AI security graphic with illuminated shield and lock on background of code

Understanding the Benefits and the Risks

AI isn’t a tool that only benefits humans in research, coding, and analysis. Instead, AI serves as a double-edged sword. That same technology is being used by corporations to use our sensitive data without customer’s awareness and raise scam rates. As stated by Jennifer King, a fellow at Stanford's Human-Centered Artificial Intelligence,  “We've seen companies shift to this ubiquitous data collection that trains AI systems, which can have a major impact across society, especially on our civil rights.”

With the push of AI, we’ve seen corporations collect users’ data without the consumer’s knowledge. LinkedIn, for example, has faced severe backlash as it automatically opted LinkedIn users’ data for AI training without their knowledge. Not only have software corporations breached users’ rights, but the medical industry has as well. Former surgical patients have reported finding their medical images on an AI training dataset.

Outside of corporations and the medical industry, cybercriminals have used sensitive data for their benefit. With AI companies collecting private data, they’ve become the target for cybersecurity attacks. With this data that can be given out to criminals, it has spearheaded phishing crime rates and allowed for cybercriminals to impersonate your family members or relatives.

Though AI has brought significant improvements in multiple fields, it has also caused more privacy risks. With our data being tossed around from AI training sets to criminals, it’s important to understand how to stay safe.

How to Stay Safe

With AI, your sensitive data can be collected and used in training by corporations without your consent, and exfiltrated or leaked. To stay safe and avoid information breaches:

  • Do not share personal details (home address, phone number, SSN, ID numbers).
  • Avoid inputting sensitive or proprietary data into public AI tools.
  • Check the privacy and data policies of any AI platform you use.
  • Be cautious with original or unpublished work because once it is shared, it may not remain private.
  • Using UCSB’s Enterprise version of Google Gemini allows your data to not be shared with public learning models.

UCSB’s Approved AI Tools

All UCSB non-student employees now have access to the Google Gemini Web App and NotebookLM through campus-issued Google accounts. These tools allow users to generate content, summarize documents, and improve researching efforts. 

Through the UC licensing agreement, UCSB users have:

  • Access to Google’s latest models and features
  • Data protection under UC privacy policies
  • No use of campus data to train Google’s AI models
  • No human reviewers accessing conversations

To learn more about this agreement, click here

Using Non-Approved AI Tools? 

When you use tools other than Google Gemini and NotebookLM, like OpenAI’s ChatGPT, you may lose control over how your information is stored or used. Many public AI services use your data to train future models or share it with third parties.

For best practices on safe AI use:

  • Do not share personal details (home address, phone number, SSN, ID numbers).
  • Avoid inputting sensitive or proprietary data into public AI tools.
  • Check the privacy and data policies of any AI platform you use.
  • Be cautious with original or unpublished work because it is once shared, it may not remain private.

Privacy Rights and Legal Context

With privacy becoming a bigger issue, it’s important to be aware of the current privacy policies that have been enacted. For instance, California residents are protected under the California Consumer Privacy Act (CCPA), which ensures:

  • The right to know what personal data is collected and how it is used
  • The right to delete personal information (with some exceptions)
  • The right to opt out of the sale or sharing of personal data
  • The right to non-discrimination for exercising their CCPA rights.
  • The right to correct inaccurate personal information that a business has about them; 
  • The right to limit the use and disclosure of sensitive personal information collected about them.

 In Utah, similar legislature named UAIPA, pushes the message about the use of AI for companies and consumer protection. With the UAIPA, it ensures:

  • The right for consumers to disclose their data
  • The right for consumers to limit company data usage

By understanding the rights that you are entitled to, being knowledgeable of the possible risks, and how to guard your sensitive data, you can protect yourself from corporations collecting your sensitive information and cyber criminals.