OpenAI and Anthropic have made their enterprise privacy positions clear, promising not to train models on data from enterprise accounts. However, the real risk to corporate secrets lies with employees using consumer accounts to handle sensitive information. Both companies draw a distinction between enterprise and consumer tiers, with the latter allowing training on user chats unless individuals opt out.
Data Retention
Even within properly configured enterprise accounts, data retention periods can range from 7 to 30 days, posing a risk to industries operating under strict regulatory frameworks. The breach point is not the technology, but rather the humans using it, as employees may inadvertently leak confidential information through consumer accounts.
Regulatory Implications
For industries such as healthcare, finance, and legal services, careful evaluation of data retention and access is necessary to ensure compliance with regulatory frameworks. The question is no longer just about training on enterprise data, but also about who can access data during the retention period and under what circumstances.
Based on reporting from cryptobriefing.com.


