The core principle

Public AI tools (ChatGPT, Claude, Gemini on free/personal plans) process your input on external servers. Most providers say they don't train on your data by default, but your organisation's data governance policy may have stricter rules.

Before you paste anything into an AI tool at work: would you be comfortable if your manager read exactly what you typed? If yes, proceed. If not, pause.

Generally safe to share

Generic task descriptions ("summarise this type of document"), your own writing that doesn't contain confidential information, publicly available information you're researching, and draft ideas that don't reference specific clients or deals.

Generally not safe to share

Client names, personal data, financial figures, HR information, legal matters, contracts, anything marked confidential, passwords or API keys, medical information, or information covered by NDA.

The anonymisation trick

Replace specific names, numbers, and identifying details with placeholders before pasting. "Client ABC signed a contract for $X" tells AI the structure without revealing confidential data. You get the same quality output with zero risk.

Instead of: "Draft a reply to John Smith at Acme Corp about their $450K renewal" Use: "Draft a reply to [Client Name] at [Company] about their [contract value] renewal"

What to do at your organisation

Check whether your employer has an AI usage policy. Many larger organisations now have approved tools (often Microsoft Copilot within M365) where data stays inside the company's environment. If your company has one — use it.

If your company doesn't have a policy yet, asking about one makes you look proactive, not clueless. It's a career-positive move.

🔒 The quick rule

Treat any AI tool like a public space. If you wouldn't post it on LinkedIn, don't paste it into ChatGPT. Use paid tiers when possible — ChatGPT Plus, Claude Pro, and Gemini Advanced all have stronger privacy policies than their free versions.