Book a demo
All modules
Module 2 · 2:54

What Never Leaves the Building

Real leak stories for each data class, and the grey areas nobody warns you about.

What to remember

  • Sensitive data rarely arrives labeled; it hides inside conversations, attachments, code comments, and drafts.
  • The question can be innocent while the payload is not: check what travels underneath your ask before you paste.
  • Anonymized means the identifying context is gone, not just the name, and public means your company already published it.
  • One name is still personal data; small pastes add up.
  • When the email test says no, keep the question and drop the data: a placeholder gets you the same answer with none of the risk.

Quick check

Three questions, instant feedback. Two right completes the module.

1.You ask an AI tool to "help me format this table" and attach salary-review.xlsx. What actually leaves with your question?

2.An HR note swaps "Elena Marsh" for "E.M." but keeps the team, the dates, and the incident. Is it safe to paste?

3.The email test says no to a support thread you were about to paste. What is the move?

Transcript
0:01
Every leak starts with a reasonable request. The leak is what gets pasted underneath.
0:27
Customer data never arrives labeled. It arrives inside a conversation.
0:45
The ask was formatting. The payload was every colleague's salary.
0:59
Keys hide in comments, config blocks, and test files.
1:13
Unreleased numbers do not become safe because you wanted better wording.
1:27
Anonymized means the identifying context is gone, not just the label.
1:45
Public means your company already published it.
2:02
Keep the question, drop the data. A placeholder gets the same answer.
2:24
Keep the question, drop the data.
Keep going

Next up: Shadow AI and Approved Tools

The whole course is free and login-free. IT and security teams get the rollout kit with a quiz pack and an EU AI Act evidence checklist.