Dirk-Jan van Veen
April 19, 2024
Many enterprises want to use large language models, and for good reason. They are a powerful tool that can help with many mundane language tasks. Such as classifying emails, answering questions, processing documents, generating reports, translating files, taking meeting notes, and many more.
However, many managers hit data privacy roadblocks when they want to start AI initiatives in their company. In this article, I’ll try to clear some of the fog surrounding some of the data concerns.
1. Proprietary Data and Trade Secrets
Many large enterprises have a unique advantage when harnessing AI. They sit on a pile of proprietary data that can be a key competitive advantage. Of course, you wouldn’t want those data sets to be leaked and you lose your edge. Or that sensitive information is revealed and it affects deals or other business conduct.
2. Not Violating Data Handling Laws
Companies are required to exercise a certain level of care with regard to handling personal data. If you plan on using LLMs in conjunction with personal data and you are operating in the EU, you will need to comply with GDPR (General Data Protection Regulation).
3. Not Violating Data Residency Laws
Some types of data are considered so sensitive that governments require that they are not only handled with utmost care but also that the data are stored inside their territory. If you are holding large amounts of financial or health data of the citizenry, data residency likely applies to you. In this case, you will need to talk to your cloud provider where their servers are located or run them on your own servers (more on that later).
So, how can your data be at risk?
1. Classical Cyber Security
When your data flows through another company’s servers, you trust that they have good cyber security conduct and that the risk of them getting hacked is low. This applies to all software vendors. Certifications like SOC2 or ISO27001 indicate that an organization adheres to specific standards for managing and protecting data.
2. Becoming Part of a Training Set
When you send your data to an LLM provider, you don’t want your data to become part of a training set (the data set used to train a new AI model). If your data was part of the training set, the users of that model may now be able to access it. For example, let’s say my address (12 Sesame St, 34567, San Francisco, CA) is in the training set.
Example of Data Leak through Training Set
User: 'Create a label for a shoe parcel delivery'
Assistant: 'Certainly, Here you go!To: Dirk Jan van VeenAddress: 12 Sesame StZip: 34567City/State: San Francisco, CA
Fortunately, many LLM applications don’t require access to personal data and are used for other purposes.
Ok. So what are my options?
1. Getting LLM responses through an API
This is the simplest option and similar to using other cloud software services. Many LLM providers have pledged not to use any of the data passed through their API for training purposes, and they are also certified to handle data with care. For many use cases, this is sufficient.Some ways to further minimize the risks would be to:
2. Private Cloud
Enterprises can buy space in a data center that is dedicated to them and not shared with other customers, for example, by using Azure OpenAI Service or Google Vertex AI. This will satisfy more stringent regulations and give you more control over your servers, but it saves you the hassle of setting up your own data center and hiring technicians.
3. On-Premise Solutions
This means training your model and buying your own servers to run them on. This is when you do not want to leave anything to chance, or you need to satisfy very stringent regulations or data residency requirements.
Author: Dr. Dirk-Jan van Veen
keywords: Large Language Models, Enterprise AI Solutions, Data Privacy in AI, AI and GDPR Compliance, LLM in Business, AI Data Security, Machine Learning in Enterprises, AI for Document Processing, Artificial Intelligence Ethics, Cybersecurity in AI Initiatives, AI Data Handling Laws, AI and Data Residency, Enterprise AI Applications, AI for Email Classification, AI in Customer Service, Secure AI Deployment, AI Training Data Privacy, Personal Data Protection in AI, AI Regulatory Compliance, AI and Proprietary Data.
