Understanding the Risks of Enterprise Data with Gemini, Claude, and Meta AI
Enterprise users of leading large language models face the potential risk of inadvertently exposing private information to the public. A recent study sheds light on the data collection and sharing practices of prominent organizations like Meta, Google, and Microsoft, revealing the collection of sensitive data and its sharing with unidentified third parties.
According to findings from Incogni, a company specializing in personal data removal services and data privacy, businesses using generative AI tools may encounter greater risks compared to individual users. Employees often utilize these tools for drafting internal reports or communications, unknowingly contributing proprietary data to the model's training dataset. This lack of safeguards not only exposes individuals to data sharing risks but also poses threats related to privacy, compliance, and competitiveness.
Identifying the Privacy Risks
To assess the risks associated with large language models (LLMs), Incogni developed 11 criteria to evaluate privacy risks in training, transparency, and data collection and sharing. The resulting privacy rankings provide insights into the overall privacy posture of each program.
The study highlighted key findings, including:
- The importance of training employees on what not to input into tools like ChatGPT, Gemini, or Meta's AI
- The need for awareness when using generative AI tools to avoid sharing sensitive information
- The potential consequences of sharing personally identifiable or confidential data on such platforms
Addressing Privacy Concerns
Justin St-Maurice from Info-Tech Research Group emphasized the significance of educating staff on data handling practices with generative AI tools. He stressed the parallel between refraining from posting private information on social media and avoiding inputting sensitive data into these AI platforms.
Regarding concerns about data sharing by corporations like Meta and Google, St-Maurice advised reassessing platform choices and highlighted the importance of self-hosting models to maintain data control and privacy.
Taking Control of Data Security
St-Maurice suggested hosting internal models either on-premises or through secure cloud services to mitigate the risk of third-party data exposure. By treating the LLM as a processor without retaining data within the model, organizations can leverage the benefits of AI models while safeguarding sensitive information.
It's crucial to build systems where the LLM processes information while maintaining control over memory, data storage, and user history to prevent data exposure. By managing internal models independently, companies can reduce the reliance on external parties like OpenAI or Google and minimize the risk of data misuse.
Ironwall's Zayas emphasized the implications of data being repurposed and publicized without consent, highlighting the importance of data security and privacy in the era of large language models.
