Data Sovereignty and AI – The reason why it is so extremely important to perform 3rd party supplier audits is not a secret, even if you have the most impervious security controls known to humanity it means zero when your providers do not have the same security first mindset.
The Australian Government may just have discovered this so that you don’t have too make the same mistake 🙁
The source article is here.
You are as secure as the weakest provider you contract to provide services.
On many Teams/Zoom meetings now are AI agents providing transcription services for the attendees of the meeting, many of these are processing their data offshore, using humans in the middle to verify some data and if they are free, then using the transcribed content for LLM training, or potentially even selling the transcription to the highest bidder.
Considering that many of these meetings are sensitive in nature, internal planning, roadmaps, in my industry “security vulnerabilities that need to be addressed”, can you trust your Transcription service?
In summary
Basically NO you can not, the data is probably being processed offshore breaking data sovereignty rules, furthermore you don’t know what is even happening with this data, how secure it is or anything else that could be comforting to know.
Your data has immense value don’t give it away, if you are going to cover a sensitive topic then turn off transcription or only use a service you can trust where the T&C’s show that your data is always your data and never shared.
And stop using AI agents where you can not completely understand the data processing information for anything sensitive.
Please contact me here if I can help in anyway with this topic or any other cyber related question.
