Protecting Your Privacy: The Risks of Sharing Sensitive Data with AI Tools

Deliberately Safeguarding Privacy and Confidentiality in the Era of Generative AI

Presented by Reed N. Hedges, Digital Initiatives Librarian at the College of Southern Idaho

Introduction

Reed N. Hedges delivered a presentation focusing on the critical importance of safeguarding privacy and confidentiality when using generative artificial intelligence (AI) tools. The session highlighted the potential risks associated with sharing sensitive data with AI models and provided actionable recommendations for users and professionals in the library and information science fields.

Personal Anecdotes and the Need for Caution

Hedges began by sharing several personal anecdotes illustrating how individuals unknowingly compromise their privacy by inputting sensitive information into AI tools:

• A user who spends long hours chatting with GPT-4, sharing more personal information with the AI than with their own spouse.
• An individual who input all their grandchildren's data into an AI to generate gift ideas.
• A person who provided detailed demographic data of a local social group, including identifiable information, to plan activities and programs.
• A user who entered their entire family budget into an AI tool for financial management.

These examples underscore the pressing need for users to be more conscientious about the data they share with AI systems.

Main Point: Do Not Input Sensitive Data into AI Tools

The core message of the presentation is clear: Users should not input any sensitive or personal data into prompts for generative AI tools. This includes business information, personal identifiers, or any data that could compromise individual or organizational privacy.

Privacy Policies and Data Handling by AI Tools

Hedges highlighted specific concerns regarding popular AI tools:

• Google Bard: Explicitly notes that human supervisors may read user data, emphasizing the importance of anonymization.
• OpenAI's ChatGPT: Terms of use discuss the need for proprietary data protection. Users can have a more privacy-conscious session by using OpenAI's Playground or adjusting settings at privacy.openai.com/policies.
• Perplexity AI: Evades questions about data handling and extrapolation.

The Challenge of Legal Recourse and Privacy Harms

The presentation delved into the limitations of current privacy laws:

• Harm Requirement: Courts often require proof of harm, which is challenging when privacy violations involve intangible injuries like anxiety or frustration.
• Impediments to Enforcement: The need to establish harm impedes the effective enforcement of privacy violations, allowing wrongdoers to escape accountability.
• Lack of Adequate Legal Framework: The existing legal system lacks effective mechanisms to address privacy harms resulting from AI data handling.

Extrapolation and Inference by AI Tools

Generative AI models can infer additional information beyond what users explicitly provide:

• Data Extrapolation: AI tools can infer behaviors, engagement patterns, and personal attributes from minimal data inputs.
• Privacy Risks: Such extrapolation can inadvertently reveal sensitive information, including learning disabilities or mental health issues.
• Example: Even generic prompts can lead to AI inferring personal details that compromise privacy.

Recommendations for Safeguarding Privacy

1. Transparency in Data Collection

• Inform users about the data being collected and its intended use.
• Only OpenAI's ChatGPT and Anthropic's Claude explicitly deny storing and extrapolating user data.

2. Informed Consent

• Obtain explicit consent before collecting or using personal information.
• Ensure users are aware of the implications of data sharing with AI tools.

3. Data Minimization

• Limit data collection to what is absolutely essential for the task.
• Avoid including unnecessary personal or demographic details in AI prompts.

4. Anonymization and Avoiding Sensitive Information

• Do not include individual attributes or identifiers in AI prompts.
• Use synthetic or generalized data where possible.
• Be cautious even with public data, as ethical considerations remain.

5. Implement Strict Access and Use Controls

• Enforce a "least privilege" access model, using tools that require minimal data access.
• Ensure staff and users are clear on what data can be input into AI tools.

6. Use Human Content Moderation

• Have prompts reviewed by multiple individuals to screen for privacy issues.
• This process can also enhance quality control.

7. Be Skeptical of "Secure" AI Tools

• Avoid promising or assuming that any AI tool is completely secure.
• Recognize that even custom AI models can be vulnerable to exploitation.

Understanding AI Terms of Service

Users should familiarize themselves with the terms of service of AI tools:

• Ownership of Content: OpenAI states that users own the input and, to the extent permitted by law, the output generated.
• Responsibility for Data: Users are responsible for ensuring that their content does not violate any laws or terms.
• Data Use: AI providers may use input data for training and improving models unless users opt out.

Final Thoughts on Privacy Practices

Hedges emphasized that traditional privacy protection principles remain relevant but must be applied more diligently in the context of AI:

• Extra Vigilance: Users must be proactive in safeguarding their data when interacting with AI tools.
• Data Breaches are Inevitable: Even with safeguards, data breaches can occur; therefore, minimizing shared data is crucial.
• Reassessing the Need for AI: Consider whether using AI is necessary for a given task, especially when handling sensitive information.

Conclusion

In the era of generative AI, safeguarding privacy and confidentiality requires deliberate and informed actions by users and professionals. By understanding the risks, adhering to best practices, and educating others, individuals can mitigate potential harms associated with AI data handling.

References and Further Reading

• Danielle Keats Citron and Daniel J. Solove: "Privacy Harms" - A comprehensive paper discussing the challenges in addressing privacy violations legally.
• Shantanu Sharma: "Artificial Intelligence and Privacy" - An exploration of AI's impact on privacy, available on SSRN.
• Nathan Hunter: "The Art of ChatGPT Prompting: A Guide to Crafting Clear and Effective Prompts" - A book providing insights into effective AI interactions.

Links to these resources were provided during the presentation for attendees interested in deepening their understanding of AI privacy concerns.