Absolutely wild how many companies are adopting AI notetaking apps for meetings.

Y'all'er just chill sending your planning, product direction and revenue details to some random third party in exchange for them doing the low value task of halfassing note taking for you?

@jessie Yeah, but they've signed the NDA, and we can sue them in case of a leak 🤡

@jessie people are still using Slack

@jessie especially given cases like the AI summarized that kept going after the meeting with a third party client had ended, then gave the transcription of confidential business details to the third party member of the meeting via an automated email.

@jessie we were encouraged to use it, but were also given a list of topics never to discuss in meetings with it turned on - the list includes every topic you would ever need to discuss in a real work meeting

@jimbob @jessie I really hope this AI bubble explode fast.

@jimbob @jessie

😆

@jessie @buherator Even wilder if you try to explain the associated risks, and people with power to veto this crap are like “Yeah, risk accepted. It’s just too convenient.”

@buherator @jessie Oh em gee, this is brilliant 😂😂💀

@jessie

Yes, the use of AI notetaking apps and services is extremely problematic in regard to data privacy and protection of proprietary data.

In many circumstances, it is even used in a way that is straight up illegal. And the responsibility very often falls on the data processor (the organization using this app).

Organizations need to have strong policies and much better practices regarding the use of AI notetaking services (and recording in general).

Lawsuits related to problematic uses and data breaches from these third-party apps are very likely to start popping all around in the years to come...

#Privacy #AI #DataProtection

@SomethingGeneric @jessie That happened in a meeting I was in. Someone inadvertently turned it on in Teams (which is a whole other crock of sh*te), it did transcription and kept video clips & circulated it! Fortunately nothing too bad was said after the other third party left!
The meeting host is still suing the company involved for data protection errors - none of us gave consent to be recorded or transcribed.

@pa27 @jessie I'm shocked that's a default for teams. Not to appear a shill for Google, but meets doesn't default to recording, and makes a hell of a ruckus for everyone in a meeting if the host manually enables it, and shows an explicit "click here to leave call of you don't consent to being recorded."

@Em0nM4stodon@infosec.exchange @jessie@mastodon.social Are there any rulings/rules on the usage of AI in areas where HIPAA compliance is required? I would assume it is banned outright.

@fugitivemonkey @jessie

Unfortunately not directly, which leads to a lot of confusion about the use of AI.

Most privacy laws are too old to contain points specific to AI systems. However, the EU just came with the EU AI Act, which is going to address some of this. Not perfectly, but it's a good starting point other regions should follow.

That being said, AI systems are not absolved from data privacy regulation concerning data collection, protection, and notification. So the answer really depends on each usage and circumstances.

However, collecting data (by recording a conversation) without prior consent and/or notice is very likely to be illegal in most situations, doubly so for sensitive/health data.

The content of the conversation, the image or a person, the voice of a person, end up being collected by this third-party software in the process, and this needs to follow privacy regulations properly, AI or not, HIPAA or not.

Additionally, recording without proper prior consent of all participating parties can even be a criminal offense in some jurisdictions.