If your team is rapidly adopting new technology to automate tasks, or your firm is still holding out to fully jump on the AI train, data security and privacy should always be top of mind when interacting with new tech. Check out some of the security measures Prophia has employed throughout the development of our AI.
Prophia is a breakthrough AI solution for CRE for many reasons. For one, our data scientists have been building our platform’s training dataset since 2019, constructing our current AI’s model using proprietary data from some of the leading CRE firms in the Northern Hemisphere.
It’s thanks to this training data, and our talented engineers, that Prophia today is capable of recognizing over 200 CRE terms and concepts found in standardized leases. This makes it possible for our platform to quickly brief leases, run reports, and create important contextual business intelligence across portfolios containing massive amounts of lease data.
Needless to say, Prophia’s AI model today is incredibly sophisticated, but the road to that advanced data processing system required a confluence of data access and data security to protect the highly sensitive documents that make up some of the country’s most prominent commercial portfolios.
Below, we address some of the common concerns users experience around AI and data security, as well as the data privacy and AI practices Prophia has always followed to build and sustain CRE’s most comprehensive machine learning model.
Jump To A Section in This Article
Common Data Privacy Concerns With AI
How Does AI Collect Data?
8 Practices For Safely Using AI
How Does Prophia Support Data Privacy?
AI is a relatively new tool that we are all learning to incorporate into our daily and working lives. So it isn’t surprising that many organizations have concerns regarding the adoption of AI to handle proprietary data. One of the most common concerns comes up around AI data collection.
In order for organizations to agree to a specific application’s method of data collection, the org must first give informed consent. This means all users have received adequate information and context about the way the app collects data and they have consented to that process by way of terms of service agreements or the privacy policy. Lack of transparent and clear consent processes can cause organizations to be weary of AI and slow adoption of a new technology like machine learning.
Some organizations may also be concerned about potential data breaches when sharing their data with AI. AI systems often store vast amounts of data, and if not properly secured, they can be vulnerable to this type of security event. Unauthorized access to proprietary information can lead to data theft, financial fraud, or other potentially harmful consequences.
For teams that are more familiar with the methods used to train and develop advanced machine learning models, they may have concerns about biased collection of data and a lack of diversity in the training dataset. When AI is trained on homogenous data, it can lead to biased outcomes and even, potentially, discrimination against certain groups. In order for AI to effectively use the data it collects, it must adhere to objective criteria, not create decisions based on personal attributes.
Addressing these privacy concerns requires a comprehensive approach that includes transparent data policies, strong data security measures, informed consent processes, regular audits, and adherence to relevant data protection laws and regulations. It is crucial for AI developers and organizations to prioritize privacy and ethical considerations throughout the entire data collection and AI development process.
One of the best ways to become more comfortable with AI is to fully understand the way it collects data. There are some standard processes and methods AI engineers will use depending on the system and intended purpose of the tech. For instance, web scraping is used to collect data from relevant web pages, text, images, and structured data to build datasets for training and analysis. Some AI models use public datasets compiled by organizations or researchers for testing and training AI models for natural language processing.
In the case of AI systems that interact with the physical world, data can be collected through sensors and Internet of Things (IoT) devices. These sensors capture real-time data like temperature, humidity, location, movement, and more, which are then used as inputs for AI models. Similarly, data that is user-generated comes from social media posts, comments, review, and online interactions and is widely used in sentiment analysis, recommendation systems, and understanding human behavior online.
Some AI models rely on data partnerships for compiling data to train and model an AI system. In these data partnerships, the AI tech will form a partnership or collaborative relationship with another company or entity to share data for specific AI projects. These partnerships can help AI developers safely access large, diverse sets of data from proprietary sources and build highly sophisticated or specialized AI.
AI applications built for market research may collect data through surveys and questionnaires from individuals within a target market or audience. It's important to note that data collection must follow ethical guidelines and ensure user privacy and consent. Additionally, AI developers should be mindful of potential biases that can be introduced by the data collected and work towards creating more inclusive and representative datasets.
Even though the field of AI is rapidly evolving, adhering to as many ethical guidelines and standards as possible throughout the development and design of any AI system. Throughout Prophia’s development, it was incredibly important for our engineers to adhere fully to ethical AI practices as well as software development practices such as the OWASP Top 10 recommendations for web application security.
While this is the primary standard Prophia uses to develop our AI ethically and safely for our clients, there are certain best practices that organizations can apply to their AI use and adoption.
Before using any AI-powered application or service, read and understand the privacy policy and terms of service. Ensure that you are comfortable with how your data will be collected, stored, and used.
Some red flags to watch out for in terms of service and privacy agreements included any non-reputable contracted parties listed in the contract, blurred lines pertaining to work ownership, no indemnity clause, payment conditions, termination clauses, etc.
When using any AI-powered applications, review the permissions they request carefully. Only grant necessary permissions for the app to function, and avoid apps that ask for excessive access to your personal data. Many reputable AI app providers have permissions features that allow organizations or teams to pick and choose who has access to what data.
Prophia users, for instance, can adjust user access at any time, limiting access to certain internal or external parties. This allows data to remain private while also giving every Prophia user governance flexibility or secure data access as deemed necessary.
AI cloud applications are fantastic for securely storing large amounts of data in a digital form, but if something should happen to that database that results in data loss, having a backup of the data you have uploaded into the cloud application can help fortify your organization from permanently losing those assets.
Stick to well-known and reputable AI platforms and applications from trusted sources. Be cautious about using unknown or unverified AI services, especially those that require access to sensitive data. End-to-end encryption is incredibly important for safeguarding particularly sensitive data, so look for applications that use certain levels of encryption when choosing an AI partner for your organization.
Always use strong and unique passwords for your AI accounts and avoid using the same password across multiple platforms. Enable two-factor authentication whenever possible for an extra layer of security. It’s also important to opt into two-factor authentication. This feature can offer an additional layer of security if a password should fail.
In order for an organization to secure the information it shares with third party tools, it’s important for team members who use those tools to access the data are doing so with updated software and applications. This will ensure the data platform always has the latest security patches and bug fixes.
Teams should also avoid using public Wi-Fi networks for sensitive AI interactions, as they can be more susceptible to data interception. Use a trusted and secure Wi-Fi network or consider using a virtual private network (VPN) for added protection.
Stay informed about potential AI-related risks and privacy concerns. Being aware of these issues will help you and your team make more informed decisions about the AI services you use and how your organization interacts with them.
By following these guidelines, users can enhance their safety and privacy when using AI and reduce the risks associated with data breaches and privacy violations. Being vigilant and informed about data protection measures is essential in today's AI-driven world.
As a trusted partner in CRE, Prophia has been committed to ethically developing and maintaining the data security standards of our AI system. This means handling confidential client information and proprietary portfolio data with the utmost care, establishing trusted partnerships with our clients, and fortifying our tech with security guardrails.
Clients and Prophia team members work closely together throughout the pilot and portfolio onboarding process, allowing every client to fully vet our system and data handling. In the case of CRE firm RXR, the pilot period lasted for a couple of months before the initial onboarding kicked off. Working with members of RXR’s leasing team, Prophia reviewed every document and annotation created by our AI to ensure the data was captured accurately and governed accordingly.
This human element in the onboarding process ensured to the RXR team that they always had a connection to a live person and that the Prophia team regarded their proprietary data with the same level of importance as the leasing team. Once the pilot period concluded, RXR proceeded with portfolio onboarding, uploading 256 leases across five assets in their commercial portfolio.
Prophia takes a number of security measures to ensure confidential data is handled effectively. This includes requiring any non-approved roles to acquire documented approval from the data owner to access confidential data, data encryption over public networks, and protections against data storage in non-production environments. Additionally, the platform requires all users to log on with a secure password as well as a unique passcode.
Due to the confidential nature of client documents, paper records of data stored on the platform are all labeled “confidential” and securely stored and disposed of. This includes securely wiping hard drives and mobile devices prior to disposal as well as destroying physical copies to protect client confidentiality.
To develop and maintain our AI, all development projects, including on-site software products, support services, as well as Prophia Cloud offerings follow secure development lifecycle principles. Any platform improvements or the production of new tools, products, and services undergo a design review. This helps ensure that any new features or design concepts uphold existing guardrails and AI data security requirements.
We employ a number of techniques to safeguard our training data against overfitting and bias. During any new training initiative, we separate data into training datasets and validation datasets. By keeping training and validation data separate, we can use validation data to test for bias in our training data. Additionally, prior to running training against new data, our selection process allows us to eliminate data that are too similar and avoid any bias upstream of the training process.
Prophia also uses third-party penetration testing and scans of all internet-facing systems to uncover any vulnerabilities in our AI. This penetration testing occurs, not only with the introduction of new features onto the platform, but also throughout the deployment and development of enhancements to existing features.
In addition to penetration testing, we also perform static and dynamic software application security testing of all code, including open source libraries, as part of our software development process. This ensures that any code we introduce into the system does not compromise the integrity of our security measures or the security of our client’s data.
AI may still be in its nascent stage—especially when it comes to CRE use cases—but we have long upheld the security and confidentiality of our clients’ anonymized data. This has allowed us to build lasting relationships with clients through the years and develop an AI system that is far ahead of alternatives in the CRE market today.