Your Client's Inside Information is Sitting on Someone Else's Server Right Now
By Gabriel Tan | May 2026
Here is a hypothetical. An investor relations consultant in Hong Kong pastes a draft earnings release into ChatGPT. The draft contains the revenue figure, the earnings per share, and a forward-looking statement the client's CFO has not yet approved.
The polished version comes back in 20 seconds. The release goes out on schedule. Nobody complains.
I would bet money this has already happened. Probably more than once.
That revenue figure is material non-public information (MNPI) for a listed company. It left the firm's controlled environment the moment it hit the AI tool. It sat on OpenAI's servers under whatever retention policy applied to that account. It may have crossed from Hong Kong to a data centre in the United States. The consultant did not know which jurisdiction processed the request, how long the data would be kept, or what the vendor's breach notification commitment was.
This happens in PR and IR firms every day. Not because people are careless. Because nobody told them the difference between a consumer AI account and an enterprise one, and why that difference determines whether your firm just disclosed inside information to a third party.
The account tier is your regulatory perimeter
When your team pastes content into ChatGPT, Claude, or Gemini, the data travels to the vendor's servers. What happens next depends on four things: the account tier, the data processing terms attached to it, whether your firm has signed a Data Processing Addendum (DPA), and which jurisdiction the data lands in.
On consumer tiers (ChatGPT Free, ChatGPT Plus, Claude Pro), data may be retained for abuse monitoring even when chat history is disabled. Retention windows sit at around 30 days. Conversations may be used to improve future models unless the user has opted out. These are the defaults. Most users do not change them.
On enterprise tiers with a signed DPA, the position is different. Data is not used for model training. Retention is controlled and documented. The vendor commits to specific security standards and breach notification windows.
The difference between a Plus account and an Enterprise account is not price. It is the regulatory perimeter around your client's data.
Your junior analyst should not be the person deciding which tier to use. Your firm should have already decided for them.
What the securities regulators say
The data your IR or financial PR team handles is often MNPI. Every market you operate in regulates its disclosure.
In Singapore, the Securities and Futures Act (SFA) covers insider trading and improper communication of information. In Hong Kong, the Securities and Futures Ordinance (SFO) applies to listed issuers and the advisors they engage. In the UK, the Market Abuse Regulation (MAR) covers inside information for securities admitted to trading on a regulated market.
None of these regimes carry a written exception for "I was just using AI to clean up the language."
The legal question is simple. Did information that had not been made public leave your firm's controlled environment? If the answer is yes, disclosure has occurred. The fact that no human at the vendor company read it is not the point. The data left. The control left with it.
There is also a cross-border dimension. When an analyst in one jurisdiction pastes MNPI into an AI tool hosted in another, the data has crossed borders. Under Singapore's Personal Data Protection Act (PDPA), cross-border transfers require the receiving party to provide a comparable standard of protection. Under the UK's data protection regime, transfers outside the country require specific legal mechanisms to be in place.
The AI vendor is the data processor. Your firm is the controller. The obligations follow the data, not the person who pasted it.
Three AI-specific risks most firms have not considered
Standard data breach scenarios involve someone breaking in and stealing information. AI tools introduce three additional risks that most firms' incident response plans do not cover.
First, model inversion. An adversary can sometimes reconstruct private data from a model's outputs. If your client's data was processed by a model that was later compromised, fragments could theoretically be extracted, even if the original conversation was deleted.
Second, data leakage through internal representations. Some AI systems build compressed versions of input data that may surface in outputs to other users. This is a known research risk, particularly for consumer-tier services where isolation between user sessions is weaker than in enterprise deployments.
Third, hidden retention. Even when a conversation is "deleted," the vendor may keep input data in separate logs: security records, abuse monitoring, system performance data. These logs persist beyond the retention window the user sees in the interface.
Your firm's exposure is contractual and regulatory. Under ISO/IEC 42001 (the international standard for AI management systems), operational controls must extend to third-party AI tools used in your workflow. Under the EU AI Act, your firm is the "deployer," which means you carry operational liability for the AI tools you use in client work, even when you did not build them.
Five steps to fix this
This is not about banning AI. AI makes your team faster when used within the right controls. The fix is knowing where your client's data sits the moment you use a tool, and making sure that position is defensible.
Step 1. Find out what your team actually uses. Thirty minutes. One shared spreadsheet. Columns: tool name, account tier, who pays for it, what client work it touched last quarter. Include personal accounts, free trials, browser extensions, and mobile apps. The tools that catch firms are the ones nobody officially approved.
Step 2. Build an AI risk register. For each tool, document: vendor name, what type of tool it is (cloud service, browser extension, desktop app), the risk it introduces (data retention, cross-border transfer, security), what you are doing about it, and how often you review it. This register turns a one-time audit into an ongoing governance record.
Step 3. Set one rule. No client-identifiable data, no draft financials, no MNPI in any consumer-tier AI tool. Free accounts are out. Personal accounts are out for client work. If a tool does not have a signed DPA with your firm, it does not touch client data.
Step 4. Move client AI work to enterprise accounts with signed DPAs. Document which account is used for which client. Confirm the vendor's breach notification window: is it 24 hours, 72 hours, or something vaguer? Your firm's own notification clock starts from the moment you become aware of a breach. The vendor's response time directly determines how much time you have.
Step 5. Add one question to your release workflow. Before any deliverable goes out: "Was any client data entered into an AI tool not on the approved list?" The drafter answers. The reviewer verifies. One line on a checklist. Five seconds per deliverable.
The question to ask tomorrow morning
Show me the AI tools we used on our top five clients last month. Show me which ones sit on enterprise accounts with signed DPAs. Show me the vendor's breach notification commitment for each.
If that information cannot be assembled in 24 hours, you have a visibility problem. The risk has not disappeared because it is not on a dashboard. It is sitting on someone else's server, under someone else's retention policy, in someone else's jurisdiction.
The good news: the gap is not as wide as you think. A 30-minute audit, one spreadsheet, one rule, and one checklist question. That is the foundation. Everything else builds from there.
If you want help building it, that conversation is worth having before the next earnings season starts and your team reaches for the tool without thinking about where the data goes.
Gabriel Tan is the founder of Mekong Bridge Advisory. He builds structured execution systems for PR and communications firms.
