Ensuring Data Privacy with Customer Experience Software

HubSpot just released their Deep Research Connector with ChatGPT and I am seeing a lot of posts about concerns with data privacy. Here's my cautiously optimistic outlook: To start on a positive note, HubSpot explicitly states that customer data is NOT used for AI training within ChatGPT when using this connector. In fact, both HubSpot and OpenAI have put policies in place to safeguard this. OpenAI's Stance: For paid plans OpenAI does not use your business data (inputs or outputs) to train their models by default. Your data is encrypted both at rest and in transit. HubSpot's Stance: While HubSpot can use your data to develop their own Breeze AI features (with an opt-out available), for this specific connector with ChatGPT, the commitment is no data usage for OpenAI's model training. That being said, we’ve seen instances before where so-called “protected” data was later revealed by an AI chatbot. So, what should you still be mindful of? 1. Data Usage vs. Model Training: Even though data isn't used for training, it is being processed by ChatGPT to answer our queries. This means data is temporarily in OpenAI's environment. While they have strong security protocols, it's good to understand the exact processing and retention specifics—which are usually covered in their enterprise agreements—before giving it access to sensitive customer data via the connector. 2. HubSpot Permissions: The connector only has access to the data the user who set it up is permitted to see within HubSpot, which is a critical layer of control...unless every user in your portal is a Super-Admin. If someone has broad access in HubSpot, they will have broad access via the connector. So, robust internal access management is super important. While no system is foolproof, the explicit commitment from both HubSpot and OpenAI not to use our CRM data for general model training should at least give you some air cover for sensitive data conversations. Personally, I think the data privacy ship sailed long ago and, whether it is stored in HubSpot’s servers or OpenAIs, there is always a significant risk of a data leak. It’s just a part of operating in a technology-driven world. You should exercise sound judgement and take proactive steps to improve your data security, but if you completely avoid the use of AI for fear of what will happen to your data, you are going to fall behind your competition. AI can be a powerful tool, and with careful usage and good internal data governance, go-to-market teams can use it to gain a ton of value from it. --- I just shared 6 go-to-market use cases for HubSpot's Deep Research connector—including sample prompts—covering marketing, sales, and RevOps in my latest #Hubsessed newsletter. Check it out at the link under my name at the top of this post.

SAP Customer Data security when using 3rd party LLM's SAP ensures the security of customer data when using third-party large language models (LLMs) through a combination of robust technical measures, strict data privacy policies, and adherence to ethical guidelines. Here are the key strategies SAP employs: 1️⃣ Data Anonymization ↳ SAP uses data anonymization techniques to protect sensitive information. ↳ The CAP LLM Plugin, for example, leverages SAP HANA Cloud's anonymization capabilities to remove or alter personally identifiable information (PII) from datasets before they are processed by LLMs. ↳ This ensures that individual privacy is maintained while preserving the business context of the data. 2️⃣ No Sharing of Data with Third-Party LLM Providers ↳ SAP's AI ethics policy explicitly states that they do not share customer data with third-party LLM providers for the purpose of training their models. ↳ This ensures that customer data remains secure and confidential within SAP's ecosystem. 3️⃣ Technical and Organizational Measures (TOMs) ↳ SAP constantly improves upon its Technical and Organizational Measures (TOMs) to protect customer data against unauthorized access, changes, or deletions. ↳ These measures include encryption, access controls, and regular security audits to ensure compliance with global data protection laws. 4️⃣ Compliance with Global Data Protection Laws ↳ SAP adheres to various global data protection regulations, such as GDPR, CCPA, and others. ↳ They have implemented a Data Protection Management System (DPMS) to ensure compliance with these laws and to protect the fundamental rights of individuals whose data is processed by SAP. 5️⃣ Ethical AI Development ↳ SAP's AI ethics policy emphasizes the importance of data protection and privacy. They follow the 10 guiding principles of the UNESCO ↳ Recommendation on the Ethics of Artificial Intelligence, which include privacy, human oversight, and transparency. ↳ This ethical framework governs the development and deployment of AI solutions, ensuring that customer data is handled responsibly. 6️⃣ Security Governance and Risk Management ↳ SAP employs a risk-based methodology to support planning, mitigation, and countermeasures against potential threats. ↳ They integrate security into every aspect of their operations, from development to deployment, following industry standards like NIST and ISO. SAP ensures the security of customer data when using third-party LLMs through data anonymization, strict data sharing policies, robust technical measures, compliance with global data protection laws, ethical AI development, and comprehensive security governance. #sap #saptraining #zarantech #AI #LLM #DataSecurity #india #usa #technology Disclaimer: Image generated using AI tool.

"How should I think about the security and privacy of customer data if I use ChatGPT in my product?" We get this question a lot at Vanta. If you’re planning to integrate a commercial LLM into your product, treat it like you would any other vendor you’re onboarding. The key is making sure the vendor will be a good steward of your data. That means: 1. Make sure you understand what the vendor does with your (= your customers'!) data and whether it may train new models. Broadly speaking, you don't want this, because in the process of training a new model, one customer's data may show up for another customer. 2. Remember that if your LLM vendor gets breached, it's leaking your customers' data, and you'll need to let customers know. In my experience, your customers are unlikely to care that it was another provider's "fault" – they gave the data to you. As with any other vendor, you'll want to convince yourself that your LLM vendor is trustworthy. However, if you’re using the free version of ChatGPT (or any free tool), you might not be able to get the same contractural assurance or even be able to get specific questions answered by a person (not, you know, an LLM-powered chatbot.) In those cases, we recommend: 1. Adjusting settings to ensure your data are not shared or used to train models. 2. Even them, understand there's no contractural guarantee. We recommend keeping confidential, personal, customer, or private company data out of free service providers for this reason. As ever, ymmv. Matt Cooper and Rob Picard recently hosted a webinar, answering common questions about AI, security, and compliance. Link in comments if you're curious for more.