Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label ChatGPT Privacy. Show all posts
Data Privacy Laws
AI Chatbots AI Model AI Privacy Canada ChatGPT Privacy ChatGPT. OpenAI Cyber Privacy Cyber Security Data Privacy Laws

Canadian Privacy Regulators Say OpenAI Violated Federal and Provincial Privacy Laws

 

After months of scrutiny, Canadian oversight bodies determined OpenAI did not meet several national and regional data protection standards while developing its AI systems. This outcome emerged from a coordinated review spearheaded by federal Privacy Commissioner Philippe Dufresne, working together with counterparts in Alberta, Quebec, and British Columbia. 

What stood out in the findings was a pattern of data handling at OpenAI - massive volumes of personal details gathered, yet lacking strong protections or clear approval from affected people. Because of this approach, authorities concluded it clashed with rules set by Canada’s privacy law, known formally as PIPEDA, guiding how firms manage private data while conducting commercial activities. 

The way ChatGPT and similar artificial intelligence models were developed raised notable questions for oversight bodies. A key point centered on data collection practices - information about people pulled from open internet resources and external databases, often without clear notice to those affected. Officials pointed out that many users remain unaware their details might feed into machine learning processes. 

Another concern emerged around control: few practical options let individuals inspect, update, or request deletion of their data linked to these systems’ training records or responses. Oversight groups stressed that current safeguards fall short in offering real transparency or user agency. Questions arose about how dependable ChatGPT's answers really are. 

Some pointed out that current methods for managing false or confusing replies fall short - especially if private information is at stake. Even so, Canadian privacy authorities observed OpenAI engaging throughout the probe, committing in advance to adjustments meant to bring operations into line with national data rules. Following these steps, it appears older versions of the AI were phased out due to shortfalls in compliance, while new filters emerged - meant to spot and obscure details like contact numbers or full names across both open-access and legally obtained training collections. 

Some time soon, OpenAI will adjust how it explains the role of user chats in training its systems. A new phase involves more noticeable alerts for people using ChatGPT without logging in. These notices aim to guide visitors away from submitting private details. How exchanges help shape upcoming models will also become part of that message. Updates are meant to surface key points earlier in the experience. 

Further changes include streamlining how users access their data, while offering straightforward steps for disputing AI-generated inaccuracies. Officials emphasized protections for young relatives of well-known individuals - models must now avoid revealing personal details like names or birthdays if the child is not publicly recognized. 

Later scrutiny emerged when news surfaced connecting OpenAI to alarms tied to a violent event in Tumbler Ridge during early 2026, reigniting interest in an inquiry first begun in 2023. Though internal signals about the individual's activity were reportedly noticed earlier, officials claimed the firm failed to forward such red flags to Canadian authorities. Because of what followed, oversight bodies emphasized better coordination among artificial intelligence developers, police units, and public health offices whenever physical harm appears likely. 

Rather than wait, expectations now lean toward faster information sharing across these groups. Pressure mounts globally as scrutiny increases on firms using artificial intelligence, pushing them toward stronger safeguards for personal data. How information is gathered and applied in training powerful models now faces closer examination. 

Greater openness about methods has become harder to avoid. Responsibility for outcomes ties directly to practices behind massive data processing. Standards shift under persistent demands for clearer conduct.
Read more »
Privacy Act Australia
AI Risks ChatGPT Privacy Cyber Security NSW Cybersecurity Data Breach Generative AI NSW Government Personal Data Protection Privacy Act Australia

Sensitive Information of NSW Flood Victims Mistakenly Entered into ChatGPT

 


A serious data breach involving the personal details of thousands of flood victims has been confirmed by the New South Wales government in an unsettling development that highlights the fragile boundary between technology and privacy.

There has been an inadvertent upload of sensitive information by a former contractor to ChatGPT of the information belonging to applicants in the Northern Rivers Resilient Homes Program, which exposed the email addresses, phone numbers, and health information of thousands of applicants. NSW Reconstruction Authority informed us that the breach took place in March of this year. They said the incident was deeply regrettable and apologized to those affected as a result of this. 

It has been stated that authorities have not yet found any evidence that the data has been published, although they have acknowledged that it cannot be entirely dismissed as a possibility. The NSW Cyber Security NSW team is conducting an in-depth investigation into this matter to determine how much of the exposed information has been exposed and what precautions must be taken to ensure that the breach does not occur again. 

According to the NSW Reconstruction Authority, the breach was caused by a former contractor who uploaded an Excel spreadsheet containing over 12,000 rows of information without authorization to ChatGPT. This particular file, which contained details relating to the personal and contact details of thousands of people who were associated with the Northern Rivers Resilient Homes Program, is believed to have exposed the personal and contact information of as many as 3,000 people. 

It was launched in the wake of the catastrophic floods of 2022 to assist residents by offering home buybacks, rebuilding funds, or improving flood resilience in the area. In spite of the fact that the incident occurred between March 12 and 15, the public disclosure was delayed several months after the incident took place, coincidental with a public holiday in New South Wales. 

According to the authority, the upload was an isolated incident that was not sanctioned by the department. The specialists at Cyber Security NSW are currently reviewing the spreadsheet meticulously, line-by-line in order to determine if any information has been further disseminated or misused, and whether the disclosure is extensive enough to warrant it. 

Northern Rivers Resilient Homes was established to provide support to residents whose properties were devastated by the floods of 2022, through government-funded home buybacks in high-risk areas, along with assistance with rebuilding or strengthening structures that may be vulnerable to future disasters. 

This initiative has resulted in an array of homeowners, including Harper Dalton-Earls from South Lismore, providing extensive personal information during the application process. The application process for home acquisitions under the program was referred to as a “mountain of data” by Mr Dalton-Earls, who acquired his new home under the program. This is due to the extent to which a person's personal and financial details were shared with authorities. 

Despite this, the recent breach has raised serious concerns about the protection of privacy, since the names, addresses, email addresses, phone numbers, and other sensitive personal and health information of candidates were exposed. According to the NSW Reconstruction Authority, no evidence exists to show that the compromised data has been publicly disclosed, although the NSW Reconstruction Authority officials have acknowledged that there has been a delay in informing affected individuals of the complexity of the ongoing investigation and the delay in notifying them. 

During the meeting, the department reiterated that every precaution is being taken to ensure that accurate communication is provided to all impacted residents as well as to prevent any further dissemination of this information from occurring. Those who witnessed the incident have renewed their concerns about the security of personal data once it enters into generative artificial intelligence systems, which is highlighting the growing uncertainty regarding privacy in the age of machine learning. 

In addition to the major data breaches involving Optus and Medibank that exposed millions of personal details, Australia is now facing a more complex challenge where there are growing concerns about the blurring of lines between data misuse and data training. The experts warn that when using artificial intelligence tools, interactions are not private at all, pointing out that sharing sensitive information on such platforms can result in it being shared in a public forum.

Researcher Dr. Chamikara, who specializes in cybersecurity, emphasized that users should always assume that any data entered into a chatbot may be saved, re-used, or inadvertently exposed. Consequently, he urged companies to create robust internal policies prohibiting the sharing of confidential data with generative artificial intelligence systems, which will prevent a business from doing so. 

The Privacy Act 1988 of Australia still does not provide comprehensive provisions for the governance of AI models, which leads to significant gaps in accountability and the rights of users over their own data. This complicates the situation even more. According to the NSW Reconstruction Authority, it has been informed that it is reaching out to all individuals affected by the breach and is working closely with Cyber Security NSW to keep an eye out for any evidence of the breach on the internet and dark web.

In spite of initial findings indicating no unauthorized access to the system has yet been detected, authorities have established ID Support NSW to provide direct assistance and tailored advice to those affected by the issue. As a further recommendation, cybersecurity experts have suggested changing all passwords relevant to their account, enabling two-factor authentication, keeping an eye out for unusual financial activity, and reporting any suspicious financial activity to the Australian Cyber Security Centre and Cyber Security NSW. 

There is no doubt that the breach will serve as a resounding reminder of the urgent need for governments and organizations to improve data governance frameworks in the era of artificial intelligence. Experts advise that the importance of building privacy-by-design principles into every stage of digital operations is growing exponentially as technology continues to advance faster than the regulatory environment can keep up with.

There must be proactive education and accountability, which are more important than reactive responses to incidents. This is to ensure that all contractors and employees understand what AI tools are able to do for them as well as the irreversible risks associated with mishandling personal information. Additionally, the event highlights the increasing need for clear legislative guidance regarding the retention of AI data, the transparency of model training, and the right to consent for users.

The incident emphasizes the importance of digital vigilance for citizens: they should maintain safe online practices, use strong authentication methods, and be aware of where and how their data is shared with the outside world. While the state government has taken quick measures to contain the impact, the broader lesson is unmistakable — that, in today’s interconnected digital world, there is a responsibility for safeguarding personal information that must evolve at the same rate as the technology that threatens it.
Read more »
Subscribe to: Posts (Atom)