How to Prevent Staff Uploading Confidential Files to AI Tools

One of the most urgent information governance challenges facing South African organisations in 2025 is preventing staff from uploading confidential documents to AI tools. ChatGPT, Copilot, Claude, and dozens of specialist AI tools now accept file uploads: PDFs, spreadsheets, Word documents, images of scanned IDs. Each upload potentially transfers personal information to a third party without authorisation.

Why Simple Prohibitions Do Not Work

Most organisations that have addressed this risk at all have done so by telling staff verbally or in a meeting: "Don't upload client files to AI tools." This approach fails for several reasons:

• Staff who were not in the meeting never received the instruction
• There is no written policy to enforce against
• No one monitors whether the instruction is being followed
• Staff who upload files usually do so with good intentions — they are trying to be efficient, not malicious
• Without understanding why it is a problem, staff revert to old habits under deadline pressure

Layer 1: Written Policy

The foundation is a written AI acceptable use policy that explicitly addresses file uploads. The policy must:

• Define which AI tools are approved for use at work
• State clearly that no client personal information, employee records, financial documents, or ID documents may be uploaded to any AI tool on the non-approved list
• Identify specific prohibited document types: bank statements, payroll files, tax returns, HR records, contracts with personal information, scanned identity documents
• Specify the consequences of a violation
• Be acknowledged in writing by every staff member covered by it

The written acknowledgement is your evidence that staff were informed. Without it, the organisation cannot demonstrate it took reasonable steps.

Layer 2: Classification

Staff cannot comply with a prohibition on uploading "confidential files" if they do not know which files are confidential. A document classification system (Public / Internal / Confidential / Restricted) gives staff a clear signal. If a file is labelled Confidential or Restricted, staff know it must not be uploaded to any consumer AI tool, regardless of the specific prohibition list in the policy.

Classification also enables technical controls: security tools can detect when a file with a Confidential or Restricted label is being uploaded to an external URL and block or alert on it.

Layer 3: Training With Specific Examples

Generic data protection training does not change behaviour. Training that uses examples from the specific role does. An accounting firm should train on: "Here is what happens if you paste this client's bank statement into ChatGPT — this is where it goes, this is why it is a problem, this is what the consequences are for the client and for us." That specificity is what makes training stick.

Layer 4: Technical Controls

Where managed devices and IT infrastructure allow:

• Browser extensions: Deploy a managed browser extension that monitors and alerts on uploads to AI platform domains (chat.openai.com, claude.ai, gemini.google.com, etc.)
• DLP rules: Microsoft Purview and Google Workspace DLP can detect and block uploads of files containing personal information patterns (ID numbers, banking details, payroll markers)
• Conditional access: Block AI tool access from unmanaged personal devices via conditional access policies
• Network monitoring: Network-level detection of large file transfers to known AI platform IP ranges

Technical controls are not a substitute for policy and training. A determined staff member can use a personal device on mobile data. But technical controls on managed devices catch the majority of unintentional violations and create a compliance record.

Layer 5: Monitoring and Consequences

Prevention without monitoring is theatre. Implement a periodic review of AI tool usage on managed devices. When violations are detected, address them consistently — first-time violations through remedial training, repeat violations through the disciplinary process. Documented, consistent enforcement is what makes a governance programme credible.