Legal updates and opinions
Author
News / News
AI and the Data Privacy Elephant in the Room
“The real problem is not whether machines think, but whether men do.” – B.F. Skinner
by Ahmore Burger-Smidt, Director and Head of Regulatory
Insights from the 2025 Report: AI Risk & Readiness in the Enterprise[1] Underlines the exponential threat that is not being addressed by AI progress. Data Privacy, a pressing issue that demands immediate attention!
From data leaks to regulatory “blind spots to shadow AI running amok“, the report highlights the fact that there are risks that cannot be ignored while organisations move towards the adoption of AI.
But what are these risks? More importantly, the question should be asked how to identify these risks.
Understanding and visibility into how AI models interact with personal data and sensitive personal data are crucial in identifying risks from a data privacy perspective. Without such insight, organisations will remain blind to data privacy risks within their environment, significantly increasing the risk associated with exposure to unauthorised use, access or further processing of personal information and data breaches.
The more data an AI model relies on, the higher the risk of exposing personal data and sensitive personal information. Shadow AI, meaning unauthorised or unmonitored AI use and tools, further compounds the above risk by operating outside of the organisation’s security visibility.
One of the core outcomes of the Report is the alarming statistic that 69.5% of organisations surveyed rank AI-powered data leaks as their biggest security concern.
As such, data leaks remain the most feared threat, informed by AI’s interaction with unstructured data and the rise of unauthorised models. But what to do?
Mitigating against data privacy breaches requires an understanding of what specific data is used for the particular AI model. Also, what the internal and external rules are in relation to the use of personal data and what the lawful basis is for doing so.
Organisations must conduct data privacy impact assessments to gain the necessary insight into privacy risk when considering AI. These assessments are a powerful tool in limiting the risk of exposure and detecting rogue model activity that could result in a data breach. Therefore, they are a crucial part of ensuring compliance with privacy legislation and protecting data subject rights.
The message: Understand what data the AI model relies on.
_________________________________________________
[1] AI Risk & Readiness in the Enterprise- 2025 Report.pdf (accessed 11 July 2025)
_________________________________________________
Read more about our Regulatory practice area.
Latest News
Letter issued by the Johannesburg Stock Exchange (“JSE”) on 24 April 2020 on Financial Reporting during COVID‑19 (“JSE Letter”)
by Kyra South, AssociateReviewed by Natalie Scott, Director Background Since the outbreak of COVID‑19, and the subsequent national lockdown declared [...]
Deadline for submission of COVID-19 Temporary Employer / Employee Relief Scheme (“TERS”) applications
By Jacques van Wyk, Director and Thabisa Yantolo, Candidate Attorney On 30 April 2020 the Department of Employment and Labour [...]
An extension of the validity of prescriptions in terms of an amendment to the Medicines and Related Substances Act No. 101 of 1965
by Neil Kirby, Director and Head of the Healthcare & Life Sciences practice and Zamathiyane Mthiyane, Senior Associate On 30 [...]
What is the role of the SANDF during the lockdown?
Nelsie Siboza, Candidate AttorneyReviewed by Naledi Motsiri The role of the South African Defence Force (“SANDF”) during the lockdown has [...]
Update on emergency procurement measures
by Sarah Moerane, Director On 19 March 2020 the National Treasury issued Instruction No 8 of 2019/2020: Emergency Procurement in [...]
Return to the workplace plans
By Jacques van Wyk, Director and Thabisa Yantolo, Candidate Attorney On 29 April 2020 the Minister of Cooperative Governance and [...]
