Generative AI has moved from the margins to the meeting room in record time. Yet one concern still tops every risk register: “Will ChatGPT or Claude leak our sensitive data?”
Our latest New Zealand‑centred study of enterprise editions says the fear is mostly misplaced—and the productivity upside is too big to ignore.
Data breaches travel at the speed of social media. A single leak can erode customer confidence and trigger mandatory notifications under the Privacy Act. For regulated sectors—finance, healthcare, government—the bar is even higher. That’s why LLM data safety has become both an IT and board‑level conversation.
Our research compares ChatGPT Enterprise, Claude Enterprise, Microsoft 365 Copilot, and Google Workspace Duet across five pillars of data protection:
| Pillar | Key Findings |
|---|---|
| Training & Model Isolation | Both ChatGPT Enterprise and Claude Enterprise contractually exclude customer prompts from model training. |
| Retention & Deletion | Standard retention is 30 days or less, with options for zero‑retention modes on request. |
| Compliance | SOC 2 Type II and ISO 27001 certifications are table stakes; NZ Privacy Act alignment is explicit in supplier DPAs. |
| Encryption | Data in transit and at rest is encrypted using industry‑standard protocols (TLS 1.2+/AES‑256). |
| Auditability | Enterprise logs include user, timestamp, and prompt details for full traceability. |
Bottom line: Modern enterprise LLMs offer data controls on par with mainstream SaaS platforms—often stronger than the internal file shares people still email around.
Most “AI leaks secrets” stories focus on public, consumer‑grade chatbots. Enterprise editions sit on separate infrastructure, carry bespoke data‑processing agreements, and allow customers to disable usage logging. The nuance rarely makes the article, but it matters.
Map your data flows. Identify which teams need LLM access and what data classes they handle.
Enable enterprise controls first. Block consumer accounts and route staff to enterprise tenants with audit logging.
Update the Privacy Impact Assessment. Reference contractual clauses that prohibit training on customer data.
Coach responsible use. Provide prompt‑hygiene guidelines—no personal data, no complete source code, minimal client identifiers.
Monitor & iterate. Review logs monthly and refine policies as adoption scales.
Kiwi organisations from banks to universities are already rolling out LLM pilots under these safeguards. Early metrics show double‑digit time savings on routine drafting and data analysis, with zero reportable privacy incidents to date.
“The audits satisfied our legal team; the productivity wins convinced the CFO.” — CIO, NZ Top 50 firm
We distilled 40+ pages of technical analysis, vendor interviews, and policy checklists into one actionable guide. Grab the report here to brief executives, legal counsel, and security teams in under 30 minutes.
Peter Mangin has been working in AI and technology for over 25 years. He has helped more than 400 businesses use AI to find new ways to grow and improve. Peter knows how to turn AI ideas into real-life solutions that make a difference. As your part-time Chief AI Officer, he brings smart ideas and hands-on help to keep your business ahead in a fast-changing world.
Located in Auckland, New Zealand, AI Innovisory is your strategic partner in navigating the complex landscape of AI and its transformative impact on businesses. We are not an AI solution provider but a dedicated AI consulting firm that empowers businesses to harness the power of AI in innovative and strategic ways.
If you’re prepared to lead in your industry, we’re here to help you excel. Let’s explore how you can maximise the potential of advanced technologies.
Don’t just be in the game – be ahead of it.