Security & Privacy Considerations

Before using ChatGPT at work, you need to understand what you can and cannot share. Getting this wrong could violate company policies, break regulations, or expose sensitive data.

What Happens to Your Data?

When you send a message to ChatGPT:

Your input is processed by OpenAI's servers
Responses are generated based on the model's training
By default, your conversations may be used to improve the model

This means anything you type could potentially be reviewed by OpenAI or used in training data.

What You Should NEVER Share

These categories of information should never be entered into ChatGPT:

Personal Identifiable Information (PII)

Social Security numbers
Credit card numbers
Bank account details
Home addresses
Personal phone numbers
Medical records

Company Confidential Information

Trade secrets
Proprietary code or algorithms
Unreleased product details
Financial data before public disclosure
Customer lists and contact information
Internal strategy documents
Merger and acquisition plans

Authentication Credentials

Passwords
API keys
Access tokens
Security certificates
Private encryption keys

Legal and Compliance Data

Attorney-client privileged communications
Information under NDA
Regulated data (HIPAA, GDPR, etc.)
Active litigation details

Safe vs. Unsafe Examples

Unsafe	Safe Alternative
"Write an email to john.smith@company.com about his salary increase of $15,000"	"Write an email to an employee about a salary increase"
"Analyze this customer data: [actual data]"	"Analyze sample data: [anonymized or fictional data]"
"Here's our unreleased product spec: [details]"	"Help me write a product spec for a hypothetical widget"
"Review this code with our API key embedded"	"Review this code: [with sensitive values redacted]"

Privacy Settings in ChatGPT

OpenAI offers settings to control how your data is used:

Chat History & Training

Go to Settings > Data Controls
Toggle "Chat history & training" OFF to prevent conversations from being used for model improvement
Note: OpenAI may still retain data for 30 days for safety monitoring

ChatGPT Enterprise/Team

If your company uses ChatGPT Enterprise or Team:
- Your data is NOT used for training
- You get additional security features
- Data is encrypted at rest and in transit
- Check with your IT department about your plan

Loading Prompt Playground...

The Anonymization Technique

When you need to discuss sensitive topics, anonymize the details:

Instead of:

Our competitor Acme Corp is launching a product at $299.
How should we respond with our product called SuperWidget?

Use:

A competitor is launching a similar product at a lower price point.
How should a company respond when facing price competition?

Loading Prompt Playground...

Company Policy Checklist

Before using ChatGPT at work, verify:

Does your company allow AI tool usage?
Is there an approved AI usage policy?
Are there specific tools that are approved vs. prohibited?
What data classifications are off-limits?
Do you need to disclose AI assistance in your work?
Is there a required review process for AI-generated content?

Many companies now have formal AI policies. Check with your:

IT department
Legal/Compliance team
Manager or HR

Industry-Specific Considerations

Healthcare (HIPAA)

Never enter patient information
Don't discuss specific cases with identifiable details
Use ChatGPT only for general medical information, not patient care

Finance (SEC, FINRA)

Don't share material non-public information
Be cautious with trading strategies
Follow record-keeping requirements

Legal

Never share privileged communications
Anonymize all case details
Verify all legal information independently

Government

Follow security clearance requirements
Never discuss classified information
Check agency-specific policies

Best Practice: The Review Step

Always review AI-generated content before using it:

Accuracy - Verify facts and figures
Sensitivity - Check for inadvertent disclosure
Appropriateness - Ensure tone matches your context
Compliance - Confirm it meets company standards

Key Takeaways

Default assumption: Anything you type could be seen by others
Never share: PII, credentials, confidential business data
Anonymize: Replace specific details with generic equivalents
Check settings: Turn off training data usage if needed
Know your policy: Understand your company's AI rules
Review everything: Always check before sending

Taking a few extra seconds to protect sensitive information prevents serious consequences. When in doubt, don't share it.

Security & Privacy Considerations

Before using ChatGPT at work, you need to understand what you can and cannot share. Getting this wrong could violate company policies, break regulations, or expose sensitive data.

What Happens to Your Data?

When you send a message to ChatGPT:

Your input is processed by OpenAI's servers
Responses are generated based on the model's training
By default, your conversations may be used to improve the model

This means anything you type could potentially be reviewed by OpenAI or used in training data.

What You Should NEVER Share

These categories of information should never be entered into ChatGPT:

Personal Identifiable Information (PII)

Social Security numbers
Credit card numbers
Bank account details
Home addresses
Personal phone numbers
Medical records

Company Confidential Information

Trade secrets
Proprietary code or algorithms
Unreleased product details
Financial data before public disclosure
Customer lists and contact information
Internal strategy documents
Merger and acquisition plans

Authentication Credentials

Passwords
API keys
Access tokens
Security certificates
Private encryption keys

Legal and Compliance Data

Attorney-client privileged communications
Information under NDA
Regulated data (HIPAA, GDPR, etc.)
Active litigation details

Safe vs. Unsafe Examples

Unsafe	Safe Alternative
"Write an email to john.smith@company.com about his salary increase of $15,000"	"Write an email to an employee about a salary increase"
"Analyze this customer data: [actual data]"	"Analyze sample data: [anonymized or fictional data]"
"Here's our unreleased product spec: [details]"	"Help me write a product spec for a hypothetical widget"
"Review this code with our API key embedded"	"Review this code: [with sensitive values redacted]"

Privacy Settings in ChatGPT

OpenAI offers settings to control how your data is used:

Chat History & Training

Go to Settings > Data Controls
Toggle "Chat history & training" OFF to prevent conversations from being used for model improvement
Note: OpenAI may still retain data for 30 days for safety monitoring

ChatGPT Enterprise/Team

If your company uses ChatGPT Enterprise or Team:
- Your data is NOT used for training
- You get additional security features
- Data is encrypted at rest and in transit
- Check with your IT department about your plan

Loading Prompt Playground...

The Anonymization Technique

When you need to discuss sensitive topics, anonymize the details:

Instead of:

Our competitor Acme Corp is launching a product at $299.
How should we respond with our product called SuperWidget?

Use:

A competitor is launching a similar product at a lower price point.
How should a company respond when facing price competition?

Loading Prompt Playground...

Company Policy Checklist

Before using ChatGPT at work, verify:

Does your company allow AI tool usage?
Is there an approved AI usage policy?
Are there specific tools that are approved vs. prohibited?
What data classifications are off-limits?
Do you need to disclose AI assistance in your work?
Is there a required review process for AI-generated content?

Many companies now have formal AI policies. Check with your:

IT department
Legal/Compliance team
Manager or HR

Industry-Specific Considerations

Healthcare (HIPAA)

Never enter patient information
Don't discuss specific cases with identifiable details
Use ChatGPT only for general medical information, not patient care

Finance (SEC, FINRA)

Don't share material non-public information
Be cautious with trading strategies
Follow record-keeping requirements

Legal

Never share privileged communications
Anonymize all case details
Verify all legal information independently

Government

Follow security clearance requirements
Never discuss classified information
Check agency-specific policies

Best Practice: The Review Step

Always review AI-generated content before using it:

Accuracy - Verify facts and figures
Sensitivity - Check for inadvertent disclosure
Appropriateness - Ensure tone matches your context
Compliance - Confirm it meets company standards

Key Takeaways

Default assumption: Anything you type could be seen by others
Never share: PII, credentials, confidential business data
Anonymize: Replace specific details with generic equivalents
Check settings: Turn off training data usage if needed
Know your policy: Understand your company's AI rules
Review everything: Always check before sending

Taking a few extra seconds to protect sensitive information prevents serious consequences. When in doubt, don't share it.

Security & Privacy Considerations

What Happens to Your Data?

What You Should NEVER Share

Personal Identifiable Information (PII)

Company Confidential Information

Authentication Credentials

Legal and Compliance Data

Safe vs. Unsafe Examples

Privacy Settings in ChatGPT

Chat History & Training

ChatGPT Enterprise/Team

The Anonymization Technique

Company Policy Checklist

Industry-Specific Considerations

Healthcare (HIPAA)

Finance (SEC, FINRA)

Legal

Government

Best Practice: The Review Step

Key Takeaways

Quiz

Security & Privacy Considerations

What Happens to Your Data?

What You Should NEVER Share

Personal Identifiable Information (PII)

Company Confidential Information

Authentication Credentials

Legal and Compliance Data

Safe vs. Unsafe Examples

Privacy Settings in ChatGPT

Chat History & Training

ChatGPT Enterprise/Team

The Anonymization Technique

Company Policy Checklist

Industry-Specific Considerations

Healthcare (HIPAA)

Finance (SEC, FINRA)

Legal

Government

Best Practice: The Review Step

Key Takeaways

Quiz