The Three Buckets That Decide Everything
Stop trying to memorize a 40-page acceptable use policy. You need three buckets for every piece of information that crosses your desk: green, yellow, red.
Green is anything already public or anything you'd happily put on a billboard. Job descriptions you've posted. Marketing copy that shipped. Public docs from vendors. Paste it into any tool without thinking.
Yellow is internal but not sensitive. Sprint plans, retro notes, draft strategy docs, anonymized customer feedback. This stuff can go into your company-approved AI tool (the one with a no-training agreement), but never into a free consumer chatbot you signed up for with your personal email.
Red is the stuff that ends careers. Customer PII, payroll, unreleased financials, security incidents, performance reviews with names attached, legal matters, source code from regulated systems, anything covered by NDA. Red data does not go into AI tools. Not the enterprise one. Not the one your CTO approved last week. Not "just to summarize it real quick." If you would not email it to a vendor, do not paste it into a model.
Teach your team these three colors and you have eliminated 90% of the risk. Everything else is paperwork.
What Actually Leaks (And Why You Should Care)
The horror stories are not theoretical. Engineers have pasted proprietary source code into chatbots that retained it for training. Recruiters have dropped entire candidate lists into summarizers. Finance teams have run month-end numbers through tools that log every prompt to a vendor's servers in a jurisdiction nobody on the team can name.
The risk is not always "your data shows up in someone else's chat." It is more often:
- Compliance violations β GDPR, HIPAA, SOC 2, and your customer contracts all have something to say about where data goes.
- Vendor lock-in via leakage β once your IP is in a third-party log, you cannot pull it back.
- Discovery exposure β in litigation, prompts and outputs are discoverable. "I just asked the AI" is not a defense.
- Subprocessor sprawl β every AI tool your team signs up for is a new subprocessor your security team did not approve.
You do not need to scare the team. You need to make the safe path the easy path.
The One-Page Team AI Policy
If your policy is longer than one page, nobody will read it. Here is the skeleton. Fill in the blanks for your org and ship it.
TEAM AI POLICY β [Team Name]
1. APPROVED TOOLS
- [Tool 1] β enterprise account, no-training agreement on file
- [Tool 2] β same
Use these. Do not sign up for new ones without asking [name].
2. WHAT YOU CAN PASTE
- Green (public): anything
- Yellow (internal): approved tools only
- Red (sensitive): never. If unsure, ask before pasting.
Red includes: customer PII, financials before release, performance
reviews with names, source code from [system X], anything under NDA.
3. WHAT AI OUTPUT NEVER DOES ON ITS OWN
- Send external emails
- Make hiring/firing decisions
- Approve spend
- Change production systems
A human owns every consequential action.
4. ATTRIBUTION
When AI wrote or heavily edited something that ships externally,
review it line by line. You sign it, you own it.
5. WHEN SOMETHING GOES WRONG
Tell [name] within 24 hours. No punishment for honest mistakes.
Punishment for hiding them.
That is the whole thing. Print it. Pin it. Reference it in onboarding. Revisit it quarterly.
Handling Vendor and Compliance Questions Without Freezing
Your security team will ask hard questions. Your legal team will ask harder ones. Customers will send you 80-question AI questionnaires. The instinct is to freeze the team until everything is answered. Do not.
Instead, separate what's blocked from what's pending review. Most AI use is fine. A small subset needs a closer look. Keep working in the green zone while the yellow zone gets vetted.
When a vendor or auditor asks where your AI tools store data, what they train on, and who their subprocessors are, you should be able to answer in two sentences per tool. If you can't, you have not done the work yet. A useful prompt:
You are helping me prepare a vendor due-diligence summary for our
AI tools. For each tool below, draft 3 bullet points covering:
data residency, training opt-out status, and subprocessor list.
Flag anything you're not 100% sure about as "VERIFY" β do not guess.
Tools: [list]
Then verify every claim before sending it. The AI is a drafting tool, not a compliance officer.
For deeper grounding on the ethics side, /courses/ai-ethics-responsible-ai is worth an afternoon. For broader manager-level operating patterns around AI in the org, /courses/ai-for-managers-playbook pairs well with this chapter.
Enforcement Without the Surveillance Theater
You cannot watch every prompt your team writes. Stop trying. Instead:
- Default to approved tools by buying enterprise seats so nobody has an excuse to use the free consumer version.
- Block known-bad domains at the network level if your IT team supports it β quiet enforcement beats angry emails.
- Run quarterly red-team prompts in your own team meetings. "Here's a fake scenario β would you paste this? Why or why not?" Five minutes. Builds the muscle.
- Make reporting easy. A Slack channel called #ai-help where anyone can ask "is this okay to paste?" without judgment is worth more than three policies.
The teams that handle AI risk well are not the ones with the strictest rules. They are the ones where people feel safe asking before they paste, and safe admitting when they pasted something they shouldn't have.
What Good Looks Like in 90 Days
You will know your policy is working when three things happen. People ask "is this okay?" in your team channel without being prompted. Your security team stops sending you panicked emails. New hires can explain the three buckets on day two.
You will know it is failing when nobody mentions AI at all in policy contexts, but you can see in the logs that everyone is using it anyway. Silence is not compliance. It is the sound of risk accumulating.
Pick the green/yellow/red model. Ship the one-pager this week. Then get back to the actual work.