Why this matters
The fastest way to lose your job over AI is to paste something into a free chatbot you weren’t supposed to. Before any of the prompts in this course meet your real work, you need a clear picture of what’s safe to paste, what isn’t, and what your employer expects. This module is short on purpose, read it once, internalize the defaults, and use them as a filter every time you open a chat tab.
What NOT to paste
Default rule: if it would be a problem if it appeared on a public website tomorrow, don’t paste it into a free-tier consumer AI.
Specifically avoid pasting:
- PII: names with addresses, SSNs, IDs, anything that identifies a real person against their wishes
- Customer or client data: anything covered by a contract you didn’t write
- Financials: internal numbers, forecasts, deal terms, comp data
- Unreleased product info: strategy docs, roadmaps, prelaunch materials
- Health, legal, or HR-sensitive content: protected categories almost everywhere
- Credentials: passwords, API keys, tokens, anything with a “do not share” header
- Source code that your employer considers proprietary (varies, check policy)
When you need AI help on sensitive content, redact first. Replace names with [Customer A], dollar figures with [$X], and product names with [Project A]. AI doesn’t need the real values to give you good structural feedback.
How to read your employer’s AI policy
Most employers have one now. They vary, but here’s what to look for:
- Approved tools: does the company have a sanctioned AI (often Copilot or an enterprise ChatGPT)? If yes, that’s where you should be working. Free tiers are usually a no for work content.
- What’s prohibited: most policies list specific data categories you can’t paste (PII, customer data, source, financials).
- Disclosure requirements: some require you to mark AI-assisted output, especially for client deliverables or external comms.
- Training opt-outs: does the policy require you to use enterprise tiers that don’t train on your inputs?
If there’s no policy: check with your manager or IT. Don’t assume “no policy” means “anything goes.” It usually means “we haven’t written it down yet but we’ll be unhappy if it goes wrong.”
Consumer vs enterprise tools
A short version of the difference:
| Tier | Who pays | What they do with your data | When to use |
|---|---|---|---|
| Free consumer | You (with attention) | May train on your inputs (varies, check current policy) | Personal practice, public information, role-play, learning |
| Paid consumer (Plus/Pro) | You | Less likely to train on inputs; check current policy | Personal use, side projects, non-work content |
| Enterprise (Copilot for M365, ChatGPT Enterprise, Claude for Work, Gemini Enterprise) | Your employer | Contractual data protections; typically does not train on your inputs | Real work content, when your employer has it set up |
Rule of thumb: practice on free, but real work content should run on whatever your employer has approved.
The redact-first habit
A practical pattern that keeps you safe across almost every situation:
- Before pasting, do a 5-second skim. Anything sensitive?
- If yes, copy it to a scratchpad first. Replace names, IDs, dollar amounts, product names with brackets.
- Paste the redacted version.
- When you get the AI’s output, restore the real values yourself before sending.
This costs you 30 seconds and protects you from the entire category of “I didn’t realize that was sensitive” mistakes.
Try It At Work: Find Your Policy
Time: 10–15 min
You’ll need: Whatever channel your employer publishes policies through (intranet, HR portal, employee handbook, IT page, Slack #policy).
Do this:
- Search for “AI policy,” “generative AI,” “ChatGPT,” or “Copilot.”
- If you find one, read it once. Note: approved tools, prohibited data, disclosure requirements.
- If you don’t find one, note who you’d ask (manager, IT, HR).
Done when: You can answer: Is there a policy? Which tools are approved? What’s prohibited?
Try It At Work: Practice a Redact Pass
Time: 5 min
You’ll need: A real email or doc from your job that contains a name, a number, or a project codename.
Do this:
- Copy it into a scratchpad (Notes, a blank doc, anywhere local).
- Replace each sensitive item with a bracketed placeholder: [Customer A], [$X], [Project A].
- Read it back. Could a stranger figure out what or who it’s about? If yes, redact more.
Done when: You have a redacted version that’s safe to paste anywhere, and the habit took under a minute.
Key takeaways
- Default rule: don’t paste anything you wouldn’t want public into a free-tier consumer AI.
- Always check your employer’s AI policy. If there’s no policy, ask, don’t assume.
- Free tiers are for practice; real work content goes on whatever your employer has approved.
- Redact-first is a 30-second habit that prevents the entire “I didn’t realize” category of mistakes.
Quick Check
1. The default rule for what NOT to paste into a free-tier consumer AI is
2. If your employer has no written AI policy, you should
3. Where should real work content (not practice) generally run?
4. The redact-first habit means