The Data Privacy Risks Of Generative AI

Uploaded on 2024-02-05 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Many organisations are choosing to limit the use of Generative Artificial Intelligence (GenAI) over data privacy and security issues and now some firms have banned its use in the workplace completely. Indeed,  27% of organisations have stopped the use of GenAI amongst their workforce over privacy and data security risks, says the 2024 Data Privacy Benchmark Study from Cisco

Most organisations have also placed controls on these tools. Nearly two-thirds (63%) have established limitations on what data can be entered and 61% have limits on which Gen-AI tools can be used by employees.

Despite these restrictions, many organisations admitted inputting sensitive data into generative AI applications. This included information about internal processes (62%), employee names or information (45%), non-public information about the company (42%) and customer names or information (38%). 

Most respondents (92%) viewed generative AI as a fundamentally different technology with novel challenges and concerns requiring new techniques to manage data and risk.

The biggest concerns cited were that these tools could hurt the organization’s legal and intellectual property rights (69%), the information entered could be shared publicly or with competitors (68%), and that the information it returns to the user could be wrong (68%).

Significantly, 91% of security and privacy professionals acknowledged that they need to do more to reassure customers about their data use with AI. However, none of the actions listed in the study to build trust with consumers in this area exceeded 50% of respondents.

  • Nearly all (94%) security and privacy professionals said their customers would not buy from their organization if they did not protect data properly.
  • Even more  (97%)  feel they have a responsibility to use data ethically, and 95% argue the business benefits of privacy investment are greater than the costs.
  • The growing connection between data privacy and business benefits has made this area a key boardroom issue. Nearly all (98%) respondents reported one or more privacy metrics to the board, and over half reported three or more.
  • The top privacy metrics used were audit results (44%), data breaches (43%), data subject requests (31%) and incident response (29%).
  • Respondents were strongly in favor of governments implementing data privacy laws, with 80% believing privacy laws have had a positive impact on their organisation, and just 6% a negative impact.
  • Around  63 per cent have established limitations on what data can be entered and 61 per cent have limits on which GenAI tools can be used by employees.

Consumers are widely concerned about AI use which involves their pesonal data, and yet 91 per cent of organisations recognise they need to do more to reassure their customers that their data is being used only for intended and legitimate purposes in AI. This finding is similar to the levels in Cisco 2023 report,  suggesting that there has litte progress 

Cisco:  Economic Times:   Daniel Lozovsky:   Infosecurity Magazine:   IndiaTV:   Technolgy Magazine

Image: Claudio Schwarz

You Might Also Read: 

AI Adoption: The Overlooked Existential Risk:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Lush Employee Data Stolen
On Trend - Hybrid Cloud Strategies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

CyPro

CyPro

CyPro is a cyber security expert firm that specialises in providing cyber security services tailored for high-growth companies at every stage of their journey.