How to Decide if You Can Trust an AI Tool to Protect Your Data

Data protection has been a crucial concern in the digital age for quite some time now. Most of you are probably well aware of the importance of cybersecurity and privacy. In fact, you might be tired of hearing about it, or it keeps you up at night, or you’ve already fallen victim to a data breach. In the context of AI tools, it’s not just about how malicious actors can misuse your data; it’s also about safeguarding your intellectual property (IP) and even your voice.

Recently, Donald Trump discussed with Logan Paul the hypothetical scenario of his voice being cloned and an alert being sent out about a missile strike, causing widespread panic. Is the age of truth truly over?

In this article, we aren’t focusing on how to differentiate between human-made and AI-made content. Instead, we’ll explore how to determine which AI tools you can trust.

Current AI Regulations in Australia Protect Your Data

Currently, there are no AI-specific laws in Australia. Instead, AI is regulated indirectly through existing laws and regulations around privacy, consumer protection, anti-discrimination, etc. However, the government has acknowledged that these laws likely do not adequately prevent AI harms, and more work is needed. CSIRO, as Australia’s leading science agency, is developing concrete software engineering guidelines to help developers operationalise responsible AI principles in practice.

While this is a step in the right direction, what should businesses do in the meantime? Wait? Definitely not. Adoption is already lagging in Australia compared to other countries, and large corporations aren’t waiting, that’s for sure. With hundreds of new AI tools launching every week (at least that’s what it feels like in my role as Founder and CEO of Intelligence Assist), how do you know which ones to trust with your data?

Key Certifications and Regulations

There are key certifications or regulations that already exist, and at Intelligence Assist, whenever we start evaluating a tool, one of the first things we look for is any reference to one of these.

These certifications and regulations provide important guardrails as AI becomes more ubiquitous. By adopting relevant standards, AI developers and deployers can mitigate risks, meet rising expectations around responsible AI, and build the trust needed for AI to deliver on its immense potential to benefit business and society.

SOC 2 Type I and Type II (USA)

SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Public Accountants (AICPA). It specifies how organizations should manage customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Type I attests that a company’s systems are suitably designed to meet relevant trust principles at a specific point in time. SOC 2 Type II goes a step further and verifies that those systems operated effectively over a period of time (usually 6-12 months).

Benefits:

  • Demonstrates a company has established strict information security policies and procedures

  • Builds trust and confidence with customers that their data is secure

  • Gives companies a competitive edge, especially when selling to enterprise clients

  • Ensures consistency in a company’s security practices

 

Examples of AI companies with SOC 2 Type II:

  • Anthropic (developer of Claude AI)

  • Hugging Face

  • Salesforce Einstein

  • Zendesk

ISO 27001 (International)

ISO 27001 is the leading international standard for information security management systems (ISMS). It provides a framework for implementing, maintaining and continually improving an ISMS.

The standard uses a risk-based approach and includes requirements related to leadership and policy, planning, support, operation, performance evaluation, and improvement. It covers security controls across areas like access control, cryptography, physical security, incident management and more.

Benefits:

  • Protects intellectual property and sensitive data

  • Provides a competitive advantage when bidding for contracts

  • Improves information security awareness and practices across the organization

  • Avoids regulatory fines and reputational damage from data breaches

Examples of AI companies with ISO 27001:

  • IBM Watson

  • Dataiku

  • Darktrace

ISO 42001 (International)

ISO 42001 is a new international standard, published in July 2022, that provides a framework for the governance of AI systems. It addresses transparency, accountability and ethical considerations.

The standard guides organizations in establishing an AI management system to direct and control the use, development, and deployment of AI responsibly. It covers aspects like leadership, planning, support, operation, and improvement.

Benefits:

  • Ensures AI systems are transparent, explainable and aligned with human values

  • Helps identify and mitigate risks specific to AI like bias and privacy issues

  • Provides assurance to stakeholders that AI is being used responsibly

  • Facilitates compliance with AI regulations as they emerge

Examples of AI companies with ISO 42001:

  • The standard is still very new so no companies are certified yet, but early adopters are expected soon

GDPR or Australian Privacy Principles Compliant

The EU’s General Data Protection Regulation (GDPR) and Australia’s Privacy Act 1988 both aim to protect the privacy rights of individuals and regulate how organizations collect and handle personal data.

While the GDPR applies to any organization processing EU residents’ data, the Australian Privacy Principles (APPs) apply to businesses with over $3M turnover, health providers and some small businesses.

Both laws require privacy by design, data minimization, security safeguards, breach notification, and give individuals rights relating to their data. The GDPR has some additional requirements around data portability and the right to be forgotten.

Benefits:

  • Builds trust by demonstrating responsible data practices

  • Avoids hefty fines for non-compliance (up to 4% of global turnover under GDPR)

  • Streamlines data handling processes and improves data governance

  • Makes it easier to do business globally by meeting a high privacy standard

Examples of GDPR-compliant AI companies:

  • OpenAI (developer of GPT-4o and DALL-E)

  • DeepMind (Google’s AI research lab)

  • HubSpot

  • Mailchimp

NIST AI Risk Management Framework Adoption

The US National Institute of Standards and Technology (NIST) released the AI Risk Management Framework in January 2023. It is a voluntary framework to help organizations identify and manage risks related to AI systems.

The framework promotes AI systems that are valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful biases managed. It provides a structured process to achieve those characteristics.

Benefits:

  • Provides a common language to talk about AI risks

  • Helps organizations systematically identify, analyse and communicate AI risks

  • Integrates with other risk management processes

  • Aligns with emerging global AI standards and regulations

Examples:

  • The framework is still new so no companies have fully implemented it yet

  • Early drafts were piloted by a diverse set of organizations including Deloitte, Humana, MIT, NASA and the World Economic Forum

HIPAA Compliance (Healthcare AI Tools Only)

For AI tools handling protected health information (PHI) in the United States, compliance with the Health Insurance Portability and Accountability Act (HIPAA) is essential. HIPAA sets strict standards for safeguarding patient data privacy and security.

 
Benefits:
  • Protects sensitive patient health data from unauthorized access or breaches

  • Helps healthcare providers maintain patient trust and confidentiality

  • Reduces the risk of costly fines and reputational damage associated with HIPAA violations

  • Gives healthcare AI tools a competitive advantage by demonstrating commitment to data privacy

Examples of HIPAA-compliant AI tools:

  • Lindy: An AI scribe that accurately transcribes doctor-patient conversations while ensuring data privacy

  • Suki: An AI-powered voice assistant that streamlines clinical documentation and integrates with EHRs securely

  • Google Cloud Platform Healthcare AI: A suite of HIPAA-compliant AI tools for healthcare, including Natural Language API and Cloud Healthcare API

  • IBM Watson Health: An AI platform for healthcare that provides personalized treatment recommendations while safeguarding patient data

When evaluating healthcare AI tools, look for evidence of their HIPAA compliance measures, such as Business Associate Agreements (BAAs), data de-identification techniques, access controls, secure infrastructure, staff training, and breach notification procedures.

If you can’t find one of these certifications, you can always use the chatbot to ask or look in their privacy policy.

Some key elements to look for in the privacy policy include:

  • What data is collected and how it is used

  • How data is stored and protected

  • Whether data is shared with third parties

  • Data retention and deletion policies

  • User rights and control over their data

If an AI tool doesn’t have a privacy policy, this is a significant red flag, and you shouldn’t share anything with them, even conversationally.

Conclusion

In conclusion, data protection is of utmost importance when choosing AI tools for your business. As the AI landscape continues to evolve rapidly, it’s crucial to perform due diligence before integrating any AI tool into your operations. Certifications and compliance with established regulations can provide a level of assurance, but it’s equally important to thoroughly review privacy policies and understand how your data will be handled.

We encourage you to share your experiences or concerns regarding AI tools and data protection. Stay informed about the latest trends and updates in this space, as the landscape is constantly shifting. If you have any questions or need further assistance, please don’t hesitate to reach out to us at Intelligence Assist.

Together, we can navigate the exciting yet challenging world of AI while ensuring the protection of our valuable data and intellectual property.

YOUR RESOURCE HUB

Latest Intelligence Insights

Discover inspiring stories, innovative solutions, and expert insights that showcase the potential of AI to enhance efficiency, drive growth, and unlock new opportunities.