Artificial Intelligence (AI) is transforming businesses across all sectors, offering enhanced efficiency, analytics, and decision-making capabilities. However, alongside these benefits come considerable risks, particularly when sensitive and confidential business information becomes unintentionally public. Companies must understand these risks and adopt clear, legally robust AI policies and procedures to mitigate them effectively.
Understanding AI Risks and Confidentiality Exposure:
The fundamental risk associated with using AI, especially open systems, is the inadvertent exposure of confidential information. Many AI platforms (particularly the free platforms) operate by scraping the Internet, including data input by platform users, absorbing data into vast "data lakes," subsequently using that data for machine learning purposes and to expand its “knowledge.” This practice could render “confidential” information publicly accessible or at least indirectly discoverable, significantly undermining trade secret protection and confidentiality obligations. A recent example is the lawsuit Doe v. OpenAI LP, No. 23-CV-01346 (N.D. Cal. 2023), where plaintiffs alleged unauthorized use and public exposure of personal and proprietary data. Such cases highlight the necessity of proactive measures to prevent unintended disclosures.
Can Incorporating AI Provisions in NDAs and Commercial Contracts Help?
Yes. Addressing AI usage in Non-Disclosure Agreements (NDAs) and other commercial contracts involving confidential information can avoid any doubt about the impact of using AI and can educate those who might otherwise accidentally expose your confidential of proprietary information to AI due to a simple lack of understanding. Such contractual provisions should define acceptable use parameters for confidential or proprietary information in and with AI platforms. The American Bar Association emphasizes that companies should explicitly delineate data protection standards, usage restrictions, and clarify ownership of any derivative data or insights produced by AI within their commercial agreements (ABA Journal, "Navigating Legal Risks in Artificial Intelligence," 2023).
What is the Difference Between Closed vs. Open AI Systems?
Open AI systems continuously integrate into their broader datasets all data input by users. Such a system puts the confidentiality of all such data at great risk. Closed systems typically do not incorporate user data into their machine learning models outside of the users specific usage. Instead, they rely solely on predefined external data sources, thus maintaining higher levels of data confidentiality and privilege.
Why is are AI Policies and Procedures Essential?
Developing comprehensive AI policies and procedures is a necessity to: identify permissible AI platforms; clarify the scope/limits on the use such platform(s); provide guidance on handling confidential information; and provide a chain of command to address any open questions or issues as they arise. Failure to adopt and implement clear guidelines could lead to costly litigation and irreparable reputational harm.
If you have any questions about this article, the use of AI in your business, how to protect your confidential or proprietary information against AI, or in the development and implementation of sound AI usage policies and procedures, please contact Michael J. Feldman, Esq. ( or 908-964-2486) or Niharika Reddy, Esq. ( or 908-743-9297).
