'Shadow AI' Increases Privacy, Data Risk, Lawyers Say
As the integration of AI tools into everyday workflow without formal oversight increases, security incidents rise as well, said Monday's MoFo Privacy Minute blog post. However, training and technical guardrails can help mitigate the risks of AI use, Morrison Foerster lawyers Linda Clark and Dan Alam added.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Deploying unapproved or unsecured AI tools is known as Shadow AI.
In a recent IBM report 20 percent of organizations surveyed suffered a security incident involving Shadow AI, "with such incidents reportedly being more likely to result in the exposure of personal information and intellectual property than other types of security incidents," the blog said.
"Where an employee provides input containing confidential information or personal information" into Shadow AI, "the company will not be able to control how that information is subsequently used by the Shadow AI system provider, how it is protected, or what rights of deletion, if any, exist," the lawyers said. The systems also are not "subject to the company’s standard vendor due diligence,"and will not "have adequate security controls to protect the company’s information or provide output that is sufficiently accurate for the given purpose."
But the use of AI systems "can deliver significant productivity benefits to employees," so it's essential to employ "appropriate legal and cybersecurity oversight," Clark and Alam said. Companies can use blocking lists to prevent attempted uses of Shadow AI, as well as train employees about the risks of Shadow AI use.
"Providing clear information to employees on what AI tools are authorized" and "providing parameters" is a good way for companies to ensure employees are less likely to use Shadow AI.