www.computerweekly.com
Open in
urlscan Pro
2606:4700::6812:1cda
Public Scan
Submitted URL: https://e.zmp.techtarget.com/click?EZmlvbmEudGF5bG9yQGViZ2FtZXMuY29t/CeyJtaWQiOiIxNjg4NDMwNzE4NDY4Mzc3NWVhYTc0MTY2IiwiY3QiOiJ...
Effective URL: https://www.computerweekly.com/feature/ChatGPT-is-creating-a-legal-and-compliance-headache-for-business?utm_campaign=20230703_H...
Submission: On July 04 via api from US — Scanned from DE
Effective URL: https://www.computerweekly.com/feature/ChatGPT-is-creating-a-legal-and-compliance-headache-for-business?utm_campaign=20230703_H...
Submission: On July 04 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.computerweekly.com/search/query
<form action="https://www.computerweekly.com/search/query" method="get" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input" id="header-search-input" type="text" name="q" placeholder="Search Computer Weekly">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
<ul class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all" id="ui-id-1" tabindex="0" style="display: none;"></ul>
</form>Text Content
3
Trending Now
2023 IT Priorities APAC ReportDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
*
2023 IT Priorities APAC ReportDownload Now
*
Innovation Awards APAC 2023 - Project of the Year: Mondelez
InternationalDownload Now
*
Innovation Awards APAC 2023 - Telecommunications: SensorFlowDownload Now
Search the TechTarget Network
Join CW+
Login Register Cookies
* News
* In Depth
* Blogs
* Opinion
* Videos
* Photo Stories
* Premium Content
* Webinars
* IT Salary Survey infographic
RSS
* IT Management
* IT leadership & CW500
* IT architecture
* IT efficiency
* Governance
* Innovation
* Legislation & regulation
* Operations & support
* Project management
* Strategy
* Supplier management
* Business issues
* Sponsored Communities
* Industry Sectors
* Healthcare IT
* Charity IT
* Business services IT
* Financial services IT
* Government & public sector IT
* Leisure & hospitality IT
* Manufacturing IT
* Media & entertainment IT
* Retail IT
* SME IT
* Telecoms & internet
* Transport & travel IT
* Utilities IT
* IT suppliers
* Technology Topics
Datacentre View All
* Clustering for high availability and HPC
* Containers
* Converged infrastructure
* Datacentre backup power and power distribution
* Datacentre capacity planning
* Datacentre cooling infrastructure
* Disaster recovery/security
* Green IT
* Performance, monitoring and optimisation
* Systems management
* DevOps
* IaaS
* Server and Operating Systems
* PaaS
* Virtualisation
* SaaS
* Desktop virtualisation platforms
Enterprise software View All
* AI and automation
* Blockchain
* Business applications
* Business intelligence
* Cloud applications
* Collaboration
* CRM
* Database
* ERP
* Financial applications
* HR software
* Middleware
* Microservices
* Windows
* Mobile
* Open source
* Operating systems
* SOA
* Software development
* Software licensing
* Virtualisation
* Web software
IT in Europe and Middle East View All
* IT in France
* IT in the Nordics
* IT in Benelux
* IT in Germany
* IT in Italy
* IT in Poland
* IT in Russia
* IT in Spain
* IT in the Middle East
* IT in Turkey
Information Management View All
* Big data
* Business intelligence and analytics
* BPM
* Content management
* Database management
* Quality/governance
* Data warehousing
* MDM/Integration
IT in Asia-Pacific View All
* IT in ASEAN
* IT in Australia & New Zealand
* IT in India
Internet View All
* Cloud
* E-commerce
* Internet infrastructure
* Social media
* Web development
IT skills View All
* Diversity in IT
* Training
* Jobs
* Management skills
* Technical skills
Hardware View All
* Chips & processors
* Printers
* Storage
* Data centre
* Mobile
* Networking
* PC
* Servers
IT security View All
* Antivirus
* Secure Coding and Application Programming
* Continuity
* Cloud security
* Data Breach Incident Management and Recovery
* Endpoint and NAC Protection
* Cybercrime
* IAM
* Risk management
* Network Security Management
* Data protection
* Compliance Regulation and Standard Requirements
* Security policy and user awareness
* Web Application Security
IT services View All
* Cloud
* Consultancy
* Outsourcing
* Hosting
* Offshore
* Startups
Mobile View All
* Laptop
* Mobile software
* Mobile networking
* Smartphone
* Tablet
Networking View All
* Datacentre networking
* Internet of Things
* Mobile
* Network hardware
* Network monitoring and analysis
* Network routing and switching
* Network security strategy
* Network software
* Software-defined networking
* Telecoms networks and broadband communications
* Unified communications
* VoIP
* WAN performance and optimisation
* Wireless
Storage View All
* Cloud storage
* Containers and storage
* Backup
* Compliance and storage
* Disaster recovery
* Flash and SSDs
* Hyper-convergence
* Object storage
* Disk systems
* Software-defined storage
* Storage switches
* Storage management
* Storage performance
* Virtualisation and storage
Please select a category
* Datacentre
* Enterprise software
* IT in Europe and Middle East
* Information Management
* IT in Asia-Pacific
* Internet
* IT skills
* Hardware
* IT security
* IT services
* Mobile
* Networking
* Storage
* Follow:
*
*
*
* ComputerWeekly.com.br
* ComputerWeekly.de
* ComputerWeekly.es
* LeMagIT.fr
* MicroScope.co.uk
* Home
* Regulatory compliance and standard requirements
kirill_makarov - stock.adobe.com
kirill_makarov - stock.adobe.com
Feature
CHATGPT IS CREATING A LEGAL AND COMPLIANCE HEADACHE FOR BUSINESS
CHATGPT’S INCREASED USE IN THE WORKPLACE HAS LED MANY TO QUESTION ITS LEGAL AND
COMPLIANCE IMPLICATIONS FOR BUSINESSES. EXPERTS WARN THAT THE SOFTWARE POSES
MAJOR SECURITY AND COPYRIGHT RISKS
* Share this item with your network:
*
*
*
*
*
*
*
* *
*
*
*
By
* Nicholas Fearn
Published: 20 Jun 2023
Over the past few months, ChatGPT has taken the professional world by storm. Its
ability to answer almost any question and generate content has led people to use
the artificial intelligence-powered chatbot for completing administrative tasks,
writing long-form content like letters and essays, creating resumes, and much
more.
According to research from Korn Ferry, 46% of professionals are using ChatGPT
for finishing tasks in the workplace. Another survey found that 45% of employees
see ChatGPT as a means of achieving better results in their roles.
But there seems to be a darker side to artificial intelligence (AI) software
that is being overlooked by employees. Many employers fear their staff sharing
sensitive corporate information with AI chatbots like ChatGPT, which could end
up in the hands of cyber criminals. And there’s also a question about copyright
when employees use ChatGPT for automatically generating content.
AI tools can even be biased and discriminatory, potentially causing huge
problems for companies relying on them for screening potential employees or
answering questions from customers. These issues have led many experts to
question the security and legal implications of ChatGPT’s usage in the
workplace.
INCREASED DATA SECURITY RISKS
The increased use of generative AI tools in the workplace makes businesses
highly vulnerable to serious data leaks, according to Neil Thacker, chief
information security officer (CISO) for EMEA and Latin America at Netskope.
He points out that OpenAI, the creator of ChatGPT, uses data and queries stored
on its servers for training its models. And should cyber criminals breach
OpenAI’s systems, they could gain access to “confidential and sensitive data”
that would be “damaging” for businesses.
OpenAI has since implemented "opt-out" and "disable history" options in a bid to
improve data privacy, but Thacker says users will still need to manually select
these.
While laws like the UK’s Data Protection and Digital Information Bill and the
European Union's proposed AI Act are a step in the right direction regarding the
regulation of software like ChatGPT, Thacker says there are “currently few
assurances about the way companies whose products use generative AI will process
and store data”.
BANNING AI ISN’T THE SOLUTION
Employers concerned about the security and compliance risks of AI services may
decide to ban their use in the workplace. But Thacker warns this could
backfire.
“Banning AI services from the workplace will not alleviate the problem as it
would likely cause ‘shadow AI’ – the unapproved use of third-party AI services
outside of company control,” he says.
> AI is more valuable when combined with human intelligence Ingrid Verschuren,
> Dow Jones
Ultimately, it is the responsibility of security leaders to ensure that
employees use AI tools safely and responsibly. To do this, they need to “know
where sensitive information is being stored once fed into third-party systems,
who is able to access that data, how they will use it, and how long it will be
retained”.
Thacker adds: “Companies should realise that employees will be embracing
generative AI integration services from trusted enterprise platforms such as
Teams, Slack, Zoom and so on. Similarly, employees should be made aware that the
default settings when accessing these services could lead to sensitive data
being shared with a third-party.”
USING AI TOOLS SAFELY IN THE WORKPLACE
Individuals who use ChatGPT and other AI tools at work could unknowingly commit
copyright infringement, meaning their employer may be subjected to costly
lawsuits and fines.
Barry Stanton, partner and head of the employment and immigration team at law
firm Boyes Turner, explains: “Because ChatGPT generates documents produced from
information already stored and held on the internet, some of the material it
uses may inevitably be subject to copyright.
“The challenge – and risk – for businesses is that they may not know when
employees have infringed another’s copyright, because they can’t check the
information source.”
For businesses looking to experiment with AI in a safe and ethical manner, it’s
paramount that security and HR teams create and implement “very clear policies
specifying when, how and in what circumstances it can be used”.
Stanton says businesses could decide only to use AI “solely for internal
purposes” or “in limited external circumstances”. He adds: “When the business
has outlined these permissions, the IT security team needs to ensure that it
then, so far as technically possible, locks down any other use of ChatGPT.”
THE RISE OF COPYCAT CHATBOTS
With the hype surrounding ChatGPT and generative AI continuing to grow, cyber
criminals are taking advantage of this by creating copycat chatbots designed to
steal data from unsuspecting users.
Alex Hinchliffe, threat intelligence analyst at Unit 42, Palo Alto Networks,
says: “Some of these copycat chatbot applications use their own large language
models, while many claim to use the Chat GPT public API. However, these copycat
chatbots tend to be pale imitations of ChatGPT or simply malicious fronts to
gather sensitive or confidential data.
“The risk of serious incidents linked to these copycat apps is increased when
staff start experimenting with these programs on company data. It is also likely
that some of these copycat chatbots are manipulated to give wrong answers or
promote misleading information.”
To stay one step ahead of spoofed AI applications, Hinchliffe says users should
avoid opening ChatGPT-related emails or links that appear to be suspicious and
always access ChatGPT via OpenAI’s official website.
CISOs can also mitigate the risk imposed by fake AI services by only allowing
employees to access apps via legitimate websites, Hinchliffe recommends. They
should also educate employees on the implications of sharing confidential
information with AI chatbots.
Hinchliffe says CISOs particularly concerned about the data privacy implications
of ChatGPT should consider implementing software such as a cloud access service
broker (CASB).
“The key capabilities are having comprehensive app usage visibility for complete
monitoring of all software as a service (SaaS) usage activity, including
employee use of new and emerging generative AI apps that can put data at risk,”
he adds.
“Granular SaaS application controls mean allowing employee access to
business-critical applications, while limiting or blocking access to high-risk
apps like generative AI. And finally, consider advanced data security that uses
machine learning to classify data and detect and stop company secrets being
leaked to generative AI apps inadvertently.”
DATA RELIABILITY IMPLICATIONS
In addition to cyber security and copyright implications, another major flaw of
ChatGPT is the reliability of the data powering its algorithms. Ingrid
Verschuren, head of data strategy at Dow Jones, warns that even “minor flaws
will make outputs unreliable”.
She tells Computer Weekly: “As professionals look to leverage AI and chatbots
in the workplace, we are hearing growing concerns around auditability and
compliance. The application and implementation of these emerging technologies
therefore requires careful consideration – particularly when it comes to the
source and quality of the data used to train and feed the models.”
Generative AI applications scrape data from across the internet and use this
information to answer questions from users. But given that not every piece of
internet-based content is accurate, there’s a risk of apps like ChatGPT
spreading misinformation.
Verschuren believes the creators of generative AI software should ensure data is
only mined from “reputable, licensed and regularly updated sources” to tackle
misinformation. “This is why human expertise is so crucial – AI alone cannot
determine which sources to use and how to access them,” she adds.
“Our philosophy at Dow Jones is that AI is more valuable when combined with
human intelligence. We call this collaboration between machines and humans
'authentic intelligence', which combines the automation potential of the
technology with the wider decisive context that only a subject matter expert can
bring.”
USING CHATGPT RESPONSIBLY
Businesses allowing their staff to use ChatGPT and generative AI in the
workplace open themselves up to “significant legal, compliance, and security
considerations”, according to Craig Jones, vice president of security operations
at Ontinue.
However, he says there are a range of steps that firms can take to ensure their
employees use this technology responsibly and securely. The first is taking into
account data protection regulations.
“Organisations need to comply with regulations such as GDPR or CCPA. They should
implement robust data handling practices, including obtaining user consent,
minimising data collection, and encrypting sensitive information, “ he says.
“For example, a healthcare organisation utilising ChatGPT must handle patient
data in compliance with the Data Protection Act to protect patient privacy.”
Second, Jones urges businesses to consider intellectual property rights when it
comes to using ChatGPT. This is due to the fact that ChatGPT is essentially a
content generation tool. He recommends that firms “establish clear guidelines
regarding ownership and usage rights” for proprietary and copyrighted data.
“By defining ownership, organisations can prevent disputes and unauthorised use
of intellectual property. For instance, a media company using ChatGPT needs to
establish ownership of articles or creative works produced by the AI - this is
very much open to interpretation as is,” he says.
“In the context of legal proceedings, organisations may be required to produce
ChatGPT-generated content for e-discovery or legal hold purposes. Implementing
policies and procedures for data preservation and legal holds is crucial to meet
legal obligations. Organisations must ensure that the generated content is
discoverable and retained appropriately. For example, a company involved in a
lawsuit should have processes in place to retain and produce ChatGPT
conversations as part of the e-discovery process.”
READ MORE ABOUT GENERATIVE AI SAFETY
* How AI ethics is coming to the fore with generative AI - The hype around
ChatGPT and other large language models is driving more interest in AI and
putting ethical considerations surrounding their use to the fore.
* Generative AI – the next biggest cyber security threat? - Following the
launch of ChatGPT in November 2022, several reports have emerged that seek to
determine the impact of generative AI in cyber security.
* UK taskforce set to drive generative AI safety and opportunities - The
government has committed £100m to helping the UK develop and build out
generative artificial intelligence capabilities.
Something else to consider is the fact that AI tools often exhibit signs of bias
and discrimination, which can cause serious reputational and legal damage to
businesses using this software for customer service and hiring. But Jones says
there are several techniques businesses can adopt to tackle AI bias, such as
holding audits regularly and monitoring the responses provided by chatbots.
He adds: “In addition, organisations need to develop an approach to assessing
the output of ChatGPT, ensuring that experienced humans are in the loop to
determine the validity of the outputs. This becomes increasingly important if
the output of a ChatGPT-based process feeds into a subsequent automated stage.
In early adoption phases, we should look at ChatGPT as decision support as
opposed to the decision maker.”
Despite the security and legal implications of using ChatGPT at work, AI
technologies are still in their infancy and are here to stay. Jake Moore, global
cyber security advisor at ESET, concludes: “It must be reminded that we are
still in the very early stages of chatbots. But as time goes on, they will
supersede traditional search engines and become a part of life. The data
generated from our Google searches can be sporadic and generic, but chatbots are
already becoming more personal with the human-led conversations in order to seek
out more from us.”
READ MORE ON REGULATORY COMPLIANCE AND STANDARD REQUIREMENTS
* GENERATIVE AI: DATA PRIVACY, BACKUP AND COMPLIANCE
By: Stephen Pritchard
* BARD VS. CHATGPT: WHAT'S THE DIFFERENCE?
By: Amanda Hetler
* WHAT GENERATIVE AI'S RISE MEANS FOR THE CYBERSECURITY INDUSTRY
By: Alexander Culafi
* REINFORCEMENT LEARNING FROM HUMAN FEEDBACK (RLHF)
By: Andy Patrizio
Latest News
* OneWeb expands commercial service across Europe, US
* Next-generation mobile lands on Channel Islands with Jersey Telecom
* BlackCat gang claims cyber attack on Barts NHS Trust
* View All News
Download Computer Weekly
* In The Current Issue:
* Rishi Sunak calls for urgency in building out UK tech
* Keir Starmer calls for AI job loss discussion
* CTO interview: Europe benefits from energy gains in AMD chips
Download Current Issue
Latest Blog Posts
* SASE Delivery - Is A PoP always a PoP? What to look for... – Networks
Generation
* Top Of The SASE PoPs – Networks Generation
* View All Blogs
Related Content
* Bard vs. ChatGPT: What's the difference? – WhatIs.com
* 6 risks of ChatGPT in customer service – Customer Experience
* How to use ChatGPT for customer service – Customer Experience
Latest TechTarget resources
* CIO
* Security
* Networking
* Data Center
* Data Management
CIO
* Tech integration partnerships can help boost IT productivity
Enterprise Strategy Group's Doug Cahill discusses survey results that show
using integrated technologies from multiple vendors ...
* 8 blockchain-as-a-service providers to have on your radar
You don't have to build your blockchain project from the ground up. These
cloud-based service providers can provide the necessary...
* Ultimate guide to digital transformation for enterprise leaders
This in-depth guide explains what digital transformation is, why it is
important and how enterprises can successfully transition ...
Security
* TSMC partner breached by LockBit ransomware gang
A cyber attack against Chinese systems integrator Kinmax led to the theft of
TSMC proprietary data, which LockBit threatened to ...
* AI helps humans speed app modernization, improve security
Enterprises are looking at AI-driven approaches to help human teams modernize
and accelerate application development to refactor ...
* Quishing on the rise: How to prevent QR code phishing
A monthslong quishing campaign demonstrated how cybercriminals are using QR
codes to trick users. Here's what enterprise security...
Networking
* Prosimo offers free multi-cloud connectivity
The new MCN Foundation can find and connect to public clouds and provide
visibility. The company's full-stack product powers the ...
* Cisco to add SamKnows broadband visibility to ThousandEyes
SamKnows data in ThousandEyes will let enterprises monitor the broadband
connections of employees working from home. The ...
* 10 edge computing quiz questions
Edge computing isn't new, but it has grown in popularity due to 5G and the
influx of IoT devices. This quiz covers edge computing...
Data Center
* Reimaging, innovating, securing cloud-native at SUSECON 2023
At SUSECON 2023, SUSE announced cloud-native AI-based observability with Opni
and alluded to more announcements this year. ...
* Data center tiers and why they matter for uptime
Organizations should consider data center tiers of colocation providers or
for their own data centers based on their uptime needs...
* Explore Red Hat's bring-your-own-subscription model for RHEL
Many organizations use pay-as-you-go models with public cloud providers to
run their Red Hat products in the cloud. Explore how ...
Data Management
* Grow data trust to avoid customer and corporate consequences
A lack of data trust can undermine customer loyalty and corporate success. To
avoid the consequences, understand the effects of ...
* Databricks introduces Delta Lake 3.0 to help unify data
As part of the open source community developing the data storage platform,
the vendor unveiled the platform's latest iteration ...
* Use knowledge graphs with databases to uncover new insights
Knowledge graphs work with graph databases to offer different data storage
options than a traditional database, particularly in ...
* About Us
* Editorial Ethics Policy
* Meet The Editors
* Contact Us
* Our Use of Cookies
* Advertisers
* Business Partners
* Media Kit
* Corporate Site
* Contributors
* Reprints
* Answers
* E-Products
* Events
* In Depth
* Guides
* Opinions
* Quizzes
* Photo Stories
* Tips
* Tutorials
* Videos
* Computer Weekly Topics
All Rights Reserved, Copyright 2000 - 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
Close