In recent developments, concerns over data security have intensified as major tech companies face allegations of mishandling user information. In this week’s newsletter we’ll discuss the risk to data-privacy that AI tools may pose to your business, even when you don’t have a formal AI system in place.
LinkedIn, for instance, was accused in a California class-action lawsuit of using premium subscribers’ private messages to train AI models without consent. Although the lawsuit was dismissed, the incident highlights the potential risks associated with data sharing practices.
Similarly, South Korea’s Personal Information Protection Commission (PIPC) has accused Chinese AI startup DeepSeek of sharing user data with ByteDance, the owner of TikTok. The PIPC discovered that DeepSeek was not transparent about third-party data transfers and potentially collected excessive personal information. As a result, DeepSeek’s apps were removed from local app stores, and users were advised to exercise caution.
These incidents underscore the growing concerns surrounding data security in businesses, especially as they handle privileged and confidential information. The integration of AI technologies necessitates vast amounts of data, often leading to the transfer of sensitive information beyond organisational boundaries. Such practices raise significant issues, particularly when data is transmitted to entities not bound by European legislation, as global data centres operate under varying regulatory frameworks. The General Data Protection Regulation (GDPR) emphasises that data protection rules continue to apply regardless of where the data is transferred, ensuring that personal data remains safeguarded even when processed outside the EU.
Even if your business does not formally use these AI tools, you may still be exposed to the internal risk of Shadow IT—the use of unauthorised software and technology tools by employees without your IT department’s approval. While these tools can enhance productivity, they also introduce vulnerabilities, as they often lack proper security measures and oversight. The National Cyber Security Centre (NCSC) highlights that Shadow IT can introduce threats do not present on corporate IT, including an increased attack surface that makes it more challenging to monitor as they lie outside the organisation’s security perimeter.
To combat these multifaceted challenges, businesses must adopt comprehensive cybersecurity strategies. Shoothill offers a robust cyber security suite as part of its IT services, designed to protect your organisation from both external breaches and internal vulnerabilities. Our services include advanced threat detection, real-time monitoring, and robust defence mechanisms to safeguard your systems and data from evolving cyber threats. Additionally, we provide security audits, Cyber Essentials certification assistance, and tailored training programs to empower your team with the knowledge to prevent and respond to potential security incidents.
Ensuring your business’s cyber resilience is paramount. Take the first step towards fortifying your defences by visiting our beginner cyber security checklist.