Make Sure to Read the Fine Print
Some applications, like Zoom, have recently amended their privacy and use policies to allow extensive rights to use some system generated customer data for artificial intelligence and machine learning to improve services.
Currently, customers cannot “opt out”. While Zoom states that this language does not apply to video, audio or chats, by enabling the use of enhanced artificial intelligence (AI) services, you consent to allow Zoom to use and store service generated data for any purpose. While the language states “as permitted under applicable law”, it is unclear how this new broad language will be implemented or monitored. Generative AI could pose a cybersecurity risk to your agency or statewide systems by allowing third parties to build and access profiles of state employees or processes.
ACTION STEPS:
- Read the fine print. Make sure that your IT and legal staff are reviewing all third party applications and vendor contracts to determine if privacy policies have been updated and what access to your data is being granted when you use these applications or services.
- If you have questions about terms of use and new AI features, contact the Operational Services Division.
- Talk to your staff about confidentiality and privacy concerns when using third party applications and vendors to reduce the type of data used to only essential data.
See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.