Every company continuously strives to increase employee productivity and efficiency. If you’re a software developer working on a product that handles sensitive data, it’s common you’ll be restricted in the apps and tools you’re allowed to use due to privacy or security concerns. It’s important to remember, that data hosted in 3rd party clouds is not yours, it’s theirs. Even big enterprise companies we “trust” are sometimes caught with their hands in the cookie jar. Privacy policies and T&Cs change in line with the ever-evolving product you’re using.

Nestled among lengthy boring legalese, lie the broadest definitions of data they process and the most obscure reasoning for why. That is if you’re lucky they keep it up to date at all. Sometimes it takes being caught red-handed before they alert you of a privacy specific policy change. This, I fear is the case for a lot of SASS start-ups who, in the race to the top, do not yet have the processes in place, the wherewithal or the care to create them. For that would risk slowing them down.

The privacy and security of business, client, and user data were always a concern. It’s just heightened now thanks to aggressive AI training from hyper-competitive AI startups. The world’s written and photographic data is continuously gobbled up to train AI models to gain an edge over the competition. Private documentation, code repositories, and unreleased features outlined in JIRA cards should never be used to train AI no matter how segregated or anonymized they promise it will be. Bugs and mistakes happen and I’m not convinced anybody understands how models operate to undoubtedly say “There are no bugs here”.

Developers praise one model over another, forgetting the basis for why one becomes better than the other. It begins and ends with data. The eye of Sauron is turning to fresher data with higher quality. Companies that train general-purpose chat models are distinguished by how data is sanitized, tagged, and organized before being fed by the truckload into the training process. Fresh clean data is king in the land of AI. The businesses you or I work for, likely produce some of the richest data of any group of internet users daily. Slack knows this, which is why your business’s chat messages are highly desirable.

Slack is among the latest in the line of “trusted” SASS companies that treat your data as their own. Businesses that rely on Slack are pretty much stuck with it because a lot of historical context is buried in there and it would be too disruptive to perform any sort of migration without hindering business operations. After many are entrenched, they change how they process “your” data, and if you’re paying attention to the announcement, you can opt-out. But only if you send an email with a specific subject line, from a specific email address to their support email address, and wait a while for a reply.

Placing this kind of policy change behind an overburdened opt-out process, the same processes UX designers at Slack eradicate in every other area of their product, instead of offering an opt-in checkbox, is a scummy tactic. Designed to take advantage of those who fail to give their full attention. To think that Slack, a “trusted” company, would bait and switch the data belonging to the very businesses that are already paying them a hefty €14.10 per Business+ user every month for their services to the tune of $1.5 billion revenue in 2022. But I digress.

When it comes to developers who design and code systems that handle sensitive business information or client data, the threat of this data being used to train AI models and/or leaked through prompting shared models oftentimes takes precedence over the bad actors of old, who still try to gain access to systems and data they shouldn’t.

Privacy and security scrutiny is even higher depending on the types of clients you have or want, and the kinds of data you have access to. Military, medical, aviation, and financial companies that manage very sensitive data hold privacy and security in the highest regard, and they should. They’ll usually ensure that any 3rd party vendors are compliant with a multitude of standards before they entertain a service contract. ISO 27001, HIPPA, SOC 2, PCI DSS, and GDPR are examples of some popular standards that businesses in relevant industries need to comply with to be successful.

AI training only adds one more risk to the list. 3rd party vendors of software for writing and running code, hosting documentation, or tracking tasks, have to be carefully vetted before we’re permitted to use them. At the end of the day, there are humans on the other end who could, if they wanted, peruse your data in their database. They just pinky promise not to. Not to be all doom and gloom, there are venerable companies out there, when pressed, were sincere in their marketing.

It’s important to reiterate that your company wants you to succeed and be more effective. Despite our best intentions as software writers, it’s not always possible for us to use any tool we want to do our job no matter how easy or ergonomic it makes our lives in software development. There’s a lot at stake in building a successful business. It’s just not worth it to risk it for a biscuit.