The Data Privacy Risks Of Generative AI

Uploaded on 2024-02-05 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Many organisations are choosing to limit the use of Generative Artificial Intelligence (GenAI) over data privacy and security issues and now some firms have banned its use in the workplace completely. Indeed,  27% of organisations have stopped the use of GenAI amongst their workforce over privacy and data security risks, says the 2024 Data Privacy Benchmark Study from Cisco

Most organisations have also placed controls on these tools. Nearly two-thirds (63%) have established limitations on what data can be entered and 61% have limits on which Gen-AI tools can be used by employees.

Despite these restrictions, many organisations admitted inputting sensitive data into generative AI applications. This included information about internal processes (62%), employee names or information (45%), non-public information about the company (42%) and customer names or information (38%). 

Most respondents (92%) viewed generative AI as a fundamentally different technology with novel challenges and concerns requiring new techniques to manage data and risk.

The biggest concerns cited were that these tools could hurt the organization’s legal and intellectual property rights (69%), the information entered could be shared publicly or with competitors (68%), and that the information it returns to the user could be wrong (68%).

Significantly, 91% of security and privacy professionals acknowledged that they need to do more to reassure customers about their data use with AI. However, none of the actions listed in the study to build trust with consumers in this area exceeded 50% of respondents.

  • Nearly all (94%) security and privacy professionals said their customers would not buy from their organization if they did not protect data properly.
  • Even more  (97%)  feel they have a responsibility to use data ethically, and 95% argue the business benefits of privacy investment are greater than the costs.
  • The growing connection between data privacy and business benefits has made this area a key boardroom issue. Nearly all (98%) respondents reported one or more privacy metrics to the board, and over half reported three or more.
  • The top privacy metrics used were audit results (44%), data breaches (43%), data subject requests (31%) and incident response (29%).
  • Respondents were strongly in favor of governments implementing data privacy laws, with 80% believing privacy laws have had a positive impact on their organisation, and just 6% a negative impact.
  • Around  63 per cent have established limitations on what data can be entered and 61 per cent have limits on which GenAI tools can be used by employees.

Consumers are widely concerned about AI use which involves their pesonal data, and yet 91 per cent of organisations recognise they need to do more to reassure their customers that their data is being used only for intended and legitimate purposes in AI. This finding is similar to the levels in Cisco 2023 report,  suggesting that there has litte progress 

Cisco:  Economic Times:   Daniel Lozovsky:   Infosecurity Magazine:   IndiaTV:   Technolgy Magazine

Image: Claudio Schwarz

You Might Also Read: 

AI Adoption: The Overlooked Existential Risk:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Lush Employee Data Stolen
On Trend - Hybrid Cloud Strategies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.