ChatGPT consumes data at an incredible rate and produces information in such novel ways that there is no way to know the amount of risk involved in exposing yourself to it. Nevertheless, legal work means dealing with a lot of words and ChatGPT is the most powerful word tool ever created. If you work as a lawyer or in a law office we hope this post accelerates your adoption of AI based tools like ChatGPT by removing data privacy concerns as an obstacle.
The Current State of Data Privacy
Whether it is an older information technology like email or a cutting edge products like ChatGPT the following apply:
- We create an abundance of private information.
- Bad actors are trying steal it.
- Companies are trying to trick us into sharing it.
For legal professionals, the stakes are high and with the surge in popularity of AI tools like ChatGPT, understanding the risk is key.
Data Privacy for Legal Professionals
Legal professionals deal with two types of data:
- Personal Data: This encompasses all personal and professional information related to the lawyer or the law firm.
- Client Data: This can be routine data, such as scheduled meetings, or highly sensitive data like confidential information and case facts.
Losing control of client data can have severe repercussions. Nobody wants to notify a client that their personal information has been accidently shared with some new highly intelligent AI that nobody really understands. Client data and personal data should always be separated, and risk should be assessed accordingly.
The Deleting Solution
You can certainly reduce risk by deleting ChatGPT chats, ensuring that sensitive discussions don't linger. Keep in mind that OpenAI’s current policy removes deleted chats from OpenAI’s servers after 30 days, so anything you delete will still be accessible (read: through subpoena or other means) for about a month.
One drawback of deleting chats is that you lose the context of that conversation. ChatGPT’s ability to remember what has been previously discussed in a chat is a handy feature, without it you must reintroduce the context of the conversation each time.
Key Takeaways from OpenAI's Privacy Policy
- Client Data Confidentiality: OpenAI may capture and store client data introduced into the system.
- Data Training: ChatGPT utilizes user data to refine its algorithms, which means the data you provide might be used to train the AI further. However they do not train on data submitted through their API.
- Third-Party Data Sharing: In specific scenarios, personal information could be shared with third parties.
The Bottom Line
Not the most inspiring privacy policy in the world but I think you will find it similar to most email hosting providers. Which is to say that you should feel comfortable sharing any information with ChatGPT that you would share in an email. Anything beyond that requires understanding how to leverage OpenAI’s API or waiting until a more personalized privacy focused solution is available.
Don’t Forget About “Plugins”
Plugins enhance ChatGPT's functionality, but they also introduce additional data handling entities. When you engage with a plugin, your data moves through both OpenAI's and the plugin creator's server. This doubles your risk and binds you to both OpenAI's privacy policy and the policy of the plugin provider.
Traditional Privacy Concerns Reimagined
ChatGPT, owned by OpenAI, has a mix of traditional data privacy concerns and the modern challenges posed by emerging technology. The ability of ChatGPT to analyze and summarize vast amounts of data makes traditional data breaches even more concerning. Imagine a scenario where an attacker gets access to your past emails then leverages ChatGPT to mimic your communication style.