Imagine a microfinance agent inputting a client's complete file into an artificial intelligence (AI). Income, account numbers, credit history – everything is there. The tool responds in seconds. But one question remains unanswered: what happens to this information once it's sent? Is it stored? Read by someone? Reused elsewhere?
The same scenario plays out at the hospital, prefecture, or university, with a patient record, student copy, or payslip. This article helps you ask the right questions before using AI at work, even if digital technology isn't your field.
What is it, concretely?
Ensuring that an AI protects your data means making sure that what you entrust to it will not be used, stored, or shared beyond what you have agreed to. Unlike software installed on your computer, an online AI often processes your texts on remote servers, sometimes abroad, and may keep a record of your exchanges. Before sending a sensitive file (client list, salaries, medical records, student records), ask yourself four simple questions: who has access to it, how long it is kept, if the data can leave the country, and if it is used to train the tool. You don't need to be a computer scientist to do this well.
Concrete case: what to do and what not to do
Questions to Ask Before Acting
Do these data allow the identification of a person (name, phone number, photo, ID number, account, grade, medical record)?
Do I really need to send this information to the AI, or can I anonymize it?
Does the provider clearly indicate if my data is used to improve their tool?
How long is the data kept? Can we request its deletion?
Who can access it (supplier, subcontractors, internal administrators, other users)?
Where is the data stored or transferred?
Does my organization and the applicable law permit this use?