accessed your data? Do they train their tool based on your data, potentially exposing your data to their other customers? What happens to your data if you stop using their product? How do they define what data is yours vs. their data? The tools may also offer to gather information from other third-party note-taking tools, CRMs, and users using other operating systems. From a functionality perspective, there is great allure to having an AI assistant so familiar with everything in your work life. However, it is also a privacy nightmare if the system ever over-shares sensitive information, if the third party gets compromised by threat actors, or if your organization loses visibility into where your sensitive data is stored and who can access it. Before enabling tools like this, you must thoroughly vet the third party to determine if they have the necessary security controls in place and will maintain the security of your data. Remember the saying, &#8220;your organization&#8217;s security is only as good as your third party&#8217;s security.&#8221; To help stop employees from unknowingly giving outside apps access to your company&#8217;s emails, files, and other sensitive data, ask your IT team to change the &#8220;Allow User Consent&#8221; Settings from the default to <strong>require administrator approval before any third-party app can access company data.</strong></p>
<p class="whitespace-normal"><strong>Outside Parties:</strong> Another risk is that if any of your workers sent the data or made it available to an external person, it might be in their system too and be exposed by their AI someday.</p>
<p class="whitespace-normal"><strong>AI Incident Response Plan:</strong> Develop a thorough incident response plan for AI incidents. Plan now how you will manage situations related to AI crises, such as unauthorized data leakage, undetected hallucinations, discrimination (bias), security issues such as prompt injection, and insider misuse. Include your legal and regulatory advisors during planning, as they can address their appropriate obligations.</p>
<p class="whitespace-normal"><strong>Security Considerations for Incident Response, HR Investigations and more:</strong> Many organizations use ticketing or helpdesk systems that weren&#8217;t originally designed to handle sensitive issues, including cybersecurity incidents, HR complaints, and insider threats. Examples include Jira, ServiceNow, or Teams/Outlook. Those systems are integrating AI features. If you allow AI tools to automatically index your primary helpdesk system, they may unexpectedly augment responses and disclose sensitive investigation content to unauthorized users. This creates risks such as exposing privileged communications with legal counsel, compromising the integrity of confidential evidence, and disclosing sensitive employee information. Instead, use a completely separate access-controlled case management system for incident response, HR investigations, and other sensitive matters. Ensure this system is excluded from AI indexing and augmentation. Work with your legal and compliance teams to isolate the systems, enforce strict access policies, and apply appropriate retention and audit log controls.</p>
<p class="whitespace-normal">In case it comes up in a conversation with your IT pros, Microsoft allows administrators to configure &#8220;Azure AI Search&#8221; indexing restrictions to help prevent AI from accessing specific data, such as files, emails, calendar events, and meetings. However, blocking indexing has negative consequences such as breaking searches for text in email message bodies in Outlook on the web, content inside documents such as Word, Excel, and PDFs in the web apps, and Teams online.</p>
<p class="whitespace-normal">Know that your IT team is already very busy, and adding AI governance to their responsibilities may require removing something else or outsourcing.</p>
<p class="whitespace-normal">As time passes, AI will gather more information from your existing documents and data (this gathering is called RAG), including what AI thinks was said at all meetings. People will become more aware of the new normal in privacy. Unless you are positive that you can and will permanently delete all history, be careful about anything you say in online meetings or type into documents or email. Use words and sentences that will reflect well on you and others in case someone with enough permissions asks AI what you said.</p>
<p>For better, worse, or both: AI is listening. Protect your privacy before it is too late.</p>
<p>The post <a href="https://fosterinstitute.com/type-and-talk-as-if-youre-being-watched-how-ai-is-erasing-executive-privacy/">AI is Listening: What Executives Must Know about Privacy in the Age of Workplace AI Assistants</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>The Executive&#8217;s AI Policy Checklist: Is Yours Missing These Essential Clauses?</title>
		<link>https://fosterinstitute.com/the-executives-ai-policy-checklist-is-yours-missing-these-essential-clauses/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Tue, 20 May 2025 14:50:09 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[IT Risk Management]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6039</guid>

					<description><![CDATA[<p>In addition to the typically included clauses in your AI usage policy, such as data privacy requirements, acceptable use guidelines, and compliance with privacy regulations like GDPR or CCPA, some overlook essential clauses. See below to determine if you want to add any if they are missing from your policy: Tool Approval: You could include [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/the-executives-ai-policy-checklist-is-yours-missing-these-essential-clauses/">The Executive&#8217;s AI Policy Checklist: Is Yours Missing These Essential Clauses?</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p class="whitespace-normal break-words">In addition to the typically included clauses in your AI usage policy, such as data privacy requirements, acceptable use guidelines, and compliance with privacy regulations like GDPR or CCPA, some overlook essential clauses. See below to determine if you want to add any if they are missing from your policy:</p>
<p class="whitespace-normal break-words"><strong>Tool Approval:</strong> You could include a note about a procedure to approve AI tools before they&#8217;re used, especially for work that involves private or company-sensitive information, such as &#8220;Before using a new AI tool, check with the security or IT team… Make sure it&#8217;s on the approved list.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Human Accountability:</strong> Consider stating that they, the person, not AI, are ultimately responsible for decisions and documents they send out. AI suggestions should be reviewed by someone who understands the context, especially since AI is prone to hallucinations, trying to please the user, and being out of alignment with your culture. For example, &#8220;If an AI tool writes an email or gives advice… read it before sending it out or acting on it.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Confidentiality Protection:</strong> Remind employees not to share confidential company or customer information with AI platforms unless approved. Such as &#8220;Don&#8217;t copy and paste customer names, contracts, or financial reports into any AI tools unless explicitly approved in writing.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Incident Reporting:</strong> To help drive home the seriousness of privacy, tell them to notify you with wording such as &#8220;If an AI tool shares the wrong info or leaks something by accident… report it like you would a security breach.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Usage Boundaries:</strong> You could state what activities are acceptable to use AI (e.g., summaries, brainstorming) and where AI is not allowed (e.g., signing contracts, making hiring decisions) such as &#8220;AI can help draft ideas or summarize documents and produce narratives… but don&#8217;t use it to make final calls on people or legal stuff.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Work Documentation:</strong> Consider telling people to save a copy (or cc someone) of all AI-generated work outputs, especially if they&#8217;ll be used in decisions or presented to clients. For example, you could say, &#8220;If an AI tool creates something you plan to use or send… save a copy of the input and output so we can check it later if needed.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Ethical Guidelines:</strong> Include something about the ethical use of AI tools, such as: &#8220;Only use AI tools in ways that are ethical, fair, and respectful of others. Just because a tool can do something doesn&#8217;t mean it should.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Risk Assessment:</strong> You could also get them to think a little more by saying, &#8220;Before using AI for something any task… ask yourself: could this create bias, mislead someone, or share something private? Ask us if you have any doubt.&#8221; (you might want to replace &#8220;us&#8221; with a specific person).</p>
<p class="whitespace-normal break-words"><strong>Harassment Prevention:</strong> Address using AI for harassment or anything that violates someone&#8217;s rights. For example: &#8220;Never use AI tools to create or spread harmful, threatening, or harassing content. Report it right away if you see it.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Societal Impact:</strong> You could also include text to get your team thinking about AI&#8217;s effects on people and society. For example, &#8220;When using AI, ask whether it could hurt someone&#8217;s rights or reputation or lead to larger problems in society… If in doubt, stop and ask.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Mandatory Training:</strong> Providing training is essential for AI use. Include a clause that employees must participate in training about responsible AI use. You could phrase it: &#8220;We&#8217;ll offer training to help you understand how to use AI safely and fairly… and you must participate.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Approved Tools:</strong> Mention the AI tools you have approved. You might say, &#8220;The only allowed AI tool(s) at (your organization&#8217;s name) is/are the (tool or tools) using the identity and credentials you&#8217;ve been provided by (your organization&#8217;s name). No other versions, nor any other AI tools, are allowed and are expressly prohibited unless explicitly approved ahead of time by (person&#8217;s or department&#8217;s name). Don&#8217;t sign up for AI tools using your work email or passwords unless approved.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Usage Monitoring:</strong> Some tools help your IT team track and block access to AI tools. You might consider adding some accountability, such as: &#8220;AI usage can be so dangerous that we are keeping records of which tools you use so we can refer to that information later if there are any problems.&#8221; (This is an example of when it is essential to ask your organization&#8217;s legal counsel whether monitoring what sites they go to is okay.)</p>
<p class="whitespace-normal break-words"><strong>Data Ingestion:</strong> Caution them about the ingestion of data. An example would be, &#8220;Be aware that AI tools with document or email access permissions may ingest, index, and learn from content you create, even if you delete it later, from documents you save, including spreadsheets and letters, and unsent emails. Even if you delete content later, the information may remain accessible through AI systems that have previously processed it. Never enter sensitive, confidential, or potentially problematic content into any document or email draft, even temporarily. If you use the previously common practice of typing emotion-filled documents while &#8220;venting,&#8221; even if you never intend to share the information, use handwritten methods rather than documents or email messages.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Meeting Privacy:</strong> Be sure to address that online meetings are no longer completely private due to AI. Something like, &#8220;Know that meetings are no longer private spaces to have conversations. Content discussed in meetings may be captured in AI-generated transcripts, summaries, or recordings, making even previously casual conversations potentially discoverable in legal proceedings. Avoid discussing sensitive personnel matters, confidential information, or &#8216;off-the-record&#8217; topics in meetings where AI transcription or summarization tools are active. With some commonly used operating systems and tools, this recording is always enabled and difficult to block.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Summary Review:</strong> Give guidance on meeting summaries, such as &#8220;Disable automatically sending AI-generated meeting summaries to attendees. As the meeting organizer, you must review summaries to ensure accuracy before sending them. AI technology can be prone to hallucinations and errors in transcription, especially if the audio quality is less than optimal. People may use the summaries to make decisions, so the summaries must be accurate.&#8221;</p>
<p class="whitespace-normal break-words"><strong>Policy Updates:</strong> Document that you&#8217;ll be updating your policy regularly. You could include &#8220;Check this policy at least once a month or when we ask you to. We will update it as new tools, laws, risks, or AI-related situations arise.&#8221;</p>
<p class="whitespace-normal break-words">I&#8217;m not a lawyer, and this is not legal advice; check with your legal counsel. These are essential aspects that some organizations later wish they&#8217;d included after they experience a bad outcome. As you review this list, you may think of other aspects specific to your organization or industry that you want to include.</p>
<p class="whitespace-normal break-words">A solid AI policy is essential. Please forward this to your friends so they can help ensure they&#8217;ve included often overlooked parts, too.</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/the-executives-ai-policy-checklist-is-yours-missing-these-essential-clauses/">The Executive&#8217;s AI Policy Checklist: Is Yours Missing These Essential Clauses?</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Executives – Know and Manage the Risks of DeepSeek AI and Unguarded AI Tools</title>
		<link>https://fosterinstitute.com/executives-know-and-manage-the-risks-of-deepseek-ai-and-unguarded-ai-tools/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sat, 01 Feb 2025 23:08:26 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Privacy]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6003</guid>

					<description><![CDATA[<p>When organizations invite me to give presentations about managing the risks of AI, the biggest concern of audiences is the privacy of AI. Executives especially are concerned that their workers will enter private company secrets or confidential customer information and have it exposed to the world. There are safety concerns, too, that must be recognized. [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/executives-know-and-manage-the-risks-of-deepseek-ai-and-unguarded-ai-tools/">Executives – Know and Manage the Risks of DeepSeek AI and Unguarded AI Tools</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>When organizations invite me to give presentations about managing the risks of AI, the biggest concern of audiences is the privacy of AI. Executives especially are concerned that their workers will enter private company secrets or confidential customer information and have it exposed to the world. There are safety concerns, too, that must be recognized.</p>
<p><strong>What is DeepSeek AI?</strong></p>
<p>They&#8217;re a company that has upended the concept that only massive companies with lots of money can, given enough time, create chatbots such as OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), and Microsoft (Copilot). DeepSeek AI released a free chatbot in late January that consumers feel competes well against the big players. It does seem to excel in areas such as math and coding, although not all benchmarks agree. The revelation that DeepSeek AI achieved advanced AI capabilities with fewer and slower chips in less time shook the stock market.</p>
<p>While their technical achievements are remarkable, government agencies worldwide and many companies are restricting or banning using DeepSeek AI, citing privacy and security concerns.</p>
<p><strong>No Privacy:</strong></p>
<p>DeepSeek AI chatbot&#8217;s privacy policy states they can expose user-entered data to third parties, including information about the device you are using and your Internet address.</p>
<p>Interestingly, they announce they store information about how you type. Some organizations have suggested that keystroke patterns, when measured to precise timing, while not as accurate as fingerprints or facial scans, can help identify and track specific people.</p>
<p>One silver lining is that DeepSeek AI’s processing requirements are so light that some researchers have found ways to run DeepSeek AI’s entire large language model application offline and locally within a single user’s computer using tools such as LM Studio and Ollama. While complicated to set up, this potentially expands the possibility of eventually having your own personal assistant on your computer, which could help ensure privacy since it never sends information anywhere outside of your device.</p>
<p><strong>&#8220;The Company You Keep&#8221; &#8211; The Biggest Concern</strong></p>
<p>Most chatbots are designed to have guardrails to refuse to help humans do things out of alignment with ethics and morals. But adding and maintaining guardrails takes a lot of expertise, money, and time. Giving humans an all-knowing assistant without strong safety controls is dangerous.</p>
<p>Cisco used prompts from Cornell University&#8217;s popular HarmBench to test for safety, and they reported DeepSeek AI’s guardrails were consistently bypassed. Promptfoo states that their testing found the controls “brittle” and easy to break. There are &#8220;jailbreaks&#8221; to bypass many chatbots. This is more important now since less guarded chatbots are becoming easier to access and more popular.</p>
<p>We’ll see more chatbots with varying levels of safety controls; let’s consider the powerful implications these have for your business.</p>
<p>Nvidia CEO Jensen Huang emphasizes that AI is a tutor, mentor and coach at work. The key point he&#8217;s not mentioning: AI programming must align with our highest ideals and have a moral compass.</p>
<p>Could you ever have an upset worker who asks their chatbot for ideas on how to access company secrets, install a virus, retaliate against an office bully, or make an explosive? Will their favorite chatbot naively become a coconspirator since it is programmed to be helpful?</p>
<p>Stuart Russell (world-renowned AI pioneer) describes the competition in advanced AI development as “a race towards the edge of a cliff.” Steven Adler (safety researcher at OpenAI) quit in November, explaining he was “pretty terrified” about how quickly AI is evolving without enough attention to safety. Geoffrey Hinton (referred to as the Godfather of AI) talks about his concern about our ability to keep AI aligned with humanity&#8217;s best interests and predicts there&#8217;s a 10% to 25% likelihood that AI will cause us to become extinct in the next 30 years. Notice that he didn&#8217;t say AI will kill us; it could be humans using an unbridled AI as a tool to help them know how to create a plague or something else.</p>
<p>How can you help protect individual and business safety at work? See the recommendations below, including increasing awareness about how each person must be vigilant to recognize and resist a program&#8217;s bad advice.</p>
<p>On the bright side, Anthropic (Claude) recently released a technology designed to stop jailbreaks in AI models that are already programmed for safety. They&#8217;ve issued a challenge for people to try to break the protections. But will all AI models invest money into safety?</p>
<p>Many experts believe it will take an AI disaster to wake up humanity. Recent tragic fires and crash disasters in the US have stirred people to take action to increase safety measures around cities and airports. Are we so oblivious that we need an AI catastrophe to wake everyone up to the importance of having AI safety measures?</p>
<p><strong>Recommended Action Steps:</strong></p>
<ul>
<li>Be sure your workers watch for unsafe recommendations and resist them, especially if the worker is upset and vents to AI.</li>
<li>Clearly classify your data and identify what information should never be entered into AI systems.</li>
<li>Inform your workers about the risks of sharing sensitive information with unguarded AI and any AI tool.</li>
<li>Require user training and give quizzes to help ensure users understand your organization&#8217;s guidance.</li>
<li>Provide additional education to your workers in highly targeted positions, such as your fellow executives, the legal team, R&amp;D, and finance departments.</li>
<li>Consider using technology that will restrict or block access to AI tools, especially AI tools with few privacy controls, such as unguarded AI.</li>
<li>You might wait until you can run a local offline version of unguarded AI that won&#8217;t share information with third parties.</li>
<li>Utilize Data Loss Prevention (DLP) tools and features designed to monitor what information users provide chatbots while on your network or company-issued devices, block users from sharing sensitive information, and send real-time alerts to their managers or the IT Team.</li>
<li>Consult with your legal team about the risks and exposure of sensitive information.</li>
<li>Update your organization’s AI usage policies with guidelines on what is not allowed. Have users sign off.</li>
<li>Ask your third parties who generate or access sensitive information related to your organization if they use AI. Ensure your contracts address AI privacy concerns and have discussions with their executives about AI. You may find they&#8217;re oblivious to the risks or ignoring the dangers; your company cannot afford that exposure.</li>
<li>Have an incident response plan for AI data leaks.</li>
<li>Inquire with your insurance provider about AI-related coverage for reputation damage and lawsuits from releasing sensitive information.</li>
<li>Have an AI privacy and security specialist perform an AI risk assessment at your organization.</li>
</ul>
<p><strong>Conclusion</strong></p>
<p>DeepSeek AI has cemented a memorable milestone in AI history. What happens next, including the other AI tools that will come in its wake, will set the path for our future. As an executive, you have a powerful influence. New open-data and unguarded AI tools are rocking traditional concepts related to AI; make sure it doesn’t rock your company, too.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/executives-know-and-manage-the-risks-of-deepseek-ai-and-unguarded-ai-tools/">Executives – Know and Manage the Risks of DeepSeek AI and Unguarded AI Tools</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>AI Implementation Roadmap: The Executive&#8217;s Guide to Avoiding Million-Dollar Mistakes</title>
		<link>https://fosterinstitute.com/ai-implementation-roadmap-the-executives-guide-to-avoiding-million-dollar-mistakes/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Fri, 23 Aug 2024 21:15:15 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[CCPA]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Supporting IT Professionals]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5866</guid>

					<description><![CDATA[<p>As a cybersecurity professional specializing in cybersecurity and AI, I&#8217;ve seen firsthand the importance of involving key stakeholders when implementing AI solutions. This guide highlights many essential steps to help ensure a smooth, secure, and compliant AI deployment in your organization. 1. Assemble Your AI Implementation Team Choose a person or team to lead AI [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/ai-implementation-roadmap-the-executives-guide-to-avoiding-million-dollar-mistakes/">AI Implementation Roadmap: The Executive&#8217;s Guide to Avoiding Million-Dollar Mistakes</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p class="whitespace-pre-wrap break-words">As a cybersecurity professional specializing in cybersecurity and AI, I&#8217;ve seen firsthand the importance of involving key stakeholders when implementing AI solutions. This guide highlights many essential steps to help ensure a smooth, secure, and compliant AI deployment in your organization.</p>
<h2 class="font-600 text-xl font-bold">1. Assemble Your AI Implementation Team</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Choose a person or team to lead AI implementation</li>
<li class="whitespace-normal break-words">Include representatives from leadership, legal, and IT</li>
</ul>
<h2 class="font-600 text-xl font-bold">2. Educate Your Team on AI Applications</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Watch the 7-minute educational video showcasing <a href="https://fosterinstitute.com/top-conversations-the-executives-playbook-for-conversing-with-ai-short-fast-paced-video/" target="_blank" rel="noopener">23 Business Uses for Chatbots in 7 minutes</a></li>
<li class="whitespace-normal break-words">Alternatively, schedule a &#8220;lunch and learn&#8221; webinar or workshop to explore practical AI uses</li>
</ul>
<h2 class="font-600 text-xl font-bold">3. Collaborate and Brainstorm</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Discuss insights from the video/workshop</li>
<li class="whitespace-normal break-words">Identify potential AI applications relevant to your business</li>
</ul>
<h2 class="font-600 text-xl font-bold">4. Explore Multiple AI Tools</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Test various chatbots (e.g., Perplexity, Anthropic Claude, ChatGPT, Microsoft Copilot, Google Gemini)</li>
<li class="whitespace-normal break-words">Consider paid plans, privacy of sensitive information, and the ability to create custom chatbots</li>
<li class="whitespace-normal break-words">The setting to make the model better for everyone means your data will be less private</li>
</ul>
<h2 class="font-600 text-xl font-bold">5. Review Industry-Specific AI Tools</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Investigate AI solutions tailored to your industry</li>
<li class="whitespace-normal break-words">Consult a curated list of AI tools for practical options</li>
</ul>
<h2 class="font-600 text-xl font-bold">6. Consult with Your IT Team</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Discuss potential added support requirements</li>
<li class="whitespace-normal break-words">Address concerns about job complexity</li>
<li class="whitespace-normal break-words">Develop strategies to integrate AI without overburdening your IT team</li>
</ul>
<h2 class="font-600 text-xl font-bold">7. Engage Your Legal Counsel</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Address privacy concerns</li>
<li class="whitespace-normal break-words">Review automatic ingestion vs. uploading of data for different AI tools</li>
<li class="whitespace-normal break-words">Analyze privacy and security policies of prospective AI solutions</li>
<li class="whitespace-normal break-words">Consider internal data access and permissions per user or department</li>
<li class="whitespace-normal break-words">Evaluate potential implications for mergers and acquisitions</li>
<li class="whitespace-normal break-words">Consider that data from recordings of meetings will be discoverable during the due diligence phase</li>
</ul>
<h2 class="font-600 text-xl font-bold">8. Assess User Access Control</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Discuss with IT about controlling access to AI tools</li>
<li class="whitespace-normal break-words">Implement measures to manage access to AI on company networks and devices</li>
</ul>
<h2 class="font-600 text-xl font-bold">9. Establish an AI Ethics Framework</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Develop guidelines for ethical AI use within your organization</li>
<li class="whitespace-normal break-words">Address issues like bias, fairness, and transparency</li>
</ul>
<h2 class="font-600 text-xl font-bold">10. Create a Data Governance Strategy</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Establish protocols for data handling, storage, and access in AI systems</li>
<li class="whitespace-normal break-words">Ensure compliance with relevant data protection regulations (e.g., GDPR, CCPA)</li>
</ul>
<h2 class="font-600 text-xl font-bold">11. Implement Security Measures</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Work with IT to set up necessary security protocols for AI systems</li>
<li class="whitespace-normal break-words">Consider encryption, access controls, and monitoring systems</li>
<li>Utilize sensitivity labels and permissions to limit employee access by role, etc.</li>
<li>Establish data retention time policies</li>
</ul>
<h2 class="font-600 text-xl font-bold">12. Plan for Ongoing Monitoring and Evaluation</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Establish KPIs to measure the effectiveness and impact of AI implementation</li>
<li class="whitespace-normal break-words">Set up regular review processes to assess and adjust AI usage</li>
</ul>
<h2 class="font-600 text-xl font-bold">13. Develop a Crisis Management Plan</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Prepare for potential AI-related incidents or breaches</li>
<li class="whitespace-normal break-words">Outline response procedures and communication strategies</li>
</ul>
<h2 class="font-600 text-xl font-bold">14. Draft an AI Policy</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Based on input from IT and legal, create a comprehensive AI usage policy</li>
<li class="whitespace-normal break-words">Define the scope and purpose of the AI policy</li>
<li class="whitespace-normal break-words">List approved AI tools and outline acceptable use cases</li>
<li class="whitespace-normal break-words">Establish guidelines for data handling and privacy compliance</li>
<li class="whitespace-normal break-words">Specify required security measures for AI use</li>
<li class="whitespace-normal break-words">Address ethical considerations like bias and fairness</li>
<li class="whitespace-normal break-words">Clarify ownership of AI-generated content and intellectual property</li>
<li class="whitespace-normal break-words">Outline required AI literacy training for employees</li>
<li class="whitespace-normal break-words">Define monitoring procedures and consequences for policy violations</li>
<li class="whitespace-normal break-words">Set criteria for selecting and evaluating AI vendors</li>
<li class="whitespace-normal break-words">Provide a framework for responding to AI-related incidents</li>
<li class="whitespace-normal break-words">Establish a schedule for reviewing and updating the policy</li>
</ul>
<h2 class="font-600 text-xl font-bold">15. Conduct User Training</h2>
<ul class="-mt-1 list-disc space-y-2 pl-8">
<li class="whitespace-normal break-words">Train employees on approved AI resources</li>
<li class="whitespace-normal break-words">Educate staff about the new AI policy, including ethics and protecting sensitive information</li>
<li>Encourage users to look at their daily tasks and see which tasks AI might streamline or improve in other ways</li>
</ul>
<h2 class="font-600 text-xl font-bold"></h2>
<p class="whitespace-pre-wrap break-words">By following all these steps, you&#8217;ll be more prepared to deploy AI in your organization while addressing some essential security, legal, and operational concerns. Successful AI implementation is an ongoing process requiring continuous attention and adaptation. AI is here to stay; you want to be thoughtful sooner to avoid costly problems later.</p>
<div class="et_pb_module et_pb_post_content et_pb_post_content_0_tb_body">
<p>&nbsp;</p>
<p><strong>Subscribe</strong> to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: <a href="https://fosterinstitute.com/e-savvy-newsletter/">https://fosterinstitute.com/e-savvy-newsletter/</a></p>
</div>
<p>The post <a href="https://fosterinstitute.com/ai-implementation-roadmap-the-executives-guide-to-avoiding-million-dollar-mistakes/">AI Implementation Roadmap: The Executive&#8217;s Guide to Avoiding Million-Dollar Mistakes</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Chatbots: Helpful Friends or Privacy Foes? How to Safeguard Your Information</title>
		<link>https://fosterinstitute.com/chatbots-helpful-friends-or-privacy-foes-how-to-safeguard-your-information/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sat, 21 Oct 2023 20:21:19 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Technology]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5665</guid>

					<description><![CDATA[<p>Chatbots such as ChatGPT, Bing, Bard, Perplexity, Claude, and more are becoming increasingly popular, but their use raises several privacy concerns.</p>
<p>The post <a href="https://fosterinstitute.com/chatbots-helpful-friends-or-privacy-foes-how-to-safeguard-your-information/">Chatbots: Helpful Friends or Privacy Foes? How to Safeguard Your Information</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Chatbots such as ChatGPT®, Bing®, Bard®, Perplexity®, Claude®, and more are becoming increasingly popular, but their use raises several privacy concerns.</p>
<p>&nbsp;</p>
<h3>Key things You Need to Know:</h3>
<p><strong>Data collection:</strong> Search engines, many websites, apps, and chatbots might record your name, IP address, location, prompts, websites you visit, apps you use, search terms, content downloads, social media activity, and more. Marketing companies call this intent data that provides insight into your interests, needs, and purchase intentions.</p>
<p><strong>Data sharing:</strong> As with apps and websites, when users input information into AI tools, it is unclear how it will be used. Privacy policies usually express the right to share information with unidentified third parties. You have no control over how third parties will secure or share your information.</p>
<p><strong>Security breaches:</strong> Hacking attacks and inadvertent disclosure of sensitive information could lead to personal details being unwittingly spilled. To minimize the risks, chatbots should forget information or store it anonymously.</p>
<p><strong>Lack of transparency:</strong> A big problem is determining the exact data stored and the security risk presented by the chatbots. Their privacy policies are in flux, so read them carefully.</p>
<p>Some chatbots provide the option not to store your prompts and conversations nor use them to train their models. For example <a href="https://help.openai.com/en/articles/7730893-data-controls-faq" target="_blank" rel="noopener">https://help.openai.com/en/articles/7730893-data-controls-faq</a> explains Data Controls for ChatGPT.</p>
<p>&nbsp;</p>
<h3>Protect Your Privacy when using Chatbots:</h3>
<p><strong>Provide the minimum necessary information </strong>for the chatbot to give you what you need.<strong><br />
</strong></p>
<p><strong>Avoid entering sensitive information such as personally identifiable information (PII) </strong>such as full names, addresses, birth dates, and usernames.<strong><br />
</strong></p>
<p><strong>Substitute fictitious names for people and companies you want to keep private.</strong> For instance, if you&#8217;re crafting a document for &#8220;Company and Sons,&#8221; tell the chatbot it&#8217;s for the &#8220;ACME&#8221; company. Once you&#8217;ve finished with the chatbot and have your document ready, use your word processor to search for &#8220;ACME&#8221; and replace it with &#8220;Company and Sons.&#8221;</p>
<p>&nbsp;</p>
<h3>The Evolution of Digital Trust:</h3>
<p>Many websites and apps gather similar data and raise the same concerns. Most people realize that most search engines capture details for marketing and to provide better search results.</p>
<p>Individuals and companies alike expect file storage services, such as OneDrive® and Dropbox®, to keep the content of files private. Some AI tools like Cody®, Pragma®, and Microsoft Copilot® advertise their intent to keep your private data private.</p>
<p>Privacy for free AI tools may end up somewhere between search engines and file storage services. However, AI tools expecting businesses to adopt them must guarantee total privacy before organizations will trust them with sensitive information.</p>
<p>&nbsp;</p>
<h3>Conclusion:</h3>
<p>Keep privacy in mind as you use the fantastic new AI tools, many of which can save you a tremendous amount of time and allow you to streamline operations and serve your customers better than ever! If you don&#8217;t adopt AI, and your competitors do, you&#8217;ll find yourself behind and struggling to catch up.</p>
<p>Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: <a href="https://fosterinstitute.com/e-savvy-newsletter/" target="_blank" rel="noopener">https://fosterinstitute.com/e-savvy-newsletter/</a></p>
<p>(Image source: Bing. Learn more at [Bing.com].)</p>
<p>&nbsp;</p>
<p>The post <a href="https://fosterinstitute.com/chatbots-helpful-friends-or-privacy-foes-how-to-safeguard-your-information/">Chatbots: Helpful Friends or Privacy Foes? How to Safeguard Your Information</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
