ChatGPT, Large Language Models (LLMs), and Data Privacy: What businesses need to know now!

Welcome to "The Data Privacy Advantage Newsletter" which will be a monthly resource hub of practical information, advice, and content that will help organizations make Data Privacy a business advantage.

ChatGPT, Large Language Models (LLMs), and Data Privacy: What businesses need to know now!

ChatGPT , a general-purpose (AI) Large Language Model (LLM) created by OpenAI , is capable of?performing a wide range of digital tasks and has taken the world by storm.?The chatbot allows anyone to ask questions and receive responses using natural language.?Since the release of this chatbot to the public in November 2022, ChatGPT now has over 100 million users and has received over 1 billion visits to the site. As AI progresses, businesses are leveraging the power of LLMs such as OpenAI's ChatGPT to automate tasks, create virtual assistants, improve customer service, create documents, and generate content. While LLMs, like ChatGPT, offer significant benefits, they pose unique challenges to Data Privacy. There are three key points businesses must consider ensuring they maintain Data Privacy while utilizing LLMs:

• Avoid adding sensitive and confidential information to LLMs
• Secure your internet-exposed data to avoid ingestion into LLMs
• Be aware of legal obligations that apply to third-party uses of LLMs

Avoid adding sensitive and confidential information to LLMs

LLMs like ChatGPT are trained on vast amounts of publicly available text data, including websites, books, and articles. However, this means that any sensitive information inadvertently exposed to the Internet may be incorporated into the LLM's training data. Consequently, businesses must be diligent in keeping confidential information out of LLMs.

To prevent sensitive data from being absorbed by LLMs, businesses should:

• Implement strict data access and sharing policies for employees and partners. Only authorized personnel should be allowed to access sensitive information, which should never be shared publicly or in unsecured channels.
• Use data anonymization techniques when sharing data with third parties, such as replacing personally identifiable information (PII) with pseudonyms or aggregation.
• Avoid using LLMs to process sensitive data, as the outputs generated by these models may inadvertently reveal confidential information. Instead, consider utilizing specialized privacy-preserving AI solutions designed to handle sensitive data.

Secure your Internet-exposed data to avoid ingestion into LLMs

LLMs may inadvertently ingest sensitive information that businesses unintentionally expose to the Internet based on how LLMs gather data from the Internet.?

To mitigate this risk, businesses should take the following steps to secure their Internet-exposed data:

• Regularly audit and monitor public-facing websites and applications for vulnerabilities and accidental data exposure. Remediate any discovered issues promptly.
• Implement strong authentication and access control measures for all web applications, especially those containing sensitive information. This includes multi-factor authentication, role-based access control, and single sign-on solutions.
• Use encryption for data in transit and at rest. This ensures that even if sensitive information is accidentally exposed, it is unlikely to be useful to unauthorized parties or ingested by LLMs.
• Monitor third-party services and platforms that host or process your data. Ensure they maintain appropriate security measures and have a track record of protecting sensitive information.

Be aware of legal obligations that apply to third-party uses of LLMs

Businesses must also be aware of the legal implications of using LLMs, as they may be subject to various privacy regulations depending on their location and industry.?

Some key legal obligations to consider include the following:

• Complying with data protection laws, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the AI Act in the European Union, and the California Consumer Privacy Act (CCPA) in the United States. These regulations mandate strict data handling practices, including obtaining user consent, providing transparency, and allowing users to access, correct, or delete their data.
• Adhering to industry-specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare or the Payment Card Industry Data Security Standard (PCI DSS) for payment processing. These regulations impose additional requirements on businesses to protect sensitive information and may also limit the use of LLMs in certain contexts.
• Ensuring that third-party AI vendors, including LLM providers, comply with applicable privacy regulations. This includes conducting due diligence when selecting vendors, reviewing their privacy policies, terms of service, and data practices, and including data protection clauses in contracts and agreements.
• Developing comprehensive Data Privacy Impact Assessments (DPIAs) when implementing LLMs. This assessment should identify and evaluate the potential risks associated with using LLMs and outline the necessary steps to mitigate those risks.
• Training employees on Data Privacy best practices and the responsible use of LLMs. Staff members must understand these AI technologies' potential risks and legal obligations.
• Maintaining an incident response plan to address potential data breaches or privacy violations. This plan should include clear procedures for reporting and investigating incidents and steps to remediate and notify affected parties, as required by law.

As businesses embark upon new ways of leveraging technologies, businesses must always be vigilant in safeguarding sensitive and confidential information while utilizing the benefits of LLMs like ChatGPT. By implementing robust data access and sharing policies, securing internet-exposed data, and staying informed about legal obligations, organizations can harness the power of LLMs without compromising Data Privacy. By doing so, businesses can enjoy the benefits of leveraging new technologies like LLMs while making Data Privacy a Business Advantage.

Do you need Data Privacy Advisory Services? Schedule a 15-minute meeting with Debbie Reynolds the Data Diva.

The Pact Data Privacy Trust Framework

Debbie Reynolds, "The Data Diva," launched the PACT "Data Privacy" Trust Framework & Scorecard. This Framework can evaluate regulatory and business risk and the Trust of individuals around "Data Privacy". This is a gut check for organizations of all sizes to rate and triage their "Data Privacy" challenges. This Framework addresses Purpose, Alignment, Context, and Transparency.?Watch this video to learn the basics as Debbie Reynolds explains the PACT Data Privacy Trust Framework & Scorecard in 6 minutes.

Download our four-page PACT Framework Document here

Visit our website to learn more about the?PACT Data Privacy Trust Framework & Scorecard.

Do you need a Data +Privacy +Technology Workshop? Here are the top ten most requested Data Privacy Workshops for 2023:

1. Generative AI and the Future of Cybersecurity and Data Privacy in the Enterprise
2. Understanding Digital Assets: An Introduction to Cybersecurity and Data Privacy Concerns for Business
3. Web 3.0 and the Evolving Landscape of Cybersecurity and Data Privacy for Businesses
4. The Importance of Data Literacy in the Era of Cybersecurity and "Data Privacy"
5. Navigating the Landscape of Emerging Data Types: Key Cybersecurity and Data Privacy Insights for Businesses
6. Future Threats to Cybersecurity and Data Privacy: The importance of Post-Quantum Cryptography for Businesses
7. Navigating the Cybersecurity and Privacy Challenges of the Internet of Things
8. Navigating the Cybersecurity and Data Privacy Implications of Facial Recognition and Other Biometric Technologies
9. Navigating the Cybersecurity and Data Privacy Implications of the Metaverse: A Business Guide to Virtual and Augmented Reality
10. The Five Fundamentals of Data Privacy and Data Protection Regulations

Each 120-minute workshop structure includes:

• Introduction and overview (10 minutes)
• ?Three poll questions (5 minutes)
• ?Part A - Main presentation (35 minutes)
• ?Part A - Breakout group activity Case Study Scenario #1 (10 minutes)
• ?Part B - Main presentation (35 minutes)
• ?Part B - Breakout group activity - Case Study Scenario #2 (10 minutes)
• ?Question & Answer?- group discussion and wrap-up (15 minutes)

Materials Provided:

• Presentation Materials (PDF)
• Take Away Checklist (PDF)
• List of Additional Resources (PDF)

Do you need a workshop? Schedule a 15-minute meeting with Debbie Reynolds the Data Diva to discuss your needs.

Did you know that the Data Diva Talks Privacy Podcast has listeners in 79 countries and is ranked globally in the top 5% of podcasts? Here are more of our accolades:

• #1?Data Privacy Podcast worldwide 2021/ 2022 (Privacy Plan)
• Top 5 Best Privacy Podcasts 2021 (Podchaser)
• 10 Best Top 10 Data Privacy Podcasts by DataTechvibe in 2022
• 12 Best Privacy Podcasts for 2023 (RadarFirst)
• 14 Best Privacy Podcasts To Listen To In This Digital Age?(bCast)
• 20 Best Data Rights Podcasts of 2021 (Threat Technology Magazine)
• 20 Best Data Privacy Rights & Data Protection Podcast of 2021 (Welp Magazine)
• 20 Best Data Breach Podcasts of 2021 (Threat Technology Magazine)
• Best Data Privacy Podcasts 2022 (Player FM)
• Top 50 in Business and Management 2022 (Apple Podcasts)
• Top 10% in weekly Downloads 2023 (The Podcast Host)
• Top 5% of 3 million + globally ranked podcasts of 2022 (ListenNotes)

• Watch a video short of our podcast of Tuesday, April 25, 2023, The Data Diva E129 - Tharishni Arumugam , Global Privacy Technology & Operations Director,? Aon . Here is a sneak preview of our Data Diva Podcast guests:

• Tuesday, April 4, 2023-?The Data Diva E126 - Roberto L. López-Dávila , Legal Advisor, General Court Of Justice of Puerto Rico
• Tuesday, April 11, 2023 -?The Data Diva E127 - SCOTT TAYLOR , The Data Whisperer, and Principal Consultant, MetaMeta Consulting
• Tuesday, April 18, 2023, The Data Diva E128 - Garrison Ross, Sr. Data Privacy Consultant,?Founder?and Advocate,?Data Engineering
• Tuesday, April 25, 2023, The Data Diva E129 - Tharishni Arumugam , Global Privacy Technology & Operations Director,? Aon

Don't miss the new weekly episodes of?"The Data Diva" Talks Privacy Podcast, so listen and subscribe. Do you have an interesting view of Data Privacy or Technology that you want to share with the world? Become a sponsor of a Data Diva Podcast Episode. Contact us about the benefits of being a guest on our podcast and sponsoring a podcast episode.

Want to sponsor a Podcast episode to reach a broader audience? Schedule a 15-minute meeting with Debbie Reynolds the Data Diva.

Do you need a Data Diva Exclusive? Courtesy of Data Diva Media and "The Data Diva" in cooperation with the generous supporters of our podcast, I am happy to share some valuable exclusives with our newsletter subscribers.

Many thanks to our Podcast sponsor Safeguard Privacy for offering a "Data Diva" exclusive offer! Get 15% off the first year of?Safeguard Privacy?compliance software using the code: DATADIVA15%

Congratulations to our September Podcast Guest,?The Data Diva E97?-?Prashant Mahajan, Co-Founder & CTO,?Privado, for Privado's recently announced raising of?$17.5M?funding?led by?Insight Partners,?Sequoia India,?Emergent Ventures, and?Together Fund.?The Data Diva is a proud supporter of Privado, and I am thrilled to see its continued success. Privado bridges the gap between Privacy and Engineering by giving Privacy teams real-time visibility into engineering systems. Privado helps protect privacy by detecting privacy issues before the software changes or new products are shipped.

Courtesy of?August 2022 Data Diva Podcast Guest Gal Ringel?and Mine PrivacyOps, we are pleased to offer an exclusive discount to organizations. Thank you to our sponsor Mine Privacy Ops, The first platform dedicated to handling Data Privacy operations while placing consumers and user experience at the center. #1 highest-rated Data Privacy Management Software, the #1 highest-rated DSR/DSAR Software, as well as the #1 highest-rated Sensitive Data Discover Software in the industry on G2, the leading business software and services reviews platform. Use Mine PrivacyOps as your organization's Data Privacy management solution and receive a 20% discount on DSR, Data Mapping, and ROPA modules.

*To get the discount, contact [email protected] and add?Datadiva20 to the subject line.

Do you want complimentary access to a world-class course on Privacy Engineering?

Join our podcast?Data Diva Podcast alumni guest for episode 71,?Nishant Bhajaria, the head of privacy engineering at Uber and formerly with Google, Nike, Netflix, and Intel for the premier Privacy Engineering course. This offer is from?Data Protocol, The Developer Education Platform: EXCLUSIVE FOR DATA DIVA FANS: You know it’s true. In tough times, belts get tightened, and corners get cut. It’s easy to deprioritize privacy. But we can’t afford that.?We need to stop thinking about privacy as compliance. We need to start thinking about privacy as performance. We need to invest in leveling up our teams and empowering them with privacy engineering tools.?I recently learned that former Data Diva guest and overall privacy engineering badass, Nishant Bhajaria, has partnered with developer education platform, Data Protocol, to create the first widely available privacy engineering certification program for developers. I saw it, and trust me – Wow.?Data Diva fans have complimentary access to the courses.

Get data books at Technics PublicationsTechnics Publications?has graciously offered a Data Diva Promotion. Anyone who uses the coupon code?TheDataDiva?receives 20% off. The Promotional code is good for all books on the website with the exception of DMBOK books. Visit the?Technics Publications?website now to take advantage of this offer.

Need a publication discount on Data Privacy books and digital products?Purchase any products (including Data Privacy books) from the?Manning Publications?website, and you can use?The Data Diva's permanent 35% discount code (good for all our products in all formats) using the following code at checkout: poddatadiva22

Need a VPN, Internet Controls, and Virus Protection??Data Diva Podcast alumni guest for episode 60,?Brad Hawkins, and CEO of?SaferNet?has a special offer!?SaferNet provides a very easy-to-use 3-in-1 device-level Cyber Safety protection solution, including an award-winning VPN, Internet Controls, and Virus Protection. SaferNet is ideal for individuals and small to medium-sized businesses who want reliable data protection. The Data Diva herself loves the product!?Go to?https://www.safernet.com/?and buy an annual SafeNet plan for 25% off, which can be paid monthly or annually using the case-sensitive code:?datadiva

Need a Privacy-Friendly Internet Browser extension??Data Diva Podcast alumni guest for episode 28,?Kelly Finnerty, Director of Brand and Content at Startpage, has a special offer! If you are looking for more control over your Data Privacy and less behavioral tracking while surfing the Internet, look no further.?

Install?Startpage?Privacy Protection Extension for Chrome and Firefox:?Install the link here

See our recently featured five-minute videos on Data Privacy from The Data Diva

• Data Privacy AI And ChatGPT
• Data Privacy And Identity Resolution
• Data Privacy And Interoperable Spatial Mapping
• Data Privacy And The EU Microsoft Data Boundaries

Do you want to see more original video content on emerging Data Privacy topics? Subscribe to our?YouTube channel?to get notified about each week's new video.

Many thanks to the press organizations and reporters who seek my commentary on important events around "Data Privacy". Also, here are links to some of my other media collaborations. Here is a collection of a few of my 2023 media mentions and collaborations:

• Many thanks to Tonal Carreras for his review of the Privacy Pros Podcast interview with Debbie Reynolds and Jamal Ahmed
• Many thanks to Ketch for inviting me to speak at the Chicago "Privacy Matters" Dinner and Cindy's. It was a blast!
• Debbie Reynolds "The Data Diva" spoke on a webinar called "Women and Digital Privacy: Protecting Health Data Post-Roe" with Kayte Spector-Bagdady , Interim Co-Director at the Center for Bioethics and Social Sciences in Medicine and an Assistant Professor of Obstetrics and Gynecology at the University of Michigan Medical School, and Sara Jacobs, Congresswoman for California's 51st Congressional District. Sponsor of the My Body, My Data Act and the Secure Access for Essential Reproductive (SAFER) Health Act

For a full list of media mentions, please see our?website media mention section.

Need a Keynote Speaker on "Data Privacy", Data Protection, and Technology issues? View our?keynote speaker page?for popular talks and topics. Ready to speak to "The Data Diva" about your speaking event? Fill out our speaker request form and?Schedule a call now.

Do you need more Data Diva Events?

• Join Debbie Reynolds "The Data Diva" at the Chicago SOLID Summit of Legal Innovation and Disruption event sponsored by The Cowen Group on April 13, 2023. Register here to attend in person.
• Join Debbie Reynolds "The Data Diva" at The Master's Conference Legal Chicago on April 25, 2023, to discuss the Global Data Privacy Landscape. Register here to attend in person.
• Join Debbie Reynolds “The Data Diva”?and?Leonard Lee, the Executive Analyst & Founder of?neXT Curve?for a new 20-minute video series called "The State of Privacy and Trust".?We will regularly address the critical topics related to?#privacy?and the growing concerns regarding?#trust?that is challenging every aspect of our society and lives.?See the latest video called, "What is Safe & Responsible Use of Generative AI?" Subscribe to the neXT Curve YouTube Channel to get notified when new episodes are posted.

Want to know where "The Data Diva" is speaking next? Please see our?Events?page for upcoming speaking engagements.

#privacy?#cybersecurity?#topexperts?#datadiva?#dataprivacy

Please join?Debbie Reynolds?“The Data Diva” on?Tuesday, April 18, 2023, and Wednesday, April 19, 2023, from 11:00 a.m. until 5:00 p.m., Eastern Time each day for an open-to-the-public virtual meeting of the 16-member Internet of Things Advisory Board (IoTAB) appointed by the?U.S. Department of Commerce?(USDOC) and The?National Institute of Standards and Technology (NIST).?

All meetings of the IoTAB will be open to the public. A registration page is available for the April meeting sessions (see the link below). An agenda will be provided once it has been finalized; the overall scope of the agenda will be approximately:

?? Board Introductions and Member Activities

?? Overview of the charter, scope, and expectations

??Overview of legislation creating the IoT Advisory Board

??Framework proposals for recommendations report

??Advisory Board member statements on challenges and barriers to IoT technology adoption

??Discussion of topics raised in member statements

??Outside speakers on challenges and barriers to IoT adoption

??Public Comment

??Board Discussion on Recommendations.

To register to attend the virtual event or in person on one or both days register here:?https://nist-secure.webex.com/webappng/sites/nist-secure/webinar/webinarSeries/register/20c4eb5a75e44cde82e50105a942ebab

IoTAB April 18 & 19, 2023 Meeting

April 11, 2023, 5:00 PM – deadline for requesting to speak to the IoT Advisory Board at the April Meeting

April 12, 2023 – deadline for in-person registration for the IoT Advisory Board Meeting (limit of 50 registered attendees) – email Barbara Cuthill ([email protected]) with your name, email, affiliation, and if you are a US citizen. (As a Federal facility, we have to record additional information for non-US citizens.)

To email public comments for consideration by the IoTAB, please email Barbara Cuthill, The IoT Advisory Board Secretariat prior to the meeting by April 11, 2023, at 5:00 p.m. EST. by 5:00 pm Eastern time at?[email protected]

• Individuals who submit comments may have an opportunity (on a first-come, first-served basis) to present and discuss them at the meeting during the afternoon of the April 19th, 2023 meeting session (presenters will be limited to 5 minutes each). The public is also invited to send written statements for the board’s consideration at any time; however, such statements will not be presented at the meeting. More information regarding comments and written statements are published in the Federal Register Notice.

Data Diva Media is a media production operation providing?world-class video and podcast editing services.

Our Media Services include:

• Audio & Video Equipment Consultation
• Audio Or Video Podcast Show Production
• Podcast Episode Production Packages
• Launch Podcast, Hosting Website, And Audio Content Syndication
• Audio Podcast Episode Uploading And Formatting For Podcast Syndication?(Monthly)

Ready to start your media project with "Data Diva" Media? Visit our?Data Diva Media Website Page?for more details and to schedule a meeting with the"Data Diva" Talks Privacy Podcast

Our LinkTree

• Want to see all the relevant links for Debbie Reynolds Consulting? See our?LinkTree.
• All content is courtesy of?Debbie Reynolds Consulting?and "Data Diva" Media
• Subscribe to our company?newsletter?for more exclusives.