In a recent survey, global C-level executives selected “data privacy and security” as their primary concern with regards to using AI. This is encouraging, because it signals that most global executives now have data and privacy top of mind.
The more important data becomes to an organization in the age of AI, the more urgently they need a solid data governance program, especially as more parts of the organization, including marketing, tap into data and AI for more of their daily work.
The adage of “garbage in, garbage out” certainly applies to AI. A company can’t just stand up an AI generated product and expect accurate, relevant insights and outcomes. They l need a strong data foundation that is built with quality. They also need to have compliance top of mind. Because of Data Privacy legislation changes, data breaches and resultant fines being levied, what companies do to collect, manage and store data effectively is just as important as the data’s quality.
AI Is Evolving Quickly. Data Management Must, Too
Companies are testing AI at record rates. In many cases, employees enthusiastically add data to new, free AI tools without considering the consequences. What’s more, many software platforms and solutions providers are adding AI to their offerings – sometimes without users even knowing it. These platforms often house huge amounts of customer and company data and their AI is usually a licensed model from another company. Many companies are not aware of the implications and may not know where their data is being stored, if it is shared or exposed in any way.
The need for a comprehensive data management policy, as AI becomes more ubiquitous, cannot be questioned. ChatGPT and other LLMs are not transparent about what happens to data shared with the platform. New AI technologies, like intelligent agents, usually provide more clarity about data privacy and security, but do require vast amounts of company data to train on, the disclosure of which could be in breach of customer/user/partner agreements. Often AI is designed to continually re-evaluate, optimize and even execute independently, companies need transparency, understanding and a clear data governance plan in place.
AI Exposes the Need for Better Data Governance
Keeping data safe has always been important, but AI makes the situation more urgent. More data is being created, consumed, analyzed, which creates more opportunities for data exposure and misuse. Good data governance has always been good business practice, and an important part of risk management, as governments and regulators require that data is kept safe and secure. As regulators try to stay ahead, we have seen a rush of legislation around AI, often co-mingled with Privacy legislation, such as the EU Artificial Intelligence (AI) Act.. This looks to establish a global benchmark for responsible AI development and use, with a significant emphasis on privacy. Globally, regulatory fines reached a record $19.3 billion in 2024 as more companies were exposed for data management weaknesses among other risks.
Second, AI delivers outcomes using sophisticated analytics – if companies are not diligent about managing data, these outcomes could produce dangerous results. Consider a company that creates personalized content using sensitive information that excludes or offends a group of people by accident, and the possible ramifications in hiring, law enforcement, and social scoring etc.
And third, cyber criminals are using AI to access and steal data, so companies need to arm themselves. AI-generated data and the use of AI tools absolutely puts companies at risk of falling foul of data privacy and compliance best practice if executives are not diligent about implementing a top-down program. Data privacy and security is a comprehensive strategy – not just adherence to regulation, but a systematic approach to collecting, using and storing data.
Companies need a mandate to ensure guard rails are put in place around the use of date for AI including;
- Data-by-design – ensuring AI projects uphold data privacy best practices from the beginning.
- Data minimization policies to protect against out-of-scope or sensitive data being collected.
- Encryption/anonymization technologies to safeguard personally identifiable and other sensitive information.
- Storage and access protocols to secure large amounts of data that is shared by third technologies and partners.
All of this points to the need for strong data governance, with a centralized framework that includes collaboration across Data, Legal, IT and Privacy – a center of excellence that can own and be accountable for AI driven initiatives. Companies also need to review their data workflows, privacy policies and IT security framework to ensure that use of AI is embedded and addressed. The creation of a “Responsible use of AI” or a “Corporate Charter” should be created and distributed company-wide as a priority. IT needs to ensure only approved AI tools are used and issue guidelines around acceptable use so there is transparency and guardrails in place. IT also has to design solutions that support business needs,and to understand data access points, both internally and externally, and adhere to data best practices.
When it comes to the data that powers AI, responsible and ethical data use requires a ‘top-down’ approach to aid adoption of best practices, which will result in a lower risk of data misuse. Mandatory training for all employees is key, and AI use cases should be evaluated and assessed for risk profile before adoption. When rolled out, training and protocols for acceptable use need to be in place to stop anyone from going rogue.
AI is creating a brave new world of seemingly endless possibilities.While leaders don’t want to stifle growth or the enthusiasm with which these new solutions are being adopted, guardrails to guide innovation are key. Without proper data governance, the misuse of data in AI could quickly spiral into a problem, even if unintended. Now is the time to make data governance a priority – start with an audit, educate the company, solicit stakeholders and commit to a strong program to provide a foundation for ethical use of AI and ultimately, a successful business transformation.
