The Krehbiel Group, LLC

I can help you turn business goals into actionable systems.

The Krehbiel Group, LLC

I can help you turn business goals into actionable systems.

Your software just started reading your documents. Is that okay?

Greg Krehbiel06 mins
AI document summaries
Summary: AI-powered document summaries are becoming embedded in workplace tools, but many companies haven’t considered the copyright, confidentiality, and governance risks involved in allowing sensitive content to be processed by AI systems. Organizations need to evaluate how these tools handle data, clarify internal AI policies, and remain vigilant as software vendors quietly introduce new AI features into everyday workflows.

Yesterday I was working with a client on digital delivery of their content. We communicate throughout the process via Slack.

Then I noticed it. Slack offered an AI summary of the newsletter. My alarm bells started ringing.

This is copyrighted material. Should it really be uploaded to AI to get a summary? (Remember: AI can’t summarize a document without reading it, and once it reads it, … what then? Who owns it? Who can use it?)

In this particular case, it turns out that Slack has taken steps to protect confidentiality and copyright. Whether they’ve done enough for your enterprise, and whether other tools have done the same …. That’s what you need to find out.

Summary services like this are popping up everywhere – in email clients, file systems, and business platforms – whether you asked for them or not. In fact, you’re not even asked to “opt in,” and even if you don’t use them, your colleagues might be.

The danger is that these AI features are quietly normalizing the transmission of sensitive and proprietary material into systems most companies do not control or fully understand.

While these tools are incredibly convenient, they come with real and potential risks. I’ll name a few, then give a checklist for action.

Copyright

Allowing AI to summarize a copyrighted work might allow the AI to create a derivative product. This is all relatively murky right now, and “fair use” with AI summaries is going to take a while to sort out. But it’s something you should consider.

On the extreme end, the very fact that the content owner allowed the material to be uploaded to AI could be used by some lawyers to argue that the copyright holder didn’t take their copyright in the work seriously. That’s speculative, but you should be aware of the potential risk. In a worst-case scenario, widespread voluntary submission of copyrighted material into AI systems could complicate later disputes about control of content.

Confidentiality

Sometimes these summaries might be reading confidential information – either yours or a client’s. Whether or not the AI does something with the information, and whether or not it gets to the wrong people, it’s a dangerous situation to be in, and I’d hate to have to explain it to an irate client.

The Hole in Your AI Policy

Everybody’s scrambling to come up with policies to deal with AI. These new summary features might have flown under the radar. Make sure your policies govern when content can be “summarized” by AI because, as I said above, AI can’t summarize it without reading it.

Without strict guidelines, any employee might summarize a sensitive legal document or a confidential report.

Caution: Companies in regulated industries have to pay particular attention to this issue.

What to Do When You See One of These Summaries

When you encounter one of these summaries, you should stop and think.

  1. Does it matter? Does the content need protection?
  • Is it genuinely confidential?
  • Is it already public or widely distributed?
  • Is it time-sensitive — i.e., would exposure matter less in six months?
  • What’s the realistic harm if it were exposed?
  1. Who owns the rights?
  • Is it your content, your client’s, or a third party’s?
  • What does your agreement with the content owner actually say about third-party processing?
  • Is there an NDA or confidentiality clause that would be triggered?
  • Did the content owner ever contemplate AI use when they shared it with you?

Appropriate use. Using AI to summarize a public-facing marketing newsletter.

Risky use. Using AI to summarize an unreleased draft of a contract with a client.

Once you’ve decided that the content is worth protecting, and there is a potential danger, the next step is to figure out how to approach the vendor who’s offering these summaries. Here are some topics to explore.

Data Handling & Retention

  • Does the vendor store the content submitted for summarization, and for how long?
  • Is the content used to train or fine-tune AI models?
  • Is the processing done on the vendor’s own infrastructure, or is it passed to a third-party AI provider (e.g., OpenAI, Anthropic, Google)?

Green flag. An explicit “no training on customer data” rule, your admins can disable the feature, the entire process is managed “in house” by the vendor, and the vendor provides audit logs.

Red flag: If a third party is involved, it’s probably best to call it right there and opt out. You could ask what that third party’s data retention and training policies are, but it’s hard to believe you’ll get straight answers, and even if you do, the longer the chain the more likely there will be weak links.

Confidentiality & Access Controls

  • Who within the vendor’s operations (employees, contractors, auditors) can access content processed by the AI?
  • Is the content encrypted in transit to the AI for processing?
  • Are summaries stored, and if so, where are they stored and who can see them?

Copyright & Intellectual Property

  • Does using the summarization feature grant the vendor any license over the underlying content?

Practical Controls to Request or Verify

  • Can the AI summarization feature be disabled at the workspace or channel level?
  • Is there an audit log showing what content was submitted to the AI summarization feature?

Vigilance

We’re all trying to figure out this new landscape, and issues like this are going to pop up from time to time. The important thing to keep in mind is that the tech companies generally have a “worry about the legality later” attitude. They’re going to do what they want to do until someone makes them stop.

This is worse than “let the buyer beware” because all this happens after you buy something. The tech companies will be adding new features, and you have to decide if it’s in your interest to use them.

Keep a weather eye on tech. We live in a surveillance culture now, and it’s up to you to decide how much you’re going to put up with. Also, this is not a “one and done” audit. These features are being added all the time, in sometimes obscure and strange places.

Make a checklist of all the tech tools you use and check them periodically for new features that might expose your content.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News