Your Team Is Already Using AI. Do They Know What Not to Put In It?
Most Australian businesses now have staff using ChatGPT or Claude daily, but no rule on what data is safe to enter. That gap is a quiet privacy and IP risk, and it's a governance problem, not a technical one.
Most businesses I speak to now have ChatGPT, Claude, or Copilot in use across their team. It's daily, practical, and it works.
What's usually missing is the conversation about what data should and shouldn't go into those tools. Not because anyone's careless, because no one's written the rules yet.
Why the gap matters
Client data. Intellectual property. Confidential processes. On consumer-tier AI tools, without the right data controls in place, that content can feed the provider's model-improvement pipeline, quietly, if the policy conversation never happens.
This is worth being precise about, because the picture changed over the last couple of years:
- Free and consumer tiers (ChatGPT Free/Plus, the consumer Claude and Gemini apps) often may use your conversations to improve their models unless you opt out. The control exists, but someone has to switch it on.
- Business and enterprise tiers (ChatGPT Team/Enterprise, Claude Team, Microsoft Copilot for M365, Gemini for Workspace) generally exclude your data from training by default, under their commercial terms.
So the risk isn't "AI is dangerous." The risk is that nobody has decided which tools and which tiers your team is allowed to use, and what they're allowed to put into them.
It's a governance problem, not a technical one
You don't fix this with software. You fix it with a decision, written down, shared with the team, and revisited when the tools change.
The good news: this is relatively new territory for almost everyone. There's no expectation you had it figured out already. But there's also no excuse to leave it unaddressed once you know.
A simple test for where you stand right now: what's your current answer when a staff member asks, "Can I put this into ChatGPT?" If the honest answer is "it depends who you ask," you have a policy gap worth closing.
What good looks like
A workable AI usage policy doesn't need to be long. It needs to be clear: which tools are approved, what data is off-limits, who checks AI output before it goes out, and how someone raises a concern. Get those decisions made and written down, and you're already ahead of most businesses.
NXT Innings helps Australian SMBs put a clear, practical AI usage policy in place, customised to your team and delivered in days. See the AI Usage Policy Package or start a conversation.
Want to talk through what you read?
Start a conversation, or book a 30-minute call. No pitch, no pressure.