Question 35
IVEmployees begin pasting sensitive customer data into an unsanctioned public chatbot to get quick answers. From an AI governance perspective, what is the primary concern?
Correct answer: B
Explanation
The guide says AI governance must “establish policies and procedures to apply throughout the AI life cycle” and govern “the collection and use of data in training and testing.” Pasting customer data into an unsanctioned public chatbot puts data outside organizational controls, so it may be stored, used for training, or exposed by the external service, creating privacy, security, and compliance risk.
Why each option is right or wrong
A. That employees might become too productive.
AI governance focuses on risk management and policy, not limiting productivity gains.
B. That sensitive data may be stored, used for training, or exposed by an external service outside organizational controls, creating privacy, security, and compliance risks.
The issue is that the customer data is being transmitted to a third-party service that the organization does not control, so the organization cannot govern retention, reuse, or disclosure of that data. Under the AIGP body of knowledge, this falls squarely under governing the collection and use of data in training and testing, and deploying/use controls must account for privacy, security, and compliance exposure when data leaves organizational boundaries.
C. That the chatbot’s interface is not branded correctly.
Branding is not the primary governance issue; data handling and control are.
D. That the public chatbot uses a different programming language.
Programming language differences are irrelevant to governance of data use and exposure.