Here Are the 7 Jobs Most at Risk of an AI Data Leak
Some jobs risk far more than a leak when they use consumer AI: healthcare, law and finance lead. Here are the 7 most exposed jobs, and the fix they share.
Some jobs risk far more than a simple leak when they use consumer AI. The rule is simple. The more sensitive or regulated the data, the higher the risk. Healthcare leads, with patient records. Law and finance follow closely. Here are the seven most exposed jobs, ranked by data sensitivity. And the good news: the fix is the same for all of them.
The ranking at a glance
The ranking follows a clear logic. We rank by the sensitivity of the data handled. Health data or a professional secret weighs more than a marketing list. The fix does not change from one job to the next. It means removing sensitive data before you send it, which ONYRI Sanitize automates in the browser.
Here is the ranking, from most to least exposed:
- 1Healthcare — patient records and medical data. The most protected information there is.
- 2Legal — professional secrecy, contracts and confidential client files.
- 3Finance and accounting — statements, tax IDs and named salaries.
- 4HR and recruiting — staff files and applications, rich in personal data.
- 5Developers — code, API keys and technical secrets pasted to move fast.
- 6Customer support — customer data and tickets, handled all day long.
- 7Marketing — lists and campaign data, often pasted without a second thought.
Here are the same seven jobs, in a table.
| Rank | Job | Why |
|---|---|---|
| 1 | Healthcare | Patient data (PHI); consumer ChatGPT is not HIPAA compliant |
| 2 | Legal | Professional secrecy; the ABA requires the client's informed consent |
| 3 | Finance / accounting | Statements and tax IDs, named data that is heavily regulated |
| 4 | HR / recruiting | Staff and candidate files; every field needs a legal basis |
| 5 | Developers | Code, API keys and secrets; one maker banned the tool after leaks |
| 6 | Customer support | 40% of files uploaded to AI contain personal data |
| 7 | Marketing | Customer lists pasted from unmanaged personal accounts |
The top of the ranking: regulated professions
Let's start at the top: healthcare. Doctors, nurses and clinics handle patient data. It's the most protected information there is. Yet consumer ChatGPT is not compliant with the US HIPAA law. OpenAI will not sign the required agreement (the Business Associate Agreement) for its consumer versions. So entering Protected Health Information is not permitted, even if nothing leaks afterward. We cover the steps in our guide to anonymizing patient data before AI.
Next comes law. Lawyers are bound by professional secrecy. They handle contracts and confidential client files. The American Bar Association made this clear in its Formal Opinion 512, issued on July 29, 2024. A lawyer must keep confidential all information relating to a client's matter. They must understand how the AI tool uses their input. And they must get the client's informed consent before entering confidences. Boilerplate consent in an engagement letter is not enough. Our article on AI for law firms develops this point.
Finance and accounting close the top of the ranking. Bank statements, tax IDs, salaries: this data is personal and heavily regulated. Italy's regulator, the Garante, showed this in December 2024. It fined OpenAI 15 million euros. The reason: personal data processed without an adequate legal basis to train ChatGPT, and a lack of transparency. We explain how to protect this data in our article for accountants.
The daily risk: HR, developers, support, marketing
Let's step down a level. HR and recruiting handle staff files and job applications. Name, address, tax number, health, reviews: the file is very rich. Every field is personal data that needs a legal basis. Our guide explains how to anonymize HR data before AI.
Developers come next. They paste code, API keys and secrets into AI to move fast. The risk is real and documented. In 2023, a major electronics maker, Samsung, banned ChatGPT for its employees. The reason: engineers had pasted chip source code and the content of an internal meeting. It happened within roughly twenty days. The security firm Cyberhaven measured the pattern. Sensitive data made up about 11% of what employees pasted into ChatGPT. And nearly 4% of employees had pasted sensitive company data at least once. Our guide shows how to paste code without leaking secrets.
Customer support follows. Agents handle customer data and tickets all day long. The LayerX report is telling. 40% of files uploaded to generative AI sites contain personal or payment data. And 82% of pastes come from unmanaged personal accounts. The company then has almost no visibility into what leaves. Our article covers customer support without exposing customer data.
Marketing closes the ranking, without being out of danger. Teams handle customer lists and campaign data. Segments, emails, purchase histories: all of it is still personal data. Pasting a list into AI to draft a message feels harmless. It isn't. Our guide explains how to use AI in marketing without exposing client data.
How to use this
The seven jobs share one risk. They entrust sensitive data to an external AI. So they also share the same fix. Remove the sensitive data before you send it, whatever your job.
- Healthcare and law: never enter patient data or client secrets in the clear.
- Finance and HR: remove names, tax IDs and salaries before sending.
- Developers: mask API keys, secrets and credentials in your code.
- Support and marketing: never send a raw list or ticket.
- For regular use, anonymize at the source, in the browser.
That's what ONYRI Sanitize is for. The engine detects sensitive data and replaces it with reversible tokens before sending. Detection and the token↔value mapping stay in your browser. Only anonymized text reaches the tool. Whatever your job, the AI finds only tokens — not your real information.
Frequently asked questions
- What jobs are most at risk of an AI data leak?
- The most exposed handle the most sensitive or regulated data. Healthcare leads, with patient records. Then come law, finance, HR, developers, customer support and marketing. The more sensitive the data, the higher the risk. The fix is common: anonymize the data before you send it.
- Is ChatGPT HIPAA compliant for healthcare?
- No, not in its consumer versions. They don't offer the required safeguards or the mandatory agreement (the Business Associate Agreement). OpenAI will not sign that agreement for consumer ChatGPT. So entering Protected Health Information is not permitted, even if nothing leaks afterward.
- Can a lawyer use ChatGPT with client information?
- With caution. The American Bar Association's Formal Opinion 512 makes this clear. The lawyer must keep the information confidential, understand how the tool uses their input, and get the client's informed consent. Boilerplate consent is not enough. Anonymizing data before sending sharply reduces this risk.
Sources & references
- Is ChatGPT HIPAA Compliant? (consumer versions not compliant, no Business Associate Agreement for Protected Health Information) — The HIPAA Journal
- Employees regularly paste company secrets into ChatGPT (LayerX report: 77% paste data, 22% include personal or payment data) — The Register
- Italy's privacy watchdog fines OpenAI 15 million euros over ChatGPT data collection (no adequate legal basis, transparency failures) — Euronews
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt