The Data Privacy Risks Of Generative AI

Many organisations are choosing to limit the use of Generative Artificial Intelligence (GenAI) over data privacy and security issues and now some firms have banned its use in the workplace completely. Indeed,  27% of organisations have stopped the use of GenAI amongst their workforce over privacy and data security risks, says the 2024 Data Privacy Benchmark Study from Cisco

Most organisations have also placed controls on these tools. Nearly two-thirds (63%) have established limitations on what data can be entered and 61% have limits on which Gen-AI tools can be used by employees.

Despite these restrictions, many organisations admitted inputting sensitive data into generative AI applications. This included information about internal processes (62%), employee names or information (45%), non-public information about the company (42%) and customer names or information (38%). 

Most respondents (92%) viewed generative AI as a fundamentally different technology with novel challenges and concerns requiring new techniques to manage data and risk.

The biggest concerns cited were that these tools could hurt the organization’s legal and intellectual property rights (69%), the information entered could be shared publicly or with competitors (68%), and that the information it returns to the user could be wrong (68%).

Significantly, 91% of security and privacy professionals acknowledged that they need to do more to reassure customers about their data use with AI. However, none of the actions listed in the study to build trust with consumers in this area exceeded 50% of respondents.

  • Nearly all (94%) security and privacy professionals said their customers would not buy from their organization if they did not protect data properly.
  • Even more  (97%)  feel they have a responsibility to use data ethically, and 95% argue the business benefits of privacy investment are greater than the costs.
  • The growing connection between data privacy and business benefits has made this area a key boardroom issue. Nearly all (98%) respondents reported one or more privacy metrics to the board, and over half reported three or more.
  • The top privacy metrics used were audit results (44%), data breaches (43%), data subject requests (31%) and incident response (29%).
  • Respondents were strongly in favor of governments implementing data privacy laws, with 80% believing privacy laws have had a positive impact on their organisation, and just 6% a negative impact.
  • Around  63 per cent have established limitations on what data can be entered and 61 per cent have limits on which GenAI tools can be used by employees.

Consumers are widely concerned about AI use which involves their pesonal data, and yet 91 per cent of organisations recognise they need to do more to reassure their customers that their data is being used only for intended and legitimate purposes in AI. This finding is similar to the levels in Cisco 2023 report,  suggesting that there has litte progress 

Cisco:  Economic Times:   Daniel Lozovsky:   Infosecurity Magazine:   IndiaTV:   Technolgy Magazine

Image: Claudio Schwarz

You Might Also Read: 

AI Adoption: The Overlooked Existential Risk:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Lush Employee Data Stolen
On Trend - Hybrid Cloud Strategies »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.