What sorts of guardrails should be considered before making ChatGPT part of your org’s security compliance efforts?

1.5k views1 Upvote6 Comments

Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
The most important parameter would be - 1. what to share? 2. How to share ? 3. Which dept should use ? 
Senior VP & CISO, 1,001 - 5,000 employees
Review existing polices data governance, data protection, acceptable use, infosec, etc.  Communicate reminder on those policies.  Consider a governance committee.
CISO in Software, 201 - 500 employees
Your regulatory environment will inform some of this. Production environments should inform most of the rest. 

For those opposed to hitting ChatGPT with the ban-hammer I think it's likely you will see some sort of structured review and approval process folded into most corporate governance. 
Director of IT in Energy and Utilities, 10,001+ employees
Definition of standards and policies for reference points in compliance efforts.
Global Head of AI, Data & Analytics in Software, 10,001+ employees
Is your data being sent back for model training
Is there a reason ChatGPT specifically is being made part of the efforts
What is the nature of the data and who are the users of the chatbot
Director of Enablement, 501 - 1,000 employees
Many vendors are adding OpenAI connectors to their products under the guise that ‘they’re an AI company now’

Check what they’re doing with your data.

Are they issuing new Data Processing Agreements? Do they have your consent to send data to a third party?

When OpenAI has another data breach, what impact will this have on your business?

Content you might like

Cyber insurance with ransomware coverage44%

Law enforcement contact(s)44%

Ransomware response plan60%

Ransomware task force/team39%

Bitcoin account for ransomware payments14%

Disaster recovery site33%

Other (comment below)1%



Fraud mitigation19%

Protection of reputation and brand56%

Protection of consumer data19%

Regulatory or compliance requirements6%



CTO in Software, 11 - 50 employees
No, we haven't published corporate guidance establishing guardrails for use of commercial generative AI services.
Read More Comments
2.3k views1 Upvote3 Comments