ChatGPT Privacy, Security, and Data Integrity

Utilizing a tool like ChatGPT or other AI models to process or analyze confidential project information can indeed present risks.

ChatGPT and Project Management

  1. Data Security: If the data being processed involves sensitive or proprietary information, there’s a risk that it could be exposed or intercepted, despite the efforts of providers to maintain confidentiality. You should carefully review the terms and conditions of the service to understand what measures are in place to protect data and whether those measures meet the standards of your organization and regulatory requirements.
  2. Compliance Concerns: Depending on the jurisdiction and the industry you are working in, there may be legal and regulatory obligations to safeguard certain types of information. Utilizing a third-party tool could lead to non-compliance with these regulations, especially if the provider doesn’t meet specific standards like GDPR, HIPAA, etc.
  3. Intellectual Property Risks: If the information being processed involves intellectual property or trade secrets, utilizing a third-party service might expose that information in a way that could be harmful to your organization’s interests.
  4. Trust and Ethical Considerations: There might be concerns from stakeholders, including team members, clients, or partners, about the ethical handling of data, especially if it involves personal or highly sensitive information.
  5. Technical Controls and Auditing: Depending on the design and deployment of AI tools like ChatGPT, it might not be feasible to have sufficient technical controls, monitoring, and auditing mechanisms in place to ensure that the data is handled appropriately and securely.

It would be prudent to avoid using such tools with confidential information unless you are certain that all relevant risks have been properly assessed and mitigated, and that the use of the tool aligns with your organization’s policies and legal obligations.

Risks & Mitigations

Utilizing a tool like ChatGPT with confidential projects poses several risks, and it is essential to identify and understand these along with potential mitigations.

  1. Data Leakage Risk
    1. Mitigation: Implement strict access controls, use end-to-end encryption, and work closely with the provider to understand their data handling procedures to ensure data is not stored or shared inappropriately.
  2. Non-Compliance with Regulatory Requirements
    1. Mitigation: Thoroughly review all relevant regulations (such as GDPR, HIPAA) that apply to your projects and ensure that the use of ChatGPT complies with these requirements. Obtain legal advice if necessary.
  3. Intellectual Property Exposure
    1. Mitigation: If discussing or processing intellectual property, ensure that all agreements with the provider include strong protections and that the provider’s practices align with your organization’s IP policies.
  4. Loss of Control Over Sensitive Information
    1. Mitigation: Implement robust oversight and control measures, including monitoring and auditing of interactions with the AI, to ensure sensitive information is handled appropriately.
  5. Potential Reputational Damage
    1. Mitigation: Clearly communicate with stakeholders about how data is being used and managed and make sure that the use of AI tools like ChatGPT aligns with the ethical standards and expectations of your organization and partners.
  6. Lack of Auditability and Traceability
    1. Mitigation: Maintain detailed logs and records of interactions with the AI, including what information was shared, when, and why, to support potential audits and investigations.
  7. Technical and Security Risks (e.g., hacking, unauthorized access)
    1. Mitigation: Utilize strong authentication measures, secure communication channels, and perform regular security assessments to identify and address potential vulnerabilities.
  8. Potential Bias and Inaccuracy in AI Responses
    1. Mitigation: Understand the limitations of the AI model, provide proper training to staff interacting with the AI, and implement human oversight to review and validate critical decisions or recommendations made by the AI.

In conclusion, before you use ChatGPT or any other AI assistant programs with your project information, you likely need to consider the above.  You should also check your company guidelines, use common sense, discuss with your company security team and / or check online AI support forums if you have questions.

Michael C. Davis, PMP, SMC, LSSGB, ITILv3, GWCPM  | LinkedIn

Content Generated From: ChatGPT 4.0 😊

Bad Project Scope

Bad Project Scope -

A bad project ‘Scope’ can leave a bad taste in everyone’s mouth. It is difficult to control / manage a project scope if it’s not well defined. There is an overall project scope and scopes of work within a project. All should be well managed / documented to understand impacts and ensure all project stakeholders are on the same page with impacts.

Simple change control processes and logs are essential for project management.

Manage the project and don’t let the project manage you.

#projectmanagers #businesssolutions #projecttemplates #projectmanagement #projects #projectscope

Are you ready to implement an Enterprise Project Management (EPM) or a Project Portfolio Management (PPM) solution?

To EPM or Not to EPM -

Michael Davis, PMP, ITIL v3, GWCPM - Links OpPap (Opinion Paper) / Blog)
Topic: Enterprise Project Management (EPM) / Project Portfolio Management (PPM)
Author: Michael C. Davis, PMP (, ITIL v3, GWCPM
November 17th, 2016

If you say you are ready to implement an EPM / PPM solution, let us define ready.  Ready can mean a lot of different things.  It could mean you or someone from your company heard the buzz words of EPM or PPM and thought it would be a cool thing to do.  It could also mean you have corporate / management support, understand the real benefits of enterprise project management or project portfolio management and what it takes to implement.  You may even be somewhere in the middle.

Before I get started, let’s make sure we are all on the same page when we talk about EPM or PPM.  I snagged both definitions of EPM and PPM from the trusty Wikipedia site.

Enterprise Project Management (EPM) – Source: Wikipedia, in broad terms, is the field of organizational development that supports organizations in managing integrally and adapting themselves to the changes of a transformation. Enterprise Project Management is a way of thinking, communicating and working, supported by an information system, that organizes enterprise’s resources in a direct relationship to the leadership’s vision and the mission, strategy, goals and objectives that move the organization forward. Simply put, EPM provides a 360 degree view of the organization’s collective efforts.

Project Portfolio Management (PPM) – Source: Wikipedia, is the centralized management of the processes, methods, and technologies used by project managers and project management offices (PMOs) to analyze and collectively manage current or proposed projects based on numerous key characteristics. The objectives of PPM are to determine the optimal resource mix for delivery and to schedule activities to best achieve an organization’s operational and financial goals, while honoring constraints imposed by customers, strategic objectives, or external real-world factors.

Now, on to the show…

Too many times a great sales person puts on an incredible show of bells and whistles of the latest ‘solution’ to real business problems dealing with high project workloads and resource management.  The problem is that for the most part, once the smoke clears from the fountains and sparklers, most people walk out saying ‘we have to have that’.  What they may have missed, or even it may have be omitted from the demonstration, is the amount of work that must occur by your IT department, resources, project managers, resource managers and executives to make ALL those pretty blinky lights blink and dashboards dash.  This is why I ask if you are ‘ready’.  To have a usable EPM or PPM solution you must put stuff in to get stuff out and that stuff must be good stuff.  Otherwise garbage in, garbage out.  That good stuff mentioned includes but not limited to:

  • Executives activating projects using a pipeline with appropriate budgeting data and customer completion expectations.
  • Resource managers properly balancing their resources and assigning to projects.
  • Project managers loading and maintaining project schedules with resources and baselines
  • Resources entering / tracking their time against the projects (if time tracking is required).

There are a bunch of back end things to consider as well. Who will gather the requirements of the solution that you want to implement.  In many cases I have seen consulting companies do this for businesses however this may become a never ending dependency (YAY FOR THE CONSULTING COMPANY).  Who will administer the solution (User management, infrastructure hardware and software, adding / changing the solution based on new or changing requirements).  Don’t freak out though, you just need to pick your starting point.  Start with identifying the business problems you are trying to solve?  Here are some typical business problems many businesses face when considering an EPM or PPM solution:

  • We need to be able to make accurate data driven decisions related to our projects.
  • We don’t have a good way of knowing if a project is truly on budget and / or on schedule.
  • We don’t have a good centralized way of knowing the health of an individual project the portfolio of projects.
  • We don’t have a good way to be able to prioritize projects.
  • We don’t have a good way to know a project is about to be in trouble until it’s too late.
  • We don’t know if our resources are over or under allocated.
  • We don’t know which resources are available for projects.
  • We don’t have an easy way to report on projects or the resources assigned to them.

I could go on and on based on my experience with several solution rollouts with different companies.  Just like when selecting a car to buy, it’s always best to know what kind of car you really need before a car sales person talks you into what they want you to buy.  So with that being said, MAKE SURE to define your business problems FIRST before you say you are ready for an EPM or PPM solution.  You also need to know what stuff you expect to get out of a solution before trying to determine what to make it look like…. BLINKY LIGHTS!  Don’t let yourself get caught up in all the ‘COOL STUFF’ a solution can do, because not all of it could be what you TRUELY need.

There are a lot of companies and solutions out there, so make sure to shop around with your business problem list and any requirements that you may have already gathered.

I am available to help with making that first step before you really make it. I’m kind of like a crawl instructor with graduation being that first step.  Please feel free to contact me using my contact form on

Thank  you for taking the time to read this OpPap from (Michael C. Davis, PMP ITIL v3, GWCPM)

This post from this site cannot be reproduced, rewritten or used in any other way without permission (this excludes the sharing of unedited versions on social media or other websites with credit to You can request permission using our contact form –

Knight Business Solutions – New Member

Knight Business Solutions Logo

PMLinks - Project Management - LogoWe would like to welcome Knight Business Solutions to our directory and as a member.  You can see all of their project management related services using this link –

If you are in the field of project management and would like to also be added to the directory, you can by going to the website –