6 Ways to Prevent Leaking Private Data Through Public AI Tools

Tanya Wetson-Catt • 16 January 2026

We all agree that public AI tools are fantastic for general tasks such as brainstorming ideas and working with non-sensitive customer data. They help us draft quick emails, write marketing copy, and even summarise complex reports in seconds. However, despite the efficiency gains, these digital assistants pose serious risks to businesses handling customer Personally Identifiable Information (PII).


Most public AI tools use the data you provide to train and improve their models. This means every prompt entered into a tool like ChatGPT or Gemini could become part of their training data. A single mistake by an employee could expose client information, internal strategies, or proprietary code and processes. As a business owner or manager, it’s essential to prevent data leakage before it turns into a serious liability.


Financial and Reputational Protection


Integrating AI into your business workflows is essential for staying competitive, but doing it safely is your top priority. The cost of a data leak resulting from careless AI use far outweighs the cost of preventative measures. A single mistake by an employee could expose internal strategies, proprietary code, or sensitive client information. This can lead to devastating financial losses from regulatory fines, loss of competitive advantage, and the long-term damage to your company's reputation.


Consider the real-world example of Samsung in 2023. Multiple employees at the company's semiconductor division, in a rush for efficiency, accidentally leaked confidential data by pasting it into ChatGPT. The leaks included source code for new semiconductors and confidential meeting recordings, which were then retained by the public AI model for training. This wasn't a sophisticated cyberattack, it was human error resulting from a lack of clear policy and technical guardrails. As a result was that Samsung had to implement a company-wide ban on generative AI tools to prevent future breaches.


6 Prevention Strategies


Here are six practical strategies to secure your interactions with AI tools and build a culture of security awareness.


1. Establish a Clear AI Security Policy


When it comes to something this critical, guesswork won’t cut it. Your first line of defence is a formal policy that clearly outlines how public AI tools should be used. This policy must define what counts as confidential information and specify which data should never be entered into a public AI model, such as social security numbers, financial records, merger discussions, or product roadmaps.


Educate your team on this policy during onboarding and reinforce it with quarterly refresher sessions to ensure everyone understands the serious consequences of non-compliance. A clear policy removes ambiguity and establishes firm security standards.


2. Mandate the Use of Dedicated Business Accounts


Free, public AI tools often include hidden data-handling terms because their primary goal is improving the model. Upgrading to business tiers such as ChatGPT Team or Enterprise, Google Workspace, or Microsoft Copilot for Microsoft 365 is essential. These commercial agreements explicitly state that customer data is not used to train models. By contrast, free or Plus versions of ChatGPT use customer data for model training by default, though users can adjust settings to limit this.


The data privacy guarantees provided by commercial AI vendors, which ensure that your business inputs will not be used to train public models, establish a critical technical and legal barrier between your sensitive information and the open internet. With these business-tier agreements, you’re not just purchasing features; you’re securing robust AI privacy and compliance assurances from the vendor.


3. Implement Data Loss Prevention Solutions with AI Prompt Protection


Human error and intentional misuse are unavoidable. An employee might accidentally paste confidential information into a public AI chat or attempt to upload a document containing sensitive client PII. You can prevent this by implementing data loss prevention (DLP) solutions that stop data leakage at the source. Tools like Cloudflare DLP and Microsoft Purview offer advanced browser-level context analysis, scanning prompts and file uploads in real time before they ever reach the AI platform.


These DLP solutions automatically block data flagged as sensitive or confidential. For unclassified data, they use contextual analysis to redact information that matches predefined patterns, like credit card numbers, project code names, or internal file paths. Together, these safeguards create a safety net that detects, logs, and reports errors before they escalate into serious data breaches.


4. Conduct Continuous Employee Training


Even the most airtight AI use policy is useless if all it does is sit in a shared folder. Security is a living practice that evolves as the threats advance, and memos or basic compliance lectures are never enough.


Conduct interactive workshops where employees practice crafting safe and effective prompts using real-world scenarios from their daily tasks. This hands-on training teaches them to de-identify sensitive data before analysis, turning staff into active participants in data security while still leveraging AI for efficiency.


5. Conduct Regular Audits of AI Tool Usage and Logs


Any security program only works if it’s actively monitored. You need clear visibility into how your teams are using public AI tools. Business-grade tiers provide admin dashboards, make it a habit to review these weekly or monthly. Watch for unusual activity, patterns, or alerts that could signal potential policy violations before they become a problem.


Audits are never about assigning blame, but identifying gaps in training or weaknesses in your technology stack. Reviewing logs might help you discover which team or department needs extra guidance or indicate areas to refine and close loopholes.


6. Cultivate a Culture of Security Mindfulness


Even the best policies and technical controls can fail without a culture that supports them. Business leaders must lead by example, promoting secure AI practices and encouraging employees to ask questions without fear of reprimand.


This cultural shift turns security into everyone’s responsibility, creating collective vigilance that outperforms any single tool. Your team becomes your strongest line of defence in protecting your data.


Make AI Safety a Core Business Practice


Integrating AI into your business workflows is no longer optional, it’s essential for staying competitive and boosting efficiency. That makes doing it safely and responsibly your top priority. The six strategies we’ve outlined provide a strong foundation to harness AI’s potential while protecting your most valuable data.



Take the next step toward secure AI adoption, contact us today to formalise your approach and safeguard your business.

Let's Talk Tech

More from our blog

3 Simple Power Automate Workflows to Automatically Identify and Terminate Unused Cloud Resources

by Tanya Wetson-Catt 12 January 2026
The cloud makes it easy to create virtual machines, databases, and storage accounts with just a few clicks. The problem is, these resources are often left running long after they’re needed. This “cloud sprawl,” the unmanaged growth of cloud resources, can quietly drain your budget every month. According to Hashi Corp’s State of Cloud Strategy Survey 2024 , the top reasons for this waste are lack of skills, idle or underused resources, and overprovisioning, which together drive up costs for businesses of all sizes. Why Should I Care About Cloud Resources? The business benefit is tangible and dramatic. While organisations struggle with cloud budgets exceeding limits by an estimated 17%, automation offers a clear path to control. For example, a VLink saved a significant amount of money on its non-production cloud spend by implementing a rigorous cloud shutdown automation policy. This policy automatically powered down all development and test environments that were not explicitly tagged as 'Production' outside of normal business hours (8 AM to 6 PM). The savings from just this single automated action accounted for 40% off their non-production cloud spend, freeing up that budget for new growth initiatives. 3 Power Automate Workflows Finding these unused cloud resources feels like hunting for ghosts. But what if you could automate the hunt? Microsoft Power Automate is a powerful tool for this exact task. Let’s look at three straightforward workflows to identify and terminate waste automatically. 1. Automate the Shutdown of Development VMs Development and test environments are the worst offenders for cloud waste. A team needs a virtual machine for a short-term project. The project ends, but the VM continues to run, costing money. You can build a workflow that stops this waste. Create a Power Automate flow that triggers daily and queries Azure for all virtual machines with a specific tag, like “Environment: Dev.” The flow then checks the machine’s performance metrics. If the CPU utilisation has been below 5% for the last 72 hours, it executes a command to shut down the VM. This simple Azure automation does not delete anything, it simply turns off the power, slashing costs immediately. Your developers can still start it if needed, but you are no longer paying for idle time. 2. Identify and Report Orphaned Storage Disks When you delete an Azure virtual machine, you are often given an option to delete its associated storage disk. This step is frequently missed, and the orphaned disks continue to incur storage charges month after month. You can create a flow to find them. Build a Power Automate schedule that runs weekly. The flow will list all unattached managed disks in your subscription and will then compose a detailed email report that lists the disk names, their sizes, and the estimated monthly cost. The report acts as a clear, actionable list that could be used for cleanup purposes, and you can send it using the “Send an email” action to your IT manager or finance team for further evaluation on whether to keep or delete the disks. 3. Terminate Expired Temporary Resources Some business projects require temporary cloud resources, like a blob storage container for a file transfer or a temporary database for data analysis. Since these resources have a finite lifespan, you need to directly integrate build expiration dates into your deployment process. For this, you can use a Power Automate flow that is triggered by a custom date field. This means that whenever you create a temporary resource, you add a descriptive tag such as “Deletion Date.” After implementing this best practice, i.e., adding descriptive tags to cloud resources, set the flow to run daily and check for all resources that bear the “Deletion Date” tag. For each resource the flow finds, it should check whether the current date matches or is later than the “Deletion Date” property. If this condition is met, the flow deletes the resource automatically. This hands-off cleanup ensures that temporary items do not become permanent expenses. This approach not only eliminates the risk of human oversight but also uses automation to enforce financial discipline. Troubleshoot Your Automated Workflows Using Power Automate to build these workflows is a great start, but you also need to implement them safely. Automations that delete resources are powerful and need controls in place. To be safe, always launch these flows in report-only mode, which lets you test and simulate automations without enforcing them. For example, you can modify the “Terminate Expired Temporary Resources” flow to send an email alert instead of deleting resources for the first couple of weeks as you observe. This helps validate whether your flow logic is sound and gives you an opportunity to fix errors and oversights. You can also consider adding a manual approval requirement for certain high-risk actions, such as the deletion of very large storage disks. This ensures that your automations work to your benefit and not against you. Take Control of Your Cloud Spend These three Power Automate workflows are a good starting point for businesses using Microsoft Azure. They help you shift from a reactive to a proactive position, ensuring you only pay for the resources you actively use.  Stop overspending on idle cloud resources. To take control of your cloud environment and start saving, contact us today to implement these Power Automate workflows and optimise your Azure spend.

How to Implement Zero Trust for Your Office Guest Wi-Fi Network

by Tanya Wetson-Catt 5 January 2026
Content Starts Here 

Lost Without a Tech Plan? Create Your Small Business IT Roadmap for Explosive Growth

by Tanya Wetson-Catt 29 October 2025
Do you ever feel like your technology setup grew without you really noticing? One day you had a laptop and a few software licenses, and now you’re juggling dozens of tools, some of which you don’t even remember signing up for. A recent SaaS management index found that small businesses with under 500 employees use, on average, 172 cloud-based apps. And many don’t have a formal IT department to keep it all straight. That’s a lot of moving parts. Without a plan, it’s easy for those parts to work against each other. Systems don’t talk, people improvise workarounds, and money gets spent in ways that don’t actually help the business grow. That’s where an IT roadmap comes in. Why a Small Business IT Roadmap Is No Longer Optional A few years back, most owners thought of IT as background support, quietly keeping the lights on. Today it’s front-and-centre in sales, service, marketing, and even reputation management. When the tech stalls, so does the business. The risk extends past downtime or slow responses to customers. It’s the steady drip of missed efficiency and untapped opportunity. Without a plan, small businesses often buy tools on impulse to solve urgent issues, only to find they clash with existing systems, blow up budgets, or duplicate something already paid for. Think about the ripple effects: · Security gaps that invite trouble. · Wasted spending on licenses nobody uses. · Systems that choke when growth takes off. · Customer delays that leave a poor impression. If that list feels uncomfortably familiar, you’re not alone. The real question isn’t whether to create an IT roadmap; it’s how fast you can build one that actually moves your business forward. How to Build a High-Impact IT Roadmap for Growth An IT roadmap is a dynamic plan that connects your business vision with the technology you choose and keeps both evolving together. Think of it as equal parts strategy and practicality. Start With Your Business Goals Before talking about hardware or software, decide what you’re aiming for: · Are you trying to streamline operations? · Shorten sales cycles? · Expand into new markets? These goals will steer every technological choice you make. Don’t keep it in the IT bubble, bring in voices from marketing, sales, operations, and finance. They’ll see needs and opportunities you might miss. When everyone understands the “why,” adoption of new tools is much smoother. Audit What You Already Have When was the last time you took inventory of your tech stack? An inventory is an honest look at what’s working, what’s not, and what’s gathering dust. You might discover you’re paying for two tools that do the same job, or that a critical application is three versions out of date. Sometimes the fix is as simple as training people to use an existing tool better. Other times, you’ll spot gaps that need to be filled sooner rather than later. Identify Technology Needs and Rank Them After your audit, you’ll have a messy wish list. Resist the urge to fix everything now. Ask: Which issues slow us down daily? A clunky CRM might outrank that fancy website refresh if it’s costing leads. Some projects bring ROI; others just remove frustration. Rank them with flexibility because priorities can shift quickly. You need to focus energy where it moves the needle most. Budget With the Full Picture in Mind It’s tempting to look at the purchase price of a new tool and stop there. However, the real cost includes implementation, training, maintenance, and sometimes even downtime during the transition. Ask yourself two things: · Can we afford it right now? · Can we afford not to have it? The second question often brings clarity. If a delay in upgrading means losing customers to faster competitors, the return on investment may justify the spend. Map Out the Rollout Even great tools can flop if they’re dropped into the business without a plan. Your implementation timeline should outline who’s responsible for what, key milestones, and how new tools will be tested before they go live. And don’t forget people: · How much training will staff need? · Will it happen before or after the launch? Reduce Risk and Choose Vendors Wisely Rolling out new tech has risks, such as compatibility snags, migration delays, and even staff pushback. Spotting these early is smart, but vendor choice matters just as much. A great tool isn’t great if support vanishes when you need it. Ask peers for feedback, read reviews, and test their responsiveness before signing. If they’re quick to help while courting you, there’s a better chance they’ll be there when something breaks. Make It a Habit to Review and Revise Your business changes, the market changes, and technology changes even faster. That’s why your IT roadmap should be a living document. Schedule a quarterly review to see what’s working, what’s outdated, and where new opportunities are emerging. These reviews also give you a natural checkpoint to measure return on investment and decide whether to keep, adjust, or replace certain tools. Skipping them means you’re back to making ad-hoc decisions, exactly what the roadmap was meant to prevent. Put Your IT Roadmap into Action for Long-Term Wins At its core, an IT roadmap is about connection: Linking your business goals, your technology, and your people so they work toward the same outcomes. Done well, it: · Keeps technology spending focused on what matters most. · Prevents redundancy and streamlines operations. · Improves the customer experience through better tools and integration. · Prepares you to adapt quickly when new technology or opportunities emerge. The payoff is a stronger competitive position and the ability to scale without tripping over your own systems. If you’ve been running without a plan, the good news is you can start small: Set a goal, take inventory, and map the first few steps. You don’t have to have everything perfect from day one. What matters is moving from reaction mode to intentional, strategic action. Every day without a roadmap is another day where your technology could be doing more for you, and even saving you from costly mistakes down the line.  Contact us to start building a future-ready IT roadmap that turns your technology from a patchwork of tools into a true growth engine for your business.