daBongo LMS AI Training Courses

← Back to Course

Safety, Privacy, and Responsible Use of Claude

Lesson 1: What Not to Share With Claude – Privacy in Practice

Log in and enroll to track lesson completion.

Lesson Objectives

By the end of this lesson, students should be able to:

  • Identify six categories of sensitive information to protect in Claude conversations
  • Apply anonymization and substitution techniques to use Claude effectively without sharing private data
  • Understand their organization's data policies as they relate to AI tool use

Lesson Content

The privacy question to ask before every paste.

Before pasting any content into Claude, ask yourself: "If this conversation were visible to a third party, would this content create a problem?" That question covers personal data, organizational confidentiality, client information, and regulatory exposure.

This is not about distrust. It is about professional discipline. AI tools – like email, messaging apps, and cloud documents – are part of your digital environment. The same data hygiene habits you apply to those tools should apply here.

Categories to protect:

1. Personally identifiable information (PII): Full names, email addresses, phone numbers, physical addresses, Social Security numbers, passport numbers, date of birth combined with other identifiers, financial account numbers. Avoid pasting documents containing PII unless you have confirmed your platform's data handling is appropriate.

2. Client and customer data: Any information that belongs to your organization's customers, clients, or partners – purchase history, correspondence, contact records, account details. Your organization's data handling policies govern this data, and using it in AI tools may require specific approval.

3. Protected health information (PHI): Any information about a patient's health, treatment, diagnosis, or care. PHI is subject to HIPAA (and equivalent regulations in other jurisdictions). Do not use Claude to process identifiable health information unless you are operating under a data processing agreement that covers this.

4. Employee and HR data: Performance reviews, disciplinary records, compensation details, medical accommodations, personal circumstances shared in a professional context.

5. Organizational confidential information: Unreleased product plans, financial projections, merger or acquisition discussions, proprietary processes, competitive strategy.

6. Legal and regulatory sensitive material: Privileged attorney-client communications, ongoing litigation details, regulatory filings under NDA.

The anonymization technique.

You can usually accomplish your goal with Claude without sharing the sensitive data itself. Anonymize it:

  • Replace real names with [PERSON A], [PERSON B], or role descriptions ("the manager," "the client")
  • Replace specific financial figures with representative numbers ("the contract is worth $X") unless the exact amount is necessary
  • Replace company names with "Company A" or role descriptions ("our largest client")
  • Replace identifiers with placeholders that preserve the relationship without the identity

Then ask Claude your question about the anonymized version. The analysis, advice, or drafting help is equally useful – and no real data has been shared.

Check your organization's AI policy.

Many organizations have issued policies on what data can be used with which AI tools. Before using Claude for work-related tasks involving client or employee data, verify that your organization's policy permits it. If you are uncertain, ask your IT, legal, or compliance team. "I wasn't sure what our policy was" is not a defense if a data exposure occurs.

Practical Example

An HR manager needs Claude to help draft a response to a performance situation.

Risky approach:

Here is the performance review for John Smith, Employee ID 94231, in the marketing department. He has missed 6 deadlines this quarter and received two verbal warnings. Help me draft a PIP.

Better approach:

I need to draft a performance improvement plan for an employee on my team. The situation: the employee has missed 6 deadlines in the current quarter, received two verbal warnings (documented), and is in the marketing department. I will not be including the employee's name or ID.
Draft the PIP framework for me – I'll insert the specific details from the employee's record when I finalize it.

The anonymized version accomplishes the goal without sharing PII or identifiable employee data.

Lesser-Known Tip

Some Claude product configurations offer enhanced data handling for enterprise users – including data that is not used for model training and SOC 2 compliance documentation. If your organization handles regulated data (PHI, financial data, legal material), investigate whether an enterprise configuration with appropriate data agreements is available before using AI tools for that category of work. Verify these arrangements directly with the provider – do not rely on assumptions.

Safety Notes

If you accidentally paste sensitive data into a Claude conversation, note the session. Most personal use configurations do not retain conversation data indefinitely, but review the platform's data retention policies to understand what was stored and for how long. Do not paste the same data again. For organizational data exposures, notify your security or compliance team according to your incident response procedures.

Practice Task

Review three tasks you have used or would use Claude for. For each one, identify whether any sensitive data would be involved. For any that involve sensitive data, write out the anonymized version of what you would paste into Claude to accomplish the same goal without the real data.

Completion Check

You should be able to identify the six categories of sensitive information to protect, apply the anonymization technique to a real work scenario, and describe when to check your organization's AI policy before proceeding.

Lesson Quiz

Log in and enroll to take this lesson quiz.

← Back to Course

Scroll to Top