The global community is abuzz over ChatGPT, the AI model specifically designed for conversational language understanding and generation. Its dialogue format allows ChatGPT to engage with users in a human-like manner, meaning that it can answer follow-up questions, admit its mistakes, challenge user premises, and reject inappropriate requests. While generative AI and large language models have opened the door to a new technological era, ChatGPT users should be aware of how the model operates and understand the data privacy risks of inputting any confidential information into the platform.
How does ChatGPT work?
ChatGPT was created by OpenAI and launched online on November 30, 2022. Like other large language models, ChatGPT is a generative AI model that accesses vast amounts of real data from the internet to respond to user queries. What makes ChatGPT unique among other generative AI models is its human-like response capabilities. ChatGPT has such capabilities because it was pre-trained on a large collection of conversational data, which allows the technology to understand the context and flow of a conversation. When you input a question or comment to ChatGPT, the program will generate a response by predicting the next word in the conversation. ChatGPT makes this ‘prediction’ by assigning a probability distribution over the vocabulary for the next word and selecting the most likely one as the next word in the response.
What can ChatGPT do?
ChatGPT has an extremely broad functionality. Here are some examples of its capabilities:
- Write, debug, and explain code;
- Write music in almost any genre;
- Solve math problems step by step;
- Create content in different languages;
- Explain complex topics;
- Create jokes;
- Write essays on almost any topic in a variety of tones; and
- Aid in SEO research by giving keywords to related topics.
What data does ChatGPT collect?
ChatGPT saves all data entered by users and all data produced by ChatGPT in response. ChatGPT also collects user IP addresses, browser types and settings, and data on user interactions with the site—such as type of content engaged, features used, and actions taken. Additionally, ChatGPT automatically receives the following information when you use its platform:
- Log data
- IP address;
- Browse type and settings;
- Date and time of request;
- How you interacted with the site.
- Usage data
- Types of content viewed and engaged with;
- Features used and actions taken;
- Time zone, country, date/time of access;
- Type of computer/mobile device.
- Device information
- Name of device;
- Operating system;
- Browser used.
What are the data privacy risks associated with ChatGPT?
You should not enter confidential information into ChatGPT because the model saves all user inputs. In other words, anything you type into ChatGPT may be saved and possibly used by the technology when generating responses for other users. It is important to keep this risk in mind when considering whether to use ChatGPT to draft your resume, for example, because once you enter information in ChatGPT—like your name, address, phone number, and email address—that data will be irretrievably stored in ChatGPT’s model. The same is true of workplace information, such as spreadsheet data or reports.
Who specifically needs to worry about confidentiality and ChatGPT? Many professionals are subject to confidentiality restrictions stemming from non-disclosure agreements or confidentiality agreements. Under the common law, professionals that disclose confidential information might also be liable for a business tort, particularly if the information is an employer’s trade secret. If any of these restrictions apply to you, do not enter any related confidential information into the platform; entering that information into ChatGPT may breach your obligation to protect the confidentiality of that information.
Lawyers and legal professionals have specific ethical responsibilities to maintain attorney-client privilege and the confidentiality of client information, and therefore may not enter any such information into ChatGPT. Medical professionals should also avoid putting patient information into ChatGPT to avoid inadvertently disclosing patient medical information or committing a HIPAA violation.
Is there a way to safeguard the data I enter into ChatGPT?
While it is advisable not to enter confidential information into ChatGPT, the AI recently unrolled a new feature that allows you to disable your ChatGPT history, so your conversations aren’t used to train its model. To opt out, enter ChatGPT and:
- Choose Settings from the menu;
- Click Show next to Data Controls to expand the window, and then toggle the switch next to Chat History & Training to the off position to stop your data from being used to train ChatGPT.
Remember, opting out will not protect your confidential information, so be advised not to enter any sensitive information into ChatGPT. OpenAI will still store your conversations with ChatGPT for 30 days and review those transcripts, even if you turned off your chat history. For this reason, make sure to delete or ‘anonymize’ any sensitive information (change names, addresses, financial information, etc.) before putting it into ChatGPT.
Conclusion
As ChatGPT is transforming our day-to-day lives, it is important to remember that there are serious risks associated with entering confidential information into the platform. If you are unsure about your responsibilities with respect to confidentiality, speak with a member of our team for next steps.