Five Things Business Owners Need To Know About Confidentiality And AI Tools

1. Beware the perils of AI and social media: Unintentional cyber breaches are likely to rise this year, thanks to the proliferation of tools like ChatGPT and AI search. Users inputting confidential data into AI prompts may be unaware that they are inadvertently revealing confidential information which may then enter the public domain. Alana Muir, Head of Cyber at Hiscox, says: “Confidentiality breaches can stem from anywhere, including social media and AI tools. We’re recommending business owners alert employees to these risks and put in place policies and procedures to safeguard confidential company and staff data.”

2. Confidentiality agreements have limitations: Non-Disclosure Agreements (NDAs) can be legitimately used to protect commercially sensitive information, and for preventing information being shared with competitors. However, they do not give employers carte blanche to do as they please. Agreements must be lawful and need to be written clearly and in plain English. Measures have recently been put in place to prevent the misuse of NDAs in situations of workplace harassment or discrimination. They cannot be used to cover-up criminal acts in the workplace, including sexual harassment, assault, and racist discrimination, and must not be used to prevent employees from speaking out against workplace wrongdoings.

3. Data Protection Regulations: Huge General Data Protection Regulation (GDPR) changes came into force in 2018, applying to all businesses trading in Europe. The obligations for small businesses are less onerous than for larger companies but all organisations must comply with core GDPR principles: obtaining lawful basis for processing personal data, informing individuals about the collection and use of their data, and putting into place appropriate technical and organisational measures to protect personal data.

Consent is key: Businesses must obtain valid consent from individuals before processing their personal data, provide individuals with the right to access, correct, or delete their data, and report data breaches to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of them.

Non-compliance can lead to fines: Businesses can be penalised to the tune of up to €20 million or 4% of global annual turnover, whichever is greater.

4. Employee Confidentiality: There is a legal requirement and ethical obligation for businesses to safeguard employee data and prevent its unauthorised access, use, or disclosure.

What businesses can do: As an employer, you can keep records of your employees' personal information, including their names, addresses, dates of birth, and contact information. You can also keep records of their employment history, job titles, and salary information, as well as any information that is necessary for you to pay them, such as bank account details and tax information.

What businesses are obliged to do: Respect employees' privacy rights; only collect and process personal data needed for legitimate business purposes.

5. Intellectual property. (IP): Retaining confidentiality here can be make or break for some businesses. IP refers to ‘creations of the mind,’ including inventions, designs, trademarks, and copyrights that are protected by law. To protect IP and retain a competitive edge, businesses often keep new ideas and inventions confidential, so they aren’t stolen or misused by competitors. This can be actioned by way of NDAs or confidentiality clauses in contracts with employees, contractors, and partners. Legal protection for IP in the UK is regulated by the Intellectual Property Office.

Alana warns: “In some circumstances, companies might lose intellectual property rights if confidential information like trade secrets or patent applications is disclosed. In a worst case scenario, a business could lose its exclusive right to use or profit from the intellectual property which could result in losses to revenue and market share.

“Breaching confidentiality, whether intentional or unintentional, can have serious consequences for businesses. Intangible losses like reputational damage and loss of customer trust can affect sales. Legal action can be costly, stressful and lengthy, and financial penalties can be extremely damaging too.”