Top Questions to Ask AI Providers About Data Privacy
Artificial intelligence (AI) helps remove limits to scale and accelerate operations, but it’s important to work with trustworthy providers and ensure your business remains in compliance with internal policies and external regulations. Here are Evisort's top tips to protect your business and evaluate AI providers for red flags related to data privacy and information security.
Data Input and Output
- Does your data include personal or sensitive information?
- Did you account for different evaluation criteria based on the type of data you will be providing (e.g. HR data vs publicly available marketing information)?
- Does the data have additional restrictions or regulations?
- Will any generated information need to be supervised or verified?
- How is the confidentiality and ownership of IP protected?
Data Retention and Deletion
- How is your data stored and retained?
- What is the data retention period?
- Is your data logically separated from other data?
- Can your data be deleted?
- Where is your data stored or housed?
Compliance and Ethics
- Are there any industry-specific restrictions on AI use without human supervision?
- How is the AI model integrated? Are there parameters and controls?
- How does your Customer data interact with the model?
- Does the AI vendor integrate with a generative AI provider? If so, which one?
Security and Data Processing
- What are the security policies and practices? Does the provider have any security certifications?
- How is the data processed?
- Is your data shared with subprocessors? To what extent?
- Is your data de-identified, aggregated, and anonymized?
- Is the vendor GDPR and CCPA compliant?
Generative AI-Specific Considerations
- What information does the provider send to an outside LLM, if any?
- What is your use case for the product or service?
- Is the LLM integrated by an API or is it public?
- What is the data retention policy?
- What are the infosec and data processing policies?
- Will your personal or sensitive data be used to train a publicly available model?
- Does the vendor use generative AI in any marketing, communication, word processing, or chatbot tools? Do any consultants or agencies that the vendor works with use generative AI? If so, how is it integrated?
Moving Forward with AI
To protect your organization while gaining value from AI, it's important to understand the different angles of risk and implement safeguards to mitigate them. This starts with selecting the right AI provider for your needs, understanding their “data supply chain,” and educating employees and stakeholders about AI. By partnering with experts, starting small, and being thoughtful, you can harness the power of AI while minimizing its risks.
Schedule a demo with Evisort legal experts to learn how to securely leverage AI for contracts.
Find out how
can help your team
Test Evisort on your own contracts to see how you can save time, reduce risk, and accelerate deals.