What sorts of guardrails should be considered before making ChatGPT part of your org’s security compliance efforts?

Question

Answer

The most important parameter would be - 1. what to share? 2. How to share ? 3. Which dept should use ?

Answer

Review existing polices data governance, data protection, acceptable use, infosec, etc. Communicate reminder on those policies. Consider a governance committee.

Answer

Your regulatory environment will inform some of this. Production environments should inform most of the rest.

For those opposed to hitting ChatGPT with the ban-hammer I think it's likely you will see some sort of structured review and approval process folded into most corporate governance.

Answer

Definition of standards and policies for reference points in compliance efforts.

Answer

Is your data being sent back for model training Is there a reason ChatGPT specifically is being made part of the efforts What is the nature of the data and who are the users of the chatbot

Answer

Many vendors are adding OpenAI connectors to their products under the guise that ‘they’re an AI company now’

Check what they’re doing with your data.

Are they issuing new Data Processing Agreements? Do they have your consent to send data to a third party?

When OpenAI has another data breach, what impact will this have on your business?

What sorts of guardrails should be considered before making ChatGPT part of your org’s security compliance efforts?

Content you might like

Which of the following measures do you have in place to safeguard against ransomware attacks?

What is your organization's main driver to secure your mobile payment application(s)?

What are real ways enterprises will consume AI?

What’s the biggest gap you see right now in generative AI tools? What type of tool do you wish was on the market?

Have you published corporate guidance establishing guardrails for use of commercial generative AI services?