The AI privacy dilemma: How to balance progress and protection

Almost every day, we hear a new story about how AI is transforming organizations, optimizing costs, streamlining processes and easing talent shortages. Its ability to analyze massive amounts of data enables quicker decision-making and improves customer experiences across touchpoints.

AI in action: Use cases that revolutionize businesses

Let’s take a closer look at some organizations that have used AI to turn data into practical solutions to daily business challenges:

AI in logistics and supply chain optimization

Flexport, a global logistics platform, faced the challenge of growing their operations while maintaining agility and visibility across a complex global supply chain.

To tackle this, NTT DATA teamed up with Flexport to create an AI-driven cloud automation solution. This system allows engineers to manage their own infrastructure, offers real-time analytics into logistics operations and makes it easier to scale rapidly.

As a result, Flexport doubled in size in just three years, all while improving their operational efficiency and customer service.

Predictive maintenance in manufacturing with AI

In Japan, Mitsubishi Chemical Group Corporation partnered with NTT DATA and ITOCHU Techno-Solutions Corporation to launch a smart maintenance solution powered by AI and the IOWN All-Photonics Network.

This innovative system employs remote-controlled robots and advanced video analytics to inspect factory equipment in real time. By enabling predictive maintenance, it reduces the need for on-site inspections and improves both safety and operational efficiency. 

AI for financial fraud detection and prevention

The US real-estate owner and manager Balfour Beatty Communities worked with NTT DATA to improve their work-order assurance process through GenAI. This AI system automatically verifies service records, detects anomalies and flags suspicious patterns that could suggest fraudulent activity.

As a result, operational transparency has greatly improved, the risk of fraud has been reduced and stakeholder confidence has increased.

AI transforming South African businesses

Closer to home, South African banks are using AI-powered chatbots and virtual assistants to provide 24x7 customer support and detect fraud and money laundering in real time. In the agriculture sector, AI-driven tools such as drones and sensors monitor soil health, optimize irrigation, manage energy and water usage and even detect crop diseases, which improves yields and drives sustainable farming practices.

Furthermore, AI is helping local manufacturers simulate production scenarios, optimize supply chains, forecast demand, reduce downtime and extend equipment life through predictive maintenance.

The ‘but’

Despite these compelling benefits, AI also introduces data-privacy and data-security risks and challenges. This is because it relies on large amounts of data to fuel its transformational power, and the technology is evolving faster than governance frameworks can keep pace. As a result, organizations often struggle to implement effective data-protection measures.

Here are some of the direct risks of allowing the unchecked use of AI in an organization:

• Sharing of sensitive data: Employees may unknowingly enter confidential or regulated data such as financials, proprietary source code or customers’ personal information into AI tools like chatbots or GenAI platforms. These tools may store and process the data, or even use it data to retrain models, leading to the data being exposed in the public domain. To cite a recent example, in 2023, employees of consumer electronics firm Samsung who used ChatGPT to debug code and summarize meeting notes accidentally leaked confidential source code and internal data.
• Data inference: AI models can infer sensitive details about users, even from seemingly innocuous data. This inferred data can then be used without the users’ consent. For example, research points to AI’s ability to infer sensitive information such as sexual orientation or criminal records from facial images. 
• Lack of explainability:If organizations lack the ability to understand and justify decisions made by their AI systems, it can hinder trust and lead to legal scrutiny and reputational damage. For example, a CEO not knowing where their organization’s LLM got its training data could result in bad press or regulatory investigations.
• Bias and discrimination: AI systems trained on biased or incomplete data can perpetuate or amplify discrimination — especially in hiring, lending, healthcare and law enforcement. This can lead to reputational damage, legal liability and regulatory scrutiny. In 2019, a widely used US hospital algorithm underestimated the health needs of Black patients by using healthcare spending as a proxy for need — resulting in unequal care for over 200 million people.
• ALSO READ → The double-edged sword of AI in cybersecurity

A multilayered approach to AI security

To make your organization’s use of AI both responsible and relevant, you need a multilayered approach to AI security.

The first step is to develop comprehensive, responsible data-protection and data-management policies that govern how you process both internal and external information. Next, you should implement strategies and technologies that allow you to innovate with AI without compromising data privacy.

Let’s consider these steps in more detail:

1. Empower your employees.

It’s vital to make it easy for your employees to understand AI in a practical sense, as opposed to having to read and interpret reams of terms and conditions.

Yes, your approach to AI security needs to be grounded in sound, comprehensive policies. But you need to take this a step further so employees can relate these policies to the tools they’re using every day.

AI training and awareness programs can help your employees understand how your organization uses and processes internal and external data, and how they can use AI in specific roles to make their jobs easier.

2. Overcome the consent conundrum.

Transparency and ethical practices in data collection and usage are critical to protecting both your stakeholders and your organizations.

Many people are unaware of how their data is gathered (for example, through facial recognition and other biometric data-collection techniques), stored and shared, both in the workplace and in their personal lives. When the terms and conditions for sharing personal data are buried under layers of legal jargon, many users unknowingly consent to trading their personal information for convenience.

If your organization uses data without consent and repurposes it in ways that your employees or customers haven’t agreed to, you could face regulatory penalties, reputational damage and a loss of employee and customer trust. To avoid this, you need to clearly communicate how data is collected, stored and used, and make sure that users are fully informed about and consent to these practices.

3. Be clear about where the use of AI is disallowed, and why.

Likewise, your employees need to understand how and where they may and may not use AI when handling confidential or sensitive company data. For example, they might use free AI platforms to help them generate presentations, summarize meeting information or improve spreadsheets without realizing that the data in these documents is stored by the AI tools and may surface when someone outside the company performs a search.

A critical part of data protection is having a clear stance on the use of AI within the organization, with well-defined guidelines about what’s allowed. For instance, many organizations have banned using AI bots in meetings to take notes. Employees have to reaffirm their acknowledgment of these terms before they join online meetings.

A moving target: Maintaining control

Sticking to and enforcing responsible AI practices will never be “one and done,” because AI continues to evolve so much faster than regulations. Some machine-learning models have even advanced to the point where they can use AI algorithms to reidentify anonymized data.

Many organizations are still in the early stages of defining governance requirements and processes for the use of AI. And those that have done so need to regularly revise their policies in response to emerging trends and risks.

You can keep AI under control and prevent it from operating unchecked in your organization by:

• Conducting regular privacy audits to check that you’re using AI in a way that is compliant, ethical and transparent, in accordance with regulations such as the Protection of Personal Information Act in South Africa
• Adopting privacy-by-design strategies when initiating projects that rely on AI capabilities — integrating data-privacy protection into your architecture from the start rather than bolting it on later

Become a secure-by-design organization

It’s vital that South African businesses apply a risk-based approach to managing AI that includes AI risk and readiness assessments. NTT DATA offers both. Our comprehensive AI readiness assessments help you build a secure and compliant foundation in the early stages of your AI journey. Then, through consultative engagements, we help you draw up a clear, structured roadmap for responsible AI adoption.

By integrating secure-by-design principles into your AI architecture, you can proactively address vulnerabilities, mitigate data-privacy risks and align with evolving global, local and industry-specific regulations.

If you want to mitigate the risks associated with AI, maximize its potential and learn how to implement secure AI solutions that support ethical innovation, let’s talk.

• ALSO READ → The AI responsibility crisis: Why executive leadership must act now