As artificial intelligence becomes an ever-increasing part of our day-to-day work lives, it is creating lots of opportunities and efficiencies but it may also be exposing some vulnerabilities.
As someone who works with dozens of companies every year, one of the blind spots I frequently see is with respect to sensitive data. This is particularly apparent in non-disclosure agreements (NDAs), most of which were penned long before the advent of AI. When thinking about your company’s trade secrets and other critical data, it’s vital to ensure you’re accounting today’s dynamic data environment where information can leak out and travel faster than ever before.
Here are some reasons AI has changed the game for sensitive data and NDAs:
- AI chatbots are a superhighway for leaked information. Employees who use AI tools that are not on a closed system might be sharing key data about customers, pricing, products, finances and more. This behavior is not malicious but the outcomes can be, and they often violate NDAs. Today’s NDAs need to explicitly cover AI tool usage. More importantly, employees must be trained on the risks and ideally the company should pay to use a closed AI system with clear guidelines and no outside exposure.
- Employees may be giving up trade secrets unknowingly. When data can flow in milliseconds, and AI prompts might include information that identifies your company, its data or information about your clients, it presents huge legal risks. Make sure your NDAs clearly explain what is protected to keep any lines from getting blurry.
- AI makes bad behavior easier. Anyone with access to your data and bad intent can use AI tools to rapidly extract institutional knowledge at a scale that would have taken considerable time and effort in a pre-AI world. A strong NDA will create enforceable legal consequences to help deter destructive actions.
- Don’t forget your vendors and partners (and vice-versa). AI allows businesses to share more data more quickly than ever. Every time that occurs it’s a potential leak point. Boilerplate NDAs for vendors no longer cut it.
- Proprietary data is increasingly valuable. Data is rapidly becoming the most important asset for many companies. Where once a careless slip up would be costly, today it might be fatal to your business. Legal protections around your data need to reflect these high stakes.
- Data leaks are easier to find. AI makes finding NDA violations much easier than it once was through metadata analysis, prompt log auditing and output pattern recognition. NDAs are becoming more enforceable so businesses must take them seriously.
Getting it right
Ensuring your NDAs are up to snuff may feel like a herculean task but it doesn’t need to be. Work with a lawyer to make sure all of your NDAs explicitly cover AI, particularly things like its use with proprietary data, company data, prompts and outputs. Generic “confidential information” is inadequate. Then check for permitted use clauses, which should clearly prohibit using confidential data for any external AI use. Finally, double-check your third-party disclosures, as subcontractors and service providers are often the source of leaks.
AI is a wonderful tool for making your company more effective and efficient. Taking some simple steps with your NDAs will help keep it working for you safely. ●
Eric Feldman is CIO at The Riverside Company