ChatGPT – A New-Age Privacy Nightmare?

As a wave of obsession with ChatGPT crashes, SMEs to multinational corporations are scrambling to gauge the level of exposure of a cyber-security breach occurring within their business.

With the recent enactment of the Fair Work Amendments, the benefits of conducting a workplace audit to revamp workplace policies and engage in an active compliance culture seem endless. Cutting-edge artificial intelligence and machine learning applications require employers to turn their attention to protecting their goodwill from cyber threats, including the negative implications of ChatGPT.

Let’s talk about it.

What is ChatGPT?

ChatGPT is an Open AI chatbot powered by voluminous amounts of data and computing techniques that predict the formulation of words in a meaningful way. Beyond the strategic sequence of words, ChatGPT responds to a criteria or context and mimics speech patterns that correspond to that plugged-in data.

For example, a user can request ChatGPT to write a marketing article emphasising the data and cyber security risks of machine learning artificial intelligence in the workplace.*

The program evaluates human prompts and generates sophisticated responses on a public user interface accessible to any individual with access to the world wide web.

Public Discourse

Major tech-giants including Microsoft have announced plans to incorporate the cutting-edge technology into its products including Bing and Office applications. Professional services firms and organisations nation-wide have diverse views, with some firms embracing the technology insofar that sensitive information is not disclosed. Others have built a firewall in fear that the technology presents greater harm than good.

What’s the harm in cyber-chat?

Leak of Confidential and Sensitive Data

Employees of organisations, irrespective of size, are bound by confidentiality obligations to their employer. Depending on the terms of employment, confidentiality often survives termination of employment or requires an employee to sign a separate non-disclosure agreement.

Employees using ChatGPT can inadvertently share confidential corporate information, or sensitive client information that feeds into the chatbot to ask for tips or advice on how to improve their work. This human input acts as an internal software code that ChatGPT uses as a machine learning mechanism to train, evolve and improve. As a result, ChatGPT can potentially share versions of the confidential or sensitive information in future exchanges with other users.

To add a level of complexity, if your employees are bound by professional privilege to their clients and customers, the consequences of a data-breach could be far greater.

            Trade Secrets and Intellectual Property

A few weeks after the launch of ChatGPT, a group of Amazon employees asked an internal Slack channel whether they could use the chatbot for work-related purposes. It was noted that ChatGPT was permitted insofar that any Amazon information, including the Code that was being developed could not be shared because the “input may be used as training data for a further iteration of ChatGPT…which closely matches existing material”.

Employees plugging in trade secrets that form the intellectual property and goodwill of the company to generate and improve their content may find that ChatGPT uses and reproduces that input, thereby disseminating your company’s commercial information to the public.

New Tech calls for New Workplace Policies

We often see SMEs demonstrate a heavy reliance on technology but lack the internal governance to properly manage its use and protect the business from data and privacy breaches.

Regardless of the industry, any business must protect its best assets including confidential information and intellectual property. We recommend employers introduce a Cyber Policy in their organisation to address:

• Device purpose and permitted usage;
• Prohibited uses, which may include AI chat bots such as ChatGPT depending on personal preference;
• Entitlement to track employee IT usage for the purposes of performance metrics, compliance with workplace policies and procedures, and assessing the changing operational needs of the business;
• Data and Privacy infrastructure, that is the mechanisms in place to avoid a data breach occurring such as mandatory anti-virus software reboots; and
• Employee knowledge and expectations on cyber-threats, including training on phishing attacks, malware installation, ransom attacks etc.

At Chamberlains Law Firm, we provide wholistic solutions to clients affected by rapid developments in the tech-space. Contact us for a Workplace Audit to assess the operational needs of your business, risks of cyber-attacks and introducing an iron-clad Cyber Policy that brings your business in line with industry standards.

This article was prepared with the assistance of Jasmin Mantoufeh.

*No AI chatbots were used in the drafting of this article.

Butlers Business Lawyers and Chamberlains Law Firm have merged!

Joining forces with the Chamberlains Team has expanded our capabilities beyond what we thought possible. This means introducing a new cast of talented legal practitioners along with a massive expansion in expertise areas such as Building & Construction, Insurance Law, Private Wealth Law and more. This alliance will ensure that new and existing clients will experience a higher calibre of legal support in a variety of areas with the help of some new faces. Learn more about Chamberlains Law Firm here.