How to ensure data security in the age of AI? 

Data security is no longer just an IT concern — it’s a critical condition for successfully implementing (and using!) AI in business. In this article, we’ll show you how to approach data protection in your company. It’s not just about shielding your business from data security risks — it’s also about unlocking the full potential of artificial intelligence.

We’ll also draw from the experience of one of the industry leaders — Mark Birkhead, Chief Data Officer at JPMorgan Chase — who shared his insights on data management in the age of AI in an interview with McKinsey. 

Table of contents 

• What is data security? 
• Which data should companies protect? 
• Who is responsible for data security? 
• What are the main data security threats? 
• How does AI change our approach to data protection? 
• How to use AI safely? 
• How to protect privacy while keeping data useful? 

Every company processes data — about customers, orders, products, and payments. This data powers daily operations, supports decision-making, and fuels competitive advantage. But the more data you have, the greater the risk that something will go wrong. An unauthorized person might gain access. Someone might accidentally delete files. Or malicious software might encrypt your data and demand ransom. 

Today, there’s yet another risk: data shared with artificial intelligence (AI). AI tools can help you — but they can also expose your organization to data leaks if not used carefully. 

What is data security? 

Data security refers to all technical, procedural, and organizational measures we use to protect data. These measures help safeguard information from unauthorized access, loss, tampering, or destruction. 

Secure data means data that is: 

– Confidential – only authorized individuals have access, 
– Integral – not altered without permission, 
– Available – accessible when needed. 

This is the foundation of effective information security management in any company. 

Which data should be protected? 

Security is not just about protecting the personal data of your employees or customers. In your business, you process a wide range of information — about products, finances, orders, suppliers, logistics or employees. Data protection covers everything that has operational or strategic value, including critical data assets. In practice — everything your business depends on. 

Ask yourself: 

– Do you know who has access to which data? 
– Are you prepared for an external attack? 
– What happens if an employee makes a mistake? 
– Do your safeguards meet legal requirements, such as data privacy laws,  

If you hesitate to answer even one of these questions — it’s time to take a closer look at your data security practices. 

What data matters most?  According to Mark Birkhead Chief Data Officer at JPMorgan Chase, the top priority is protecting customer and partner data — such as sensitive personally identifiable information, including contact details, transaction history, and user behavior data. Beyond that, his team is focused on modernizing data so it’s ready for AI development. That’s why the company has created dedicated data strategy teams that explore the implications of AI and generative AI technologies. 

Many people assume that data security is solely the responsibility of the IT department. In reality, it’s a company-wide issue that requires collaboration across multiple teams. 

A lack of collaboration between these groups is one of the most common causes of data breaches. That’s why effective companies don’t just invest in technology — they also allocate significant resources to education and building a strong security culture. 

What does Mark Birkhead say about this? In his interview, he made it clear: “We are firmly invested in ensuring that data is used for the right purposes and in the right ways, aligned with our expectations around privacy and the commitments we’ve made to our customers and partners.” JPMorgan Chase ensures that every use case deployed across the organization relies on the right data, in the right format, and in the right locations. 

Without data, a company can’t operate. Data loss or a breach can paralyze operations or lead to costly damages that are difficult to repair. 

Hacking and cyberattacks 

Cybercriminals use various methods to break into corporate systems. The most common include: 

• Phishing – fake emails that try to trick users into revealing sensitive information, 

• Ransomware – malicious software that locks data and demands payment to restore access, 

• Brute-force attacks – automated attempts to guess passwords. 

Human error 

Not all damage is caused by attacks. Sometimes, it’s a simple mistake — sending data to the wrong person, accidentally deleting files, or clicking a malicious link. These actions can have serious consequences for the business. 

Loss or theft of devices 

A lost laptop, stolen phone, or unsecured USB drive can expose sensitive data to unauthorized access — especially if the data is not properly encrypted. 

Weak security measures 

Sometimes, we make things easier for attackers. Outdated systems, weak passwords, and the absence of two-factor authentication are all easy entry points for cybercriminals. 

Unauthorized internal access 

Access to sensitive data should be limited to those who truly need it. Unfortunately, that’s not always the case — leading to risks of data theft, misuse or accidental leaks. 

Disasters and system failures 

Fires, floods, hardware failures, or faulty software updates can result in data loss. Without regular backups, businesses risk losing critical information permanently. 

Use of data in AI tools 

And finally — a newer type of risk. Pasting a customer’s CV, a contract, or a company report into a public AI chatbot can be dangerous. Such data may end up in an external system and be used as training data for AI models or machine learning algorithms. While this doesn’t always happen, companies should be aware that any data entered into public AI tools may leave the secure boundaries of the organization. 

This is a topic worth exploring further — and that’s exactly what we’ll do in the next sections of this article. 

What does Mark Birkhead warn about? According to Mark Birkhead, “Managing data-related risk is incredibly important. The key to managing data-related risk is understanding what those risks actually are.” At JPMorgan Chase, the company focuses on several specific areas of data risk, including data quality monitoring, storage, protection, and proper destruction. 

Using chatbots, text generators, and data analysis tools has become part of daily business life. AI can process massive amounts of information, analyze user behavior, and much more. That’s why many companies now use it to support customer service, market analysis, proposal writing, and even strategic planning. On one hand, it creates a competitive edge — on the other, it introduces new risks that are not often openly discussed. 

If you copy parts of an internal report, a sales summary, or client data into a public AI chatbot (e.g. ChatGPT, Gemini, Claude), you’re actually sending that information to an external server — and losing control over it. 

Even if the tool claims to be safe, your data: 

• may be logged (for auditing or model improvement), 

• may be accessed by third parties (e.g. cloud service providers), 

• may remain in your account history. 

If you paste personal data, your company may violate data privacy laws such as GDPR. If you share confidential documents or trade secrets, you may breach NIS2 regulations. And if the data is part of sustainability reporting, you may also break CSRD rules. 

How to use AI securely in your organization? 

Using AI in business requires a responsible approach to data security. Here are a few basic rules that help reduce risk and protect company information: 

Review the AI tool’s privacy policy 

Each tool has its own data processing rules. In free versions, user input is often used to train AI models. If you’re using AI in a professional setting, opt for business-grade solutions. Look for features such as “data privacy mode”. This helps ensure your data remains confidential and under control. 

Define clear access rules 

Not every employee should use AI independently. Set policies on which tools are allowed, how they can be used, and what type of data can or cannot be shared. Don’t forget regular training — team awareness is key to security. 

Use on-site or dedicated AI models 

More companies are turning to private AI — deploying models locally or in private cloud environments. This helps ensure that data stays within the organization. Alternatively, choose providers that guarantee no data retention or use in model training. 

Anonymize data before sharing 

Never enter real personal or company data into AI systems — such as names, addresses, ID numbers, or bank details. If you need to test real scenarios, anonymize the data or use dummy values. 

How does JPMorgan Chase ensure secure AI usage? Mark Birkhead explains: “We’ve spent a lot of time investing in data management platforms to ensure we can manage data-related risk in a way that respects privacy.” The bank has built a central data management platform and invested in an LLM Suite, which provides secure access to language models for over 200,000 employees. This allows the company to implement strong protective barriers while improving productivity — without compromising on security. 

Data Anonymization Techniques 

Anonymization is the foundation of privacy protection, but its effectiveness depends on choosing the right technique for a specific purpose. There is no single universal method — each has its advantages, limitations, and impact on data quality. Let’s review the key approaches worth knowing and using consciously. 

Data security in the age of AI is not just the responsibility of IT departments — it is a responsibility shared across the entire organization. Companies must protect not only personal data but also product, financial, and operational information. The use of AI brings certain risks, including, for example, the unintentional sharing of sensitive data with external services. However, there are proven ways to use AI safely, in compliance with regulations and with sound business responsibility, while addressing the important ethical considerations of AI use. 

In an industry built on trust, precision, and insight, data is not just a tool — it is the foundation of operations. 

Interview: Data in the age of AI: A conversation with Mark Birkhead of JPMorganChase | McKinsey