Generative AI Trends

All the latest news and trends
How to use ChatGPT data controls to minimize data confidentiality risks

shared by Naveen Kohli on Sunday, July 9, 2023 •

In my previous posts I talked about What is Generative AI and Limitations and Risks associated with ChatGPT. In this post I will discuss how to use ChatGPT securely to protect confidentiality of your personal, your organization and your client's data.

You may be wondering why confidentiality of data is of any concern when using ChatGPT. To understand this risk, you will not to understand the mechanics of the conversation. A person who is using ChatGPT to get answers, will enter prompts. These prompts contain information about the subject for which you need help. As part of this conversation, you will prompt ChatGPT with context, specific details etc. Some of these details may contain confidential information about your organization, your project and your client. If you are using Code Interpreter, you may have uploaded some data files as well.

Data Retention

From security and confidentiality point of view, I will assume the worst. Let's first identify what could have happened to the prompts and uploaded data files.

  • All prompts and related information is available to ChatGPT team and probably is saved in some logs for later review for learning process.
  • Uploaded data files may have been saved on ChatGPT server and is available to ChatGPT team for review.
  • If your prompts and data file contains PII information that people other than you have seen it.

There is one more threat surface that you need to be aware of it. It is your ChatGPT account and availability of prompts and data files for later review by you and use by ChatGPT team for model training. I will strongly recommend reading information on Data Controls FAQ

I will summarize some of the Data Controls items for your convenience. Before I do that, you need to be aware of the settings that plays important in deciding what happens to your data.

If you have not changed your setting, you probably have Chat history & training option turned ON. Pay close attention to the description of this setting. This is what it reads.

Save new chats on this browser to your history and allow them to be used to improve our models. Unsaved chats will be deleted from our systems within 30 days. This setting does not sync across browsers or devices.

  • If the option is turned ON, all conversations are saved in your account's history untill you explicitly delete them.
  • If the option is turned OFF, all conversations may be saved for 30 days. After that time, the chat history will be removed.
  • Irrespective of this setting state, ChatrGPT can use your data for model training.
  • To prevent ChatGPT from using your data for model training, you will need to send a seperate request to ChatGPT. You are required to fill Request Form.
  • If you are using ChatGPT from multiple devices, the setting needs to be updated on each device. If you turn it off from one device, it will not turn it off from other devices. I hope ChatGPT will enhance this functionality in the future and sync the settings across all devices for an account.

Account Safety & Data Leak

Another aspect of data confidentiality is related to user account compromise. If a hacker takes control of ChatGPT account of a user, it gains access to chat history along with the data. The reason for the user account can be through any means. There have alread been reported incidents of more than 100,000 ChatGPT account being compromised. I will assume the worst and do everything possible to reduce the impact of user account compromise.

What can I do?

To minimize the risk of data leak and preserve data confidentiality, I personally use following settings and rules.

  • Turn off Data Control settings for Chat history & training

  • Fill the form to request ChatGPT not to use my prompts for model training.

  • Explcitly delete the conversation after I am done with the task related to that subject.

  • Do not share your conversation with anybody including team members. You do not know what the other person is going to do with the conversation you have shared. This may sound very harsh, but sometime you have to take exreme steps to protect data confidentiality.

  • If I need to preserve the chat for later use, export it and save on your encrypted device.

ChatGPT is planning to have a business plan for corporate user. I will hope that the business plan will provide more control on the data use and data retention. Until then, take all the precaution to protect confidentiality of the data.

Tags: chatgpt generative ai cybersecurity

Share this post
Recent Posts
Limitations and risks associated with ChatGPT

Shared by Naveen Kohli

Time: 8:34 AM

What is text to image Generative AI

Shared by Naveen Kohli

Time: 10:41 AM

Popular AI Tools