Why Las Vegas Businesses Shouldn't Put Company Data Into ChatGPT

I've had this conversation with at least a dozen Las Vegas business owners in the past year.

They're excited about AI. They've been using ChatGPT to write emails, summarize documents, and answer questions. Their employees have been doing the same — pasting client contracts, financial reports, medical records, and HR files into a free chat window on the internet.

I ask them: "Do you know where that data goes?"

They don't.

WHAT ACTUALLY HAPPENS WHEN YOU USE PUBLIC AI TOOLS

When an employee pastes a client contract, a patient record, or a financial report into ChatGPT, that text leaves your building and travels to OpenAI's servers. OpenAI's terms of service for free and many paid accounts allow them to use that data to improve their models.

That means your client's confidential information — the details they shared with you in trust — may be stored and used by a third party.

For most Las Vegas businesses, this isn't just uncomfortable. It's a legal problem.

If you're a healthcare provider subject to HIPAA, pasting patient information into ChatGPT is a potential HIPAA violation. There is no Business Associate Agreement between OpenAI and your practice. If you're a law firm, putting confidential client communications into a public AI tool may violate your professional responsibility rules. If you're a defense contractor with a CMMC requirement, using unapproved cloud tools for controlled unclassified information (CUI) is an immediate compliance failure.

And even if none of those regulations apply to you, you've potentially handed a competitor's-worth of information to a company you've never met, under terms you've never read.

THE SPECIFIC RISKS FOR LAS VEGAS BUSINESSES

Las Vegas businesses operate in a uniquely data-rich environment. The hospitality industry handles enormous volumes of guest personal and payment data. Healthcare is one of the fastest-growing sectors in the Las Vegas valley. Legal services, financial advising, and defense support are concentrated here in ways that don't look like a typical midsize American city.

That concentration of sensitive data is exactly why cybercriminals target Las Vegas — and it's exactly why the "just use the free version of ChatGPT" approach creates serious exposure.

Beyond the compliance angle, there's the competitive intelligence angle. If your employees are asking AI tools questions about your pricing strategy, your vendor relationships, your client situation — that information is potentially being processed, stored, and used outside your control.

"BUT CHATGPT HAS AN ENTERPRISE TIER NOW"

Yes, it does. OpenAI's ChatGPT Enterprise and the Teams plan offer data privacy commitments — your prompts are not used for training, and you get a data processing agreement. Microsoft Copilot for Microsoft 365 similarly includes enterprise data protection.

These are meaningful improvements. If your business is going to use public AI tools, you should absolutely be using the enterprise versions with proper agreements in place.

But even enterprise agreements have limits. Your data still lives on infrastructure you don't control, subject to terms that can change, managed by a company with its own security posture and incident history. For businesses with the highest sensitivity requirements — healthcare, legal, defense — that's still a risk.

THE ALTERNATIVE: PRIVATE AI

Private AI means running AI tools within your own infrastructure — on your own servers, your own cloud environment, or a private cloud tenant you control. The data never leaves your environment. There's no third-party company storing your prompts, no terms of service to worry about, no risk of data leakage to a public AI training pipeline.

Modern private AI setups are more accessible than they used to be. Tools like Ollama, LM Studio, and enterprise platforms from Microsoft and others allow businesses to run powerful language models locally or in a private cloud environment. The models themselves have reached the point where a locally-hosted AI tool can handle most business tasks — document summarization, email drafting, research, data analysis — without needing to send anything to an external server.

Yes, private AI requires setup. It requires someone who knows what they're doing. It requires an ongoing management commitment to keep the models updated and the infrastructure running. But for businesses with real compliance obligations or genuine data sensitivity, the setup cost is a fraction of what a single data breach would cost.

WHAT WE RECOMMEND

For most Las Vegas businesses, the answer isn't "never use AI." It's "use AI intelligently."

Start by auditing what your employees are actually doing. Shadow AI — employees using unapproved tools on company devices — is rampant. Find out what tools are in use before you can make good decisions about them.

Then make a decision by data category. Publicly available information? Use whatever AI tool makes sense. Internal operational data? Use enterprise-tier tools with proper agreements. Protected health information, legal matter files, CUI, or financial data? Private AI or no AI.

And document your policy. The businesses that will have problems are the ones that never addressed this at all. A clear acceptable use policy for AI tools is no longer optional.

702MSP helps Las Vegas businesses implement private AI tools that keep sensitive data inside your environment — no third-party exposure, no compliance risk. If your team is using AI tools and you're not sure what policies you have in place, that's a conversation worth having. Call us at (702) 333-2001 or visit 702msp.com.