Content and prompts submitted into a generative AI tool can be shared with the tool’s training dataset and shared in some manner with other users. Many of these policies share that data is automatically collected to enhance their training data, algorithm, and products (text, graphics, visual, audio, etc.). As with all terms and conditions, a generative AI tool’s privacy policy can be updated anytime. Check the data privacy policy of the tool regularly for how data is collected, used, and stored. It is best practice not to share sensitive information, personal or confidential, of any kind.
A few questions to consider:
- Is the data privacy policy findable?
- Are you asked for consent to provide data or are you automatically opt-in?
- How long is your data held (data retention)?
- What securities are there for de-identification?
- How are privacy risks addressed?
- Is there a third-party company involved? If so, what access and control does this company have over the data collected?