AboutBlogBusiness First AIFounder FreedomBook a conversation

Preventing client data from reaching public AI tools

May 17, 2026
Business owner reviewing a document on a laptop screen at a well-lit office desk
TL;DR

Staff in owner-managed services firms regularly paste client details into public AI tools without realising that prompts may be logged, stored, or used by the tool provider. UK regulators including the ICO, NCSC, and FCA have all addressed this risk. The most effective response for a 5 to 50 person firm is a simple data classification rule, an approved tool list, a one-page policy, and a safe alternative route for staff who need AI in their daily work.

Key takeaways

- Public AI tools can log, store, or use prompts in ways consumer terms rarely clarify, making any client detail pasted in a potential disclosure event. - The ICO, NCSC, and UK Government AI Playbook all point towards layered controls rather than relying on staff awareness alone. - Client confidentiality in services firms extends well beyond personal data to include commercial terms, strategy, legal content, and credentials. - Banning AI tools without providing an approved alternative typically creates shadow use, which is harder to manage than a controlled approach. - The most effective starting point for a small firm is a data classification rule, one approved tool list, and a clear policy on what must never be pasted.

Someone on your team is already using AI. They started with low-stakes tasks, found it genuinely useful, and gradually extended it to the work where it saves the most time: turning call notes into a summary email, drafting a proposal from raw client input, pulling key points from a contract before a meeting. There was no rule against it. Nobody thought to ask.

The issue is that client names, project details, pricing, and commercially sensitive context have almost certainly entered a public AI tool at some point in that process, and your firm had no policy, no visibility, and no way to know.

That is the position a significant number of owner-managed services firms are sitting in right now.

What actually happens when staff paste client data into a public AI tool?

When staff paste client notes into a public AI tool, the prompt travels to the provider’s servers, where it may be retained for quality review, used to train the model, or logged for provider-side monitoring. Consumer-tier versions of ChatGPT, Google Gemini, and Copilot do not carry the same contractual protections as their enterprise counterparts. The NCSC frames this directly as an information security issue, not just a productivity concern.

The distinction between consumer and enterprise tiers is important because the terms of service for public tools have historically permitted providers to use inputs to improve their systems, unless users opt out of mechanisms they may never have seen. OpenAI, Microsoft, and Google each publish enterprise privacy pages with specific commitments around training exclusions, data retention, and admin controls. The consumer tiers of the same products do not carry those commitments.

There is also a contractual dimension. A 2023 incident at Samsung, widely reported at the time, saw the company restrict generative AI use after staff entered sensitive internal material into a public tool. The lesson for a ten-person consultancy is the same: a prompt is a disclosure to a third party, and the fact that the disclosure happened inside a chat interface does not change that.

Why does this matter more for a services firm?

Services firms hold two distinct categories of risk, and many owners focus on only one. The first is personal data: names, contact details, anything covered by UK GDPR. The second, often more commercially significant, is client confidentiality: pricing, strategy, legal content, credentials, and tender documents. The ICO’s guidance covers both, and your professional duty of care to clients extends beyond the regulatory floor.

The ICO has been consistent in its message to UK organisations: understand what data goes into AI tools and understand what happens to it afterwards. Where AI use is likely to create high risk, a data protection impact assessment is required. The FCA has gone further for regulated firms, stating that using AI does not remove your governance, record-keeping, or client data obligations. For a firm that supplies regulated clients, the FCA’s standards can reach you even if you are not regulated yourself.

UK GDPR fines can reach up to 4% of annual worldwide turnover for the most serious breaches, and a reportable breach must be notified to the ICO within 72 hours of discovery. Neither scenario is likely from a single accidental disclosure, but together they illustrate why this is a governance matter, not just an IT one.

Where will you actually meet this risk in a services firm?

The highest-risk moments tend to be the everyday shortcuts. Turning call notes into a summary email, drafting a proposal from raw client input, cleaning up a long email thread containing commercial terms, or pulling key points from a contract before a meeting. Each of those tasks can carry client names, financial figures, or legally privileged content. The exposure concentrates in daily workflow, in the tasks where AI feels most natural and time pressure is highest.

Verizon’s 2025 Data Breach Investigations Report found that 95% of security incidents involve some form of human error or behaviour. That finding supports a consistent principle in security: policy and technical controls need to sit alongside training, because good intentions alone are not a reliable layer of defence. Both the NCSC and the ICO say the same: awareness is necessary but it is the starting point, not the whole answer.

The specific categories to watch for in a services firm are call recordings or transcripts, draft proposals containing client budgets, legal documents of any kind, HR or payroll data, account credentials, financial data belonging to clients, and screenshots or database extracts containing client-identifying information. A practical test: if you would not email this content to the tool provider’s support team, it should not go into the tool.

When do you need to act, and when is the risk genuinely lower?

Proportionality matters. A firm handling financial data, legal documents, HR advice, or commercially sensitive client work sits in a different position from one whose output is largely public-facing or generic. If your firm handles the first type and has no written AI policy, no approved tool list, and no technical controls in place, the gap between your current exposure and your safeguards is worth closing before a client or regulator raises it.

Firms in a lower-risk position are not exempt. Even where no single item of information your team handles would trigger a GDPR notification, client confidentiality still applies. The professional reputation consequences of a data-handling incident can outlast any regulatory response. A sharper question is whether your clients would be comfortable knowing exactly what goes into your AI tools today.

One genuine limit case: a firm that uses a fully managed enterprise AI environment with strict no-training, no-retention, SSO, and data loss prevention controls is in a materially different position. That configuration is achievable for small firms, but it requires active setup. The public-tier tools most teams start with do not carry those settings by default.

What controls actually work for a firm of your size?

Four controls deliver the most protection for a small services firm without requiring a dedicated IT team. Start with a simple data classification rule: anything client-confidential is off limits for public AI tools. Approve specific products rather than AI in general, selecting only those with contractual commitments on retention and training. Give staff a safe alternative. Then back all of it with a clear incident escalation path.

The classification rule itself can be simple: three levels, public, internal, and client-confidential. A one-page document stating clearly what falls into each category, written in language your team can actually read, covers the basics. The UK Government AI Playbook recommends classifying data before mapping use cases, and before configuring or approving tools. Getting the sequence right means each step narrows the exposure before the next one opens new ground.

On approving specific tools: consumer-tier ChatGPT, business-tier ChatGPT, and ChatGPT Enterprise are different products with materially different terms. The same split applies to Microsoft Copilot and Google’s tools. Approve the version that carries admin controls, defined retention settings, and a training exclusion commitment. OpenAI, Microsoft, Google, and Anthropic all publish enterprise privacy documentation, and reading the relevant pages takes less than an hour.

On giving staff a safe alternative: a team member who needs to summarise a sensitive document will find a way to do it. If the only available route is a public tool, they will use it. An approved enterprise or internal option removes both the risk and the workaround behaviour. UK guidance from both the NCSC and the UK Government AI Playbook leans towards controlled use over blanket prohibition for exactly this reason.

On the escalation path: if someone realises they have pasted client data into an unapproved tool, your firm should already know the first steps to take. The 72-hour UK GDPR breach notification window runs from the point of discovery. Having a clear response prepared is considerably cheaper than working it out in the moment.

None of this requires a large investment. The guidance from the ICO, NCSC, and UK Government is free to read and directly applicable to a firm of any size. The harder part is usually the internal conversation that gets the policy written and the approved tools confirmed. That conversation is worth having before a client asks why their information ended up somewhere unexpected.

If you want to think through what this looks like for your firm specifically, Book a conversation.

Sources

- ICO (2024). Guidance on AI and data protection. ICO's core position on lawful basis, DPIAs, data minimisation, and what organisations must understand before putting personal data into AI tools. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/guidance-on-ai-and-data-protection/ - ICO (2024). AI and UK GDPR guidance hub. Overview of the ICO's full AI guidance for UK organisations including accuracy, transparency, and automated decision-making. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ - UK Government / Government Digital Service (2025). AI Playbook for the UK Government. Sets out 10 principles for lawful, secure, ethical AI use including the recommended sequence: classify data, map use cases, configure tools, train staff, then permit broader use. https://www.gov.uk/government/publications/ai-playbook-for-the-uk-government/artificial-intelligence-playbook-for-the-uk-government-html - National Cyber Security Centre (2025). Guidance on generative AI. Advises treating AI tools as an information security issue; explains prompt retention risks and recommends layered controls including policy, technical restrictions, and logging. https://www.ncsc.gov.uk/guidance/generative-ai - Financial Conduct Authority (2024). FCA publishes new AI guidance for financial services firms. States that using AI does not remove regulated firms' obligations on governance, record-keeping, or treatment of customer information. https://www.fca.org.uk/news/press-releases/fca-publishes-new-ai-guidance-financial-services-firms - EU Official Journal (2024). EU AI Act (Regulation 2024/1689). Risk-based regime creating obligations on AI providers and deployers; relevant to UK firms with EU clients, vendors, or cross-border operations. https://eur-lex.europa.eu/eli/reg/2024/1689/oj - UK Legislation (UK GDPR / GDPR Article 33). Breach notification obligation: reportable breaches must be notified to the supervisory authority within 72 hours of discovery. https://www.legislation.gov.uk/eur/2016/679/article/33 - Verizon (2025). Data Breach Investigations Report. Finds that 95% of security incidents involve some form of human error or behaviour, supporting the case for policy and technical controls rather than awareness training alone. https://www.verizon.com/business/resources/reports/dbir/ - Reuters (2023). Samsung bans use of generative AI tools after staff leak via ChatGPT. Contemporaneous reporting on the Samsung incident, widely cited as an illustration of prompt leakage risk. https://www.reuters.com/technology/samsung-bans-use-generative-ai-tools-after-staff-leak-chatgpt-2023-05-02/ - OpenAI (2024). Enterprise privacy. Documents ChatGPT Enterprise commitments on data retention, training exclusions, and admin controls that differ materially from consumer-tier terms. https://openai.com/enterprise-privacy/

Frequently asked questions

Can I just ban staff from using AI tools entirely?

A total ban without an approved alternative typically drives use underground. Staff who find AI genuinely useful will find a way to use it, just without your oversight. A more effective approach is to approve specific tools with suitable controls, define clearly what types of content must not go into any public AI tool, and give staff a sanctioned route for the AI tasks that genuinely help their work. That combination is more reliable than a blanket prohibition.

What is the difference between a public AI tool and an enterprise one?

Public or consumer-tier tools typically operate under terms that allow the provider to log prompts, use them to improve the model, or retain them for safety review, unless users opt out or those features are turned off. Enterprise contracts for products like Microsoft 365 Copilot or ChatGPT Enterprise include explicit commitments around data retention, model training exclusions, and administrative controls. The contract terms are what matters, not the product name or how it looks on screen.

Does UK GDPR apply to AI tools even if no personal data is pasted in?

UK GDPR applies when personal data is involved. But even without personal data, client confidentiality obligations still apply if the content relates to a client's business, commercial affairs, or legally privileged matters. The NCSC's guidance on generative AI covers this broader category, advising firms to treat prompt confidentiality as an information security concern regardless of whether the content technically qualifies as personal data. Your duty to clients often runs ahead of the regulatory floor.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

A business professional sitting at a desk reviewing documents on a laptop, with client folders stacked to one side

How to stop staff using ChatGPT with client and confidential data

Your team's ChatGPT habit is likely moving client data outside your legal control, and this post covers the UK GDPR obligations, practical policy, and safer alternatives to get ahead of it.

A business owner looking at documents on a meeting room table with a laptop open beside them

Does your business actually need formal AI governance?

A decision guide for owner-managed businesses on when formal AI governance is genuinely required and when lighter controls are adequate.

Person reviewing a printed document at a wooden desk with a pen, natural light from a window

UK AI copyright rules explained for business owners

What UK copyright law actually says about AI tools and outputs, and where owner-managed businesses carry the real risk.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd