Imagine an employee pastes client information into ChatGPT to get a quick summary, with no malicious intent. It’s a worker treating an AI tool like any other productivity shortcut, without insight into what happens to the data on the other side.
It’s exactly the kind of scenario that employment attorney Tara Humma warns has legal exposure for employers. Humma, who advises multi-state employers at Rimon Law, says often risk comes from well-meaning employees who simply haven’t been told where the lines are.
But that’s not an excuse for the organization if something goes wrong. “The law says what it says,” Humma says. “It says you can’t discriminate, you have to protect confidential information. It doesn’t matter what tool you use to break the law.”
Whether an employee posts patient data on social media (which sounds crazy) or pastes it into an open-source AI tool (which sounds less crazy, but is equally dangerous), the confidentiality violation is the same. Intent doesn’t change the exposure.
Let’s look at some of the most protected data, health information. Despite the fact that this is well-known territory for HR teams, there are still privacy shortfalls. Since the HIPAA Privacy Rule took effect, federal regulators have received more than 366,000 complaints and imposed nearly $144 million in penalties in 147 cases, often for failures to protect patient information. In 2024 alone, covered entities reported 725 large healthcare...
A federal judge on Monday largely blocked U.S. Immigration and Customs Enforcement from carrying out civil immigration arrests at several Manhattan immigration courthouses, after government lawyer...