How ChatGPT Could Be a Data Security Problem

The Risks of ChatGPT with Embedded Analytics

While organizations should take note of the data leak risks associated with employees using ChatGPT, embedded analytics implementations that use ChatGPT need to be even more careful. 

Consider a fictitious wellness company with embedded analytics and a LLM like ChatGPT integrated into their application. This application tracks health indicators of customers through wearables and manual customer input. Customers are able to use embedded analytics capabilities to analyze health trends, and can even query the application’s ChatGPT implementation to query analysis about their own health data and receive personalized responses.

In this case, all health data of the customer used to derive the personalized responses becomes content that OpenAI has access to, and can use, when creating output for other ChatGPT queries, or even to build new products and services. Granting ChatGPT this type of access to end user data can be particularly problematic in areas with strict data privacy regulations. 

If the customer requests removal of personal data from the fictitious wellness company, there is no mechanism in place to recover or delete the data that has already been provided to ChatGPT. And more importantly, the data has already been provided to OpenAI to use for future outputs, so customer privacy has been breached.

Learn More: What is Data Governance? Accountability and Quality Control in Analytics

Taking Data Security Seriously

While LLM models like ChatGPT are impressive, it’s important to have a strong data security policy in place before rushing to adopt these integrations into embedded analytics applications. 

A few factors to consider are:

• Proprietary vs public: Will your application be using proprietary data as an input into the LLM algorithm? ChatGPT shines in generating content and human-like responses based on input data; however, any data used as input should be treated in the same way as publishing the data to a public website. If you wouldn’t publish the data to a public Internet site, you likely should not be using it as input to ChatGPT.
  
  
• GDPR and CCPA: Data privacy regulation is a hot topic globally, and countries and states continue to evolve rules around customer data. By adopting ChatGPT into your embedded application, you may be violating GDPR or CCPA and becoming exposed to costly litigation. It is important to note that the terms of service for ChatGPT explicitly state that users of the service agree to be responsible for any legal consequences associated with the Content of ChatGPT. This includes any litigation against OpenAI.
  
  

• Usability: Will your implementation of ChatGPT into your embedded analytics application provide a useful feature to your end-user or are you implementing it to capture part of the buzz associated with ChatGPT? ChatGPT and LLM implementations are impressive, but have limited use cases within the embedded analytics space that have not already been solved with other solutions. It’s important to consider the value something like ChatGPT can bring and weigh it against the risks associated with giving data to OpenAI.
  
  

At Yellowfin, we know the importance of data and data security. The platform has been designed from the ground up with data governance and segregation as key features of the product. Companies that use Yellowfin to embed BI and analytics into their applications are able to provide their end users valuable insights into their analytics without sacrificing and exposing internal data to the public.

While we continue to follow the innovations with LLM and ChatGPT, we find that the risk of integrating a technology like this into Yellowfin far outweighs the benefits. We already offer accessibility features like Guided NLQ that enables end uses to perform data analytics using an easier to comprehend human-like questioning process. And this is accomplished without copying the user data outside its silo.