You use AI tools daily now. You draft emails, pull key points from call notes, frame up a proposal structure before your first meeting of the day. The productivity gain is real and you know it. But at some point, real client names, live deal numbers, and commercially sensitive context started appearing in those prompts, because that was the fastest path to a useful output.
That question is worth working through carefully. There is a straightforward way to keep all the productivity benefit while keeping sensitive information out of the equation.
What does safe prompting actually mean?
Safe prompting means separating your thinking and structure from your identifying data. You give the AI the shape of the problem and the format you need, without feeding in the client name, the deal figure, or the commercially sensitive detail that would turn a prompt into a disclosure. The AI works on the pattern; you hold the specifics.
The practical principle behind this is data minimisation. The UK ICO, in its guidance on AI and personal data, points to this as the foundational obligation: only include the information in an AI prompt that the AI genuinely needs to complete the task. In practice, you can ask AI to “draft a proposal introduction for a professional services firm concerned about operational costs” without naming the client, specifying the revenue figure from your last conversation, or including the contractual context that would identify the engagement.
A useful mental model is to treat a prompt like a brief handed to a contractor. You would not hand a contractor your entire client file. You would give them enough to do the job. Prompts work the same way. The test before every prompt is simple: does the AI need this specific detail, or does it need the shape of the problem?
Why does it matter if your prompts include client details?
When you paste a client name and live project details into a free AI tool, that prompt travels to a third-party server and may be retained, reviewed, or used to improve the model. Consumer-tier versions of ChatGPT, Google Gemini, and Copilot do not carry the same contractual protections as their business counterparts. A prompt is, effectively, a disclosure to a third party.
The NCSC describes the risk plainly: organisations should avoid feeding sensitive data into public models where they have “limited oversight over how and where your data is processed and stored.” The ICO adds that UK GDPR applies when AI is used on personal data, with obligations around data minimisation and security that do not disappear because the tool is a chat interface.
A concrete example: in March 2023, Samsung restricted internal use of ChatGPT after engineers pasted sensitive source code and internal meeting notes into prompts, resulting in three separate incidents in under a month. The interface felt personal and contained. The data had already reached a third-party server.
For regulated firms, the exposure is more direct. The FCA has confirmed that using AI tools does not remove obligations on client information under Consumer Duty or existing confidentiality rules. If your firm holds professional indemnity insurance, client contracts with specific confidentiality clauses, or FCA authorisation, your obligations run ahead of the regulatory minimum.
Where do the risky moments show up in your working day?
The riskiest moments are rarely deliberate decisions. They happen when a useful workflow develops gradually: you start using AI to structure meeting notes, then begin pasting in the actual call transcript with client names intact because that produces a better output. The gap between “I’m using AI to help me write” and “I’m feeding client data to a third-party service” closes without anyone noticing.
The common trigger points in a services firm are proposal drafting, call summarisation, responses to difficult client queries, and contract review. Each is genuinely useful to do with AI. Each also carries a natural temptation to include the raw material, which is where identifiable or commercially sensitive information enters the system.
A useful diagnostic is to look at your last ten AI prompts and ask, for each one, whether the output required the specific identifying detail that was included. For the majority of tasks, a placeholder version of the same prompt would have produced the same result. The gap only appears when you are doing something specifically about that client or situation, rather than a generic type of task. That is the moment when a different prompting approach, or an upgrade to a business-tier tool, becomes relevant.
When is it safe to include data, and when should you route it differently?
You can use AI for much of the underlying cognitive work, including structuring arguments, improving prose, drafting templates, and stress-testing logic, without including identifiable client data at all. The question to ask before pasting anything in is whether the AI genuinely needs this specific detail to do the job, or whether a placeholder would produce the same output.
There is a practical line between two categories. Content that AI can work with safely across consumer and business-tier tools includes anonymised summaries where names and identifiers have been replaced, general industry or sector context, your own thinking about a problem rather than a client’s documents, and structural questions such as “what is the best approach for a three-part proposal introduction.”
Content that either needs anonymising first, or needs routing to a business-tier tool, includes anything containing client names or contact details, project-specific financial figures, contractual terms or draft clauses, call transcripts with identifiable participants, and anything covered by a specific confidentiality agreement.
Business-tier AI products, including ChatGPT Team, Microsoft 365 Copilot, and Azure OpenAI Service, carry commitments that your data is not used to train models and is processed within a defined tenant boundary. The NCSC recommends verifying exactly these terms before choosing a tool for sensitive work. For tasks where the content cannot easily be anonymised, a business-tier account is the appropriate route.
What else do you need alongside good prompting habits?
Good personal prompting habits need a small amount of infrastructure to hold reliably. You need to know which tool is approved for which types of task, a simple classification habit for information before it enters a prompt, and to have had a five-minute conversation with anyone on your team who uses AI in their daily work.
A simple three-tier classification covers the ground for a 5 to 50 person services firm. Public information, meaning content you could discuss openly with any third party, can go into any approved AI tool. Internal information, such as processes, templates, and general business context, belongs in business-tier tools with access controls. Sensitive or regulated information, including client personal data, commercial terms, legal content, and IP, either needs anonymising before it enters any AI tool, or it stays out of AI tools entirely.
The NCSC’s guidance for small organisations adds two further steps: turn on multi-factor authentication for any AI account your team uses, and review vendor terms annually. AI providers do update their policies, and the protections that applied when you first set up an account may have changed since.
If you use AI to run your own work more effectively, the starting point is your own habits. Understand what you are pasting in. Ask whether the AI needs that specific detail. If it does, check you are using a tool with the right contractual commitment. Those three checks, applied consistently, cover the daily risk without slowing you down.
