What Are the Risks of Information Leakage with the Introduction of Generative AI? Defense Strategies with "AI Internal Regulations" Explained by Lawyers

Generative AI has evolved beyond a mere tool for operational efficiency, becoming an essential infrastructure that influences a company’s competitiveness. However, alongside its rapid adoption, there are increasing risks of “information leakage” and “privacy violations” that are fundamentally different from those associated with traditional IT systems. In many organizations, the convenience of generative AI is prioritized, leading to the proliferation of “shadow IT,” where employees use AI without clear guidelines. This has inadvertently resulted in confidential information being incorporated into AI model training.

This article elucidates the leakage mechanisms inherent to the technical personalityistics of generative AI and organizes the significant risks that may arise from a legal perspective under Japanese law, such as the Unfair Competition Prevention Act and the Personal Information Protection Act. Furthermore, it discusses the importance of establishing effective internal AI regulations to prevent these risks while accelerating business growth.

The Necessity of Unique “AI Internal Regulations” for Implementing Generative AI in Japan

As the societal implementation of generative AI accelerates, many organizations in Japan tend to proceed with its adoption solely because it is “convenient,” without conducting adequate risk assessments.

Particularly in small and medium-sized enterprises, disparities in IT literacy and a lack of legal resources have led to ad-hoc usage, creating a “negative spiral.” This negative spiral refers to the confusion at the operational level due to the absence of clear usage standards, which results in the risk of information leaks from inappropriate inputs by some employees. Organizations, sensing this risk, may impose a blanket ban before considering specific countermeasures. However, the demand for convenience drives employees to continue using personal accounts in secret, leading to what is known as “shadow IT” or “shadow AI.”

The fear of shadow IT lies in the fact that critical trade secrets and customer personal data, which could determine the future of the company, are transmitted to external platforms without any organizational control and are secondarily used as training data for AI models. Ignoring this situation not only increases the likelihood of information leakage incidents but also risks losing the “confidentiality management” under the Japanese Unfair Competition Prevention Act, potentially leading to the forfeiture of protection as intellectual property rights.

Therefore, what organizations truly need is not a blanket prohibition or leaving everything to the discretion of the field, but the formulation of unique “AI internal regulations” based on a correct understanding of the personalityistics of generative AI. Simply repurposing guidelines for general cloud services will not address the unique processes of generative AI, such as the use of input data for AI learning (posing risks as materials for context learning and fine-tuning). It is crucial to understand the necessity of building governance that ensures information security while enabling the organization to utilize the powerful tool of generative AI in a legitimate and safe manner.

Mechanisms and Case Studies of Information Leakage by Generative AI in Japan

When using generative AI, the most critical point to be aware of is that the prompts or data input by users may be sent to the servers of the businesses that develop and provide the AI models, where they could be utilized as “training data.” The fundamental difference from traditional search engines or translation services is that fragments of the input information are incorporated into the AI model’s internal system, posing a risk that they may be output as “part of the response” to queries from other users, potentially including employees of competing companies.

Case Study of Confidential Source Code Leakage at Samsung Electronics

The case that brought this specific risk to global attention was the source code leakage incident at South Korea’s Samsung Electronics. In May of Reiwa 5 (2023), an engineer at the company inadvertently input highly confidential source code into ChatGPT during debugging work related to semiconductor programs. Additionally, another employee was found to have pasted meeting minutes containing undisclosed product strategies into a prompt to summarize internal meeting content.

This data was absorbed as internal learning material by the AI model due to the mechanism OpenAI had adopted by default at the time, which utilized input data for model training. The essential lesson from this incident is that even without malicious intent, employees’ natural actions to “improve work efficiency” can directly lead to information leaks that cause critical damage to the organization.

“External and Internal Leaks” Due to System Failures or Configuration Errors

Moreover, the risk of leakage is not limited to secondary use for learning. In March of Reiwa 5 (2023), a system failure in ChatGPT resulted in a bug that allowed some users to view the titles of other people’s chat histories. This was due to a defect in the service provider’s program, indicating that information can be exposed due to vulnerabilities in external platforms, regardless of how well users adhere to rules.

Furthermore, tools like Microsoft 365 Copilot, which integrate with organizational documents, pose an “internal leak” risk if internal access permissions are not properly configured. Employees without the appropriate viewing rights may be able to search and summarize confidential documents via AI.

Loss of “Non-Publicity” and Decline in Corporate Competitiveness

The damage to trade secrets means that once information is learned, it permanently loses its “non-publicity” in the digital space.

The scenario where a competitor consults AI on a specific technical issue and receives a groundbreaking solution input by your company as a response is no longer a mere fantasy. It is crucial to recognize that careless input into generative AI not only results in information leakage but also fundamentally undermines the outcomes of years of research and development and strategic advantages of a company.

Risk of Losing Protection for Trade Secrets Under the Japanese Unfair Competition Prevention Act

Inputting confidential information into generative AI poses a significant legal risk of losing protection as a “trade secret” under Japanese law. Under Japan’s Unfair Competition Prevention Act, information must meet all three of the following criteria to be protected as a trade secret:

Regarding “Secrecy Management,” according to the Ministry of Economy, Trade and Industry’s “Trade Secret Management Guidelines” and “Handbook for Protecting Confidential Information,” the information holder must intend to manage the information as a secret, and employees must be able to recognize this management. If employees input trade secrets into generative AI without company consent, or if the company fails to enforce appropriate settings (such as opting out), a court may determine that “the company did not take appropriate measures to protect the secret,” leading to a high likelihood of denying secrecy management.

Reference: Ministry of Economy, Trade and Industry｜Trade Secrets—Protecting and Utilizing Trade Secrets

Next, regarding “Non-publicity,” if the inputted information is used for AI model learning and becomes a source for responses to users worldwide, it can no longer be considered “not publicly known.” Once this legal requirement is not met, even if the information is imitated by other companies or taken by employees who change jobs, injunctions or claims for damages under the Japanese Unfair Competition Prevention Act cannot be made. In other words, careless input into generative AI is equivalent to voluntarily abandoning the value of a company’s intellectual property rights.

As a recent development, the “AI Business Operator Guidelines (Version 1.0)” published in April of Reiwa 6 (2024) emphasize risk mitigation throughout the AI lifecycle. These guidelines indicate that AI users should be cautious with input data and prompts to prevent inappropriate input of confidential information as a “common guideline.” If an organization fails to establish appropriate governance in line with these guidelines, the risk of falling outside the framework of legal protection is significantly heightened.

Reference: Ministry of Economy, Trade and Industry｜AI Business Operator Guidelines

Breach of Non-Disclosure Agreements (NDA) and Contractual Risks Under Japanese Law

In many business transactions in Japan, a Non-Disclosure Agreement (NDA) is executed to protect information entrusted by the other party. Inputting information into generative AI can violate these contractual obligations and carries the risk of incurring significant liability for damages.

Typically, NDAs include clauses such as “prohibition of use for purposes other than those of this agreement” and “prohibition of disclosure to third parties without prior written consent from the other party.” Actions by employees, such as inputting materials disclosed by business partners into generative AI for summarization or analysis, are highly likely to constitute clear violations of these clauses.

From the perspective of the contracting parties, AI service providers are considered “third parties.” Except for API usage and corporate paid plans, services provided under general terms and conditions typically store input data on the developer’s servers and use it for purposes such as model improvement. This situation constitutes using entrusted information “outside the purpose of the contract” and providing it to “third parties.”

Furthermore, according to a warning issued by the Digital Agency and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) in February of Reiwa 7 (2025), when using AI services based overseas, such as DeepSeek, there is a risk that data will be stored on foreign servers and subject to local laws (including potential censorship or seizure). Placing business partner information in such uncertain environments provides a strong basis for questioning a breach of the duty of care under the contract.

Violation of the Japanese Personal Information Protection Act and Privacy Risks

When handling personal data in the use of generative AI, strict compliance with the Japanese Personal Information Protection Act and related guidelines is required. The Personal Information Protection Commission has issued a notice in June 2023 (Reiwa 5) considering the spread of generative AI services, clearly outlining the obligations that businesses must adhere to.

Specificity of Purpose and Profiling Considerations Under Japanese Law

According to Article 21, Paragraph 1 of the Japanese Personal Information Protection Act, when personal information is acquired, the purpose of its use must be promptly notified or disclosed to the individual, unless it has been publicly announced in advance. When personal data is used for AI learning, it is crucial to determine whether this action falls within the scope of the existing purpose of use or if a new purpose, such as “AI learning and output generation,” needs to be specifically identified.

Particularly in the context of recruitment and personnel evaluation, when AI is used to analyze (profile) a candidate’s personality or suitability, it may significantly impact the individual’s rights and interests. Therefore, it is required to specifically and clearly define such analytical processing as a purpose of use. In discussions aimed at legal amendments from Reiwa 7 (2025) onwards, emphasis is placed on the “right not to be subject to” decisions based on profiling and ensuring transparency. There is a trend towards strengthening regulations on automatic decision-making by AI.

The Boundary Between Third-Party Provision and “Entrustment” Under Japanese Law

When inputting personal data into AI services, it is crucial to determine whether this action falls under “third-party provision” as per Article 27, Paragraph 1 of the Japanese Personal Information Protection Act, or if it qualifies as “entrustment.” Generally, if the input data is used by AI developers for training their own models, it is likely considered third-party provision, as the entrusting party does not fully control the purpose of use. In such cases, obtaining prior consent from the individual is necessary. However, in practice, acquiring individual consent for AI input from an unspecified number of people is extremely challenging.

On the other hand, if it is contractually guaranteed that the input data will not be used for training (such as in API usage or certain corporate paid plans), it becomes easier to categorize the situation within the legal framework of “entrustment.” Nevertheless, even in such cases, companies are obligated to exercise necessary and appropriate supervision over the entrusted party (AI service provider) in accordance with Article 25 of the Japanese Personal Information Protection Act.

Considerations for Providing Data to Third Parties Located Abroad Under Japanese Law

When utilizing AI services offered by foreign entities such as OpenAI (USA) and DeepSeek (China), the “Restrictions on Providing Data to Third Parties Located Abroad” under Article 28 of Japanese law apply. If data is to be provided to businesses located in countries not recognized as having protection standards equivalent to Japan, it is necessary to provide information about the local legal system to the individual and obtain specific consent.

Particularly, in the advisory issued by the Personal Information Protection Commission and the Digital Agency in February of Reiwa 7 (2025), concerns were raised about privacy violations due to geopolitical risks. These concerns are related to services where data is stored on servers located in China, which may be subject to government censorship or data requisition under local laws such as the “National Intelligence Law.” Inputting personal data into such services could potentially be recognized as unjustly infringing on the rights and interests of individuals, necessitating careful consideration.

System Measures to Minimize Risk Under Japanese Law

To make AI internal regulations effective, it is essential to establish systematic “guardrails” rather than relying solely on the personal awareness of employees. By combining the latest AI technologies with regulations, it is possible to significantly enhance legal safety in Japan.

Ensuring Safety Through Opt-Out Settings and API Usage

The most fundamental measure is to rigorously implement an “opt-out” option, ensuring that input data is not used for AI learning. In personal services like ChatGPT, users may be able to disable the history function from the settings menu to refuse learning. However, relying on individual employee actions is not recommended from an organizational control perspective.

A more reliable approach is to use an API (Application Programming Interface). Major AI providers explicitly state in their terms that data sent via API is not used for model learning. By developing a custom internal front-end that utilizes APIs, it becomes possible to systematically block the secondary use of input data for learning.

Contractual Assurance Through Enterprise Plans

When implementing AI across an organization, it is worth considering adopting enterprise-level paid plans such as ChatGPT Enterprise or Azure OpenAI Service. These services apply strict enterprise terms that differ from personal plans, ensuring that data rights belong to the user company, data is not used for model learning, and encryption (AES-256, TLS 1.2+, etc.) is guaranteed during data transfer and storage.

Additionally, selecting services that have undergone independent audits like SOC 2 Type 2 provides objective evidence of a certain level of security management. This is useful for explaining the rationality of vendor selection and the appropriateness of risk management. However, the mere presence of such certifications does not immediately fulfill the duty of care, and additional considerations based on specific usage and risks are necessary.

Masking and Anonymization of Data

As a technical operation, implementing “masking” processes that automatically replace personal names or specific project names in prompts with asterisks or symbols before input is effective. This ensures that even if an unexpected data leak occurs on the platform side, the information does not link to specific individuals or corporate secrets, thereby minimizing actual harm.

Key Points of AI Internal Regulations to Prevent Information Leakage in Japan

Effective internal regulations should not merely be a “list of prohibitions.” They must serve as concrete guidelines that enable employees to immediately determine the permissible extent of AI usage while avoiding legal risks under Japanese law.

Redefinition and Hierarchization of Prohibited Input Information

It is crucial to avoid vague expressions like “prohibition of inputting confidential information” and instead define and categorize information according to its nature.

• Level 1 (Absolutely Prohibited Information): Unpublished information entrusted by clients under an NDA, unpublished financial results of the company, proprietary algorithms, and personal data such as customer names and addresses.
• Level 2 (Conditionally Permitted Information): Anonymized meeting minutes, organization of publicly known technical information, and proofreading of standard business emails.
• Level 3 (Recommended Usage Scope): Syntax checks of programming languages, explanations of general concepts, and brainstorming.

By defining these categories with specific examples, employees can reduce decision-making costs and prevent unintentional violations.

Exception Approval Process and Context Report

Uniform prohibitions can lead to shadow AI usage. Therefore, an “exception approval process” should be established for cases where it is necessary to input advanced information into AI for specific tasks, such as reviewing certain contracts. This process should require the submission of a “Context Report,” which includes the following three elements, rather than a simple request to use AI.

1. Tool: Which AI model will be used and under what settings (opt-out, API usage, etc.).
2. Input: What type of data (including whether it contains personal information) will be inputted.
3. Output: For what purpose (internal use only, client submission, web publication, etc.) the generated output will be used.

By having the legal and IT departments review this report in advance, organizations can systematically balance risks and benefits.

Special Provisions for Handling Personal Information

The regulations should include special provisions to ensure consistency with the Personal Information Protection Law in Japan. As a general rule, inputting personal data in a manner that allows individual identification should be prohibited. If it is essential for business purposes, the workflow should clearly state the need for obtaining appropriate consent based on the law and updating the privacy policy in advance.

Additionally, when using AI for profiling in recruitment processes, it is important to understand the limitations of AI decisions (such as the risk of hallucinations) and incorporate the “Human-in-the-loop” principle, ensuring that final decisions are always made by humans.

Monitoring and Response Mechanisms

Simply establishing and disseminating regulations is insufficient for governance. It is necessary to continuously verify whether the established rules are being followed and to incorporate a system in the regulations to prepare for any unforeseen circumstances.

Recording Usage and Audit Authority

The company should explicitly state its authority to record AI usage logs conducted through the internal network and to regularly audit the contents. Storing logs functions as a “preventive deterrent” to detect inappropriate use, such as excessive input of personal information, at an early stage. Additionally, in the event of an incident, these logs serve as the foundation for digital forensics, allowing for accurate identification of when, who, and what information was input.

Initial Response to Incidents

In cases where information leakage is suspected, it is crucial to establish reporting routes and response procedures. Unlike physical loss, leakage through AI input makes it extremely difficult to halt the spread of information. Therefore, upon discovering an incident, it is essential to immediately consider requesting deletion from the AI service provider and simultaneously organize an emergency response team to fulfill legal reporting obligations to affected business partners and the Personal Information Protection Commission under Japanese law (such as Article 26).

Continuous Updates (Agile Governance)

The technological evolution of generative AI and the surrounding domestic and international regulations are changing at an unprecedented pace. The formulation of the “AI Service Provider Guidelines” in Reiwa 6 (2024) and the planned amendments to the Personal Information Protection Act from Reiwa 7 (2025) to Reiwa 8 (2026) are examples of how rules are constantly being updated.

Therefore, internal regulations should not be treated as a “set and forget” matter. It is necessary to regularly review them in short cycles of about six months to a year, ensuring they are responsive to technical personalityistics and emerging geopolitical risks, such as the rise of new services like DeepSeek. This practice of “agile governance” is essential.

Conclusion: Establishing “AI Internal Regulations” to Harness Full Potential While Managing Risks

The disruptive convenience brought by generative AI is no longer a mere option for companies; it has become an essential source of competitive advantage necessary for survival. On the other hand, the risk of “information leakage” detailed in this article poses a real threat that could render trade secrets, painstakingly built over years, worthless overnight, strip away legal protections, and erode social trust. However, excessively fearing these risks and completely banning the use of AI would stagnate the organization and foster unregulated use beneath the surface, presenting another significant risk.

What is truly needed is the establishment of robust “guardrails” based on legal expertise, creating an environment where employees can confidently, safely, and fully leverage AI’s capabilities. Clear internal regulations are not merely documents of restriction. They represent the organization’s commitment to defining and protecting the value of its information, ultimately forming the foundation of “trust” with business partners and society. When an organization correctly understands the mechanisms of AI and the associated legal risks, and when technical measures and internal regulations function as two wheels of a cart, only then can generative AI become a true driving force for business advancement.

Guidance on Measures by Our Firm

Monolith Law Office is a legal firm with extensive experience in both IT, particularly the Internet, and law. The AI business involves numerous legal risks, making the support of attorneys well-versed in AI-related legal issues indispensable. Our firm provides advanced legal support for AI businesses utilizing technologies like ChatGPT, through a team of attorneys and engineers proficient in AI. Our services include drafting contracts, assessing the legality of business models, protecting intellectual property rights, addressing privacy concerns, and establishing internal AI regulations. Detailed information is provided in the article below.