For most businesses, the biggest hesitation about AI is data privacy — and rightly so. The good news: it’s largely a question of control and architecture, which you can get right by design. Here’s the practical guide, and how dgm handles it. (dgm implements osFoundry, a separate company’s platform — we are not osFoundry.)
The core question
Cut through the complexity and AI data privacy comes down to three things: where does your data go, who can see it, and is it used to train the vendor’s models? Get clear, written answers to those and you’ve addressed most of the risk.
The US rules that may apply
US privacy regulation is sector- and state-based, not one federal AI law:
- HIPAA — health data (see healthcare).
- GLBA — financial data.
- FERPA — student data.
- State privacy laws — consumer data (California and a growing list of states).
Which apply depends on your data and customers — map your specific obligations (see AI compliance in the US) and confirm specifics with counsel.
Best practices
- Keep data under your control — an architecture that doesn’t route everything through one external provider.
- Get written terms — especially that your data isn’t used to train the vendor’s models.
- Least-privilege access — AI sees only the data it needs for its task.
- Avoid lock-in — a model-agnostic approach keeps you in control.
Design it in, not after
Privacy is far easier to build in at the start than to retrofit once AI is loose in your operation. Treat it as an architecture and controls question handled during implementation — not a box checked afterward.
How dgm helps
dgm builds on the model-agnostic osFoundry platform, which keeps your data under your control rather than routing it through one external provider, and builds privacy controls (least-privilege access, data handling) into the implementation. Sector-specific compliance determinations stay with your team. If you’d rather explore the platform yourself first, go straight to osFoundry; if you want AI with privacy handled by design, that’s where dgm comes in.