DATA vs DATA

Introduction

With the advent of Generative AI and the explosion of data generated by large language models (LLMs), it is time to revisit the data frameworks that the industry has established to ensure data quality, privacy, compliance, and ownership.

For the sake of argument, let us refer to?

• User-generated data as UGD?
• Generative AI-generated data as GGD.

UGD World?

With UGD, data management is a complex process involving the handling of data from various sources to multiple destinations, incorporating both simple and complex transformations along the way. We ensure data quality through continuous observability, maintaining completeness, comprehensiveness, consistency, and accuracy - at a minimum.

We collaborate with privacy and security teams to understand data classifications and the relevant regulations for Personal Identifiable Information(PII), confidential data, and internal data. These regulations and policies are implemented on both data in motion and data at rest. Role-based access control (RBAC) is adopted to regulate data access based on user roles.

In all enterprises dealing with UGD, emphasis is placed on training data teams, consumers, producers of data about data security and data privacy. This training is supplemented with regular internal audits and scheduled external audits to ascertain responsible data management. Ultimately, data ownership means managing UGD diligently and securely, in compliance with GDPR and other data security and privacy regulations.

GGD World?

Now, let’s explore the world of Generative AI-generated Data (GGD). This domain is similar to the wild west, full of untapped potential and emerging challenges. I categorize GGD into four main sections.

1. Training Data - This is the raw data that is used to train the Large Language Models (LLM). This data is obtained by scraping the public internet and is stored in huge data repositories owned by the organizations who build the LLMs. Presumably these same organizations are taking the necessary steps to comply with General Data Protection Regulation (GDPR) and Privacy laws.?
2. Tokens - Tokens are the processed units derived from the raw training data, as described above. Each large language model (LLM) has tens of thousands of unique tokens, which collectively form its vocabulary. These tokens can be words, subwords, or characters. Regardless of their form, tokens are considered data—in this case, derived data.?How do we guarantee compliance of these tokens (aka data) against data security and privacy laws as discussed above?
3. Generated responses by LLMs - This is the set of multimodal data that is generated? by the large language models in response to prompts. There are many questions that come to mind. Who owns the data and the data management responsibility? If generated data (say an image) is used by an enterprise, is it a violation of copyright law?
4. Synthetic Data - With limitations on annotated data, synthetic data is essential for training, generating rare "black swan" events, adding diversity, and removing biases. It is ideal for testing and experimenting with future scenarios due to its cost-effectiveness and efficiency. Soon, enterprises will routinely use synthetic data to supplement training datasets, conduct A/B testing, and create fair and balanced datasets. However, this raises complex questions about privacy and regulatory compliance. I am personally a strong advocate for synthetic data, but its use must be carefully managed to address these concerns. For synthetic data, how do we explain data ownership, define data lineage, classify data and take measures so that synthetic data does not inadvertently reveal real personal information?

As a Data Leader with many years of experience handling user-generated data (UGD), I am now trying to understand the new world of Generative AI-generated Data (GGD) with the same data governance mindset. I realize that this comparison isn't entirely straightforward, even though UGD and GGD may appear similar in look and feel. If any of you reading this are also seeking answers or have already solved part of the puzzle, please DM me. I would love to learn from your experiences and contribute to the discussion.

Fun Fact: The article is UGD and the image above is GGD

#data #security #data privacy #data compliance

?