AI in AEC: Data Privacy in the AI Era

I guess the one constant is me . My name is Jeff Eccles , I'm a senior advisor at KP ReadyCo and in this version , ai Unpacked I am joined by Frank Lazzaro . He is my friend and colleague here at KP ReadyCo . He is our in-house AI expert and I love this version of Unpacked because I get to learn a lot .

Frank and I go through different aspects of AI , different tools , different uses , and these are meant to be bite-sized chunks to give you actionable things that you can take away from this podcast and

implement in your firm today . So , frank , welcome back . Glad to see you .

So I've gotten some really good feedback . So i'm'm glad that it's resonating with people and it's just not you and I enjoying what we're doing and others are getting a little bit from it .

All right , so for our several listeners out there , we're really glad that you're here and we , you know we say that a little bit tongue in cheek , but we also understand this is a pretty narrow niche audience and we're perfectly happy with the fact that we can dig deep on these and make them actionable and digestible for people in the AEC industry , so we're

happy to do it for them . Today we're going to talk about data privacy and being the director of our mastermind programs and spending a good chunk of my week sitting down with innovation leaders , construction tech leaders . I know that many of these folks have clients . Their firms have clients that are going hey , what about our data data ?

How are you using our data ? What ? Where's our data going ? Is it being exposed ? There's all kinds of those . How are you using ai ? I guess is where it's , where it first starts . But but there's a lot of concern over the data and I just posted something in the last day or so from my old show . This is a blast from the past .

Um , my old show was called Context and Clarity Live and I recorded a session , probably two years ago at this point , with Matthias Del Campo . At the time he was at Taubman at University of Michigan Now he's at

New York Institute of Technology , but he's head of AI and AI research and we sat down for a conversation about ethics in AI and it was all about the same thing how is data being used ? So I'm glad we're digging into this today . I think this is going to be our most popular episode so far . So , frank , yeah , you know I agree .

I make note of what people are asking , like what are the , what are the top three or four things that people are always asking when it comes to and this topic in and of itself , I would say , is probably either one or two when we think about that .

Right , every single time we go in , we have a conversation about innovation , we start talking about artificial intelligence .

Data privacy , data security tends to be a question that is consistently asked , regardless of the size of the firm , regardless of what form that we're talking in whether I'm speaking from the stage and we're doing the Q&A after a presentation or meeting with a client one-on-one this inevitably is either the number one or number two question that comes up .

We also know that we should be thinking about different ways to serve our clients . But again to your earlier point efficiency and everything else aside , what about the data security and how is it handled in different tools and how is it handled in different applications ?

So what are you hearing you said from Q&A after a speaking event or in an advisory session with a client ? What are you hearing ? What concerns ? Let's start there . What concerns are you hearing ?

We want to be innovative and we want to incorporate this , but I also don't want to share my data with these public ais and and for a lot of reasons , I don don't blame them right . So what you're finding is is that they're looking for solutions , they're looking for ways to be able to incorporate this great technology .

To kind of go back to what you mentioned earlier about the book , you know , yeah , I want to find those 12 minutes of efficiencies and productivity , I want to increase my utilization , but I'm not going to put my data at risk if I don't really know how it's using it .

And so what you find is is that most firms , the IT departments , are the ones that really push back on the data security , and that's it's an obvious reason why . And but there I think there's ways to mitigate that and there's ways to solve for that in a multitude of ways to where you can still get

the benefit of doing it . You can still find your 12 minutes of efficiency but , at the same time , be able to protect yourself and your data , particularly your client data .

What I'm hearing on the mastermind side is hey , our clients we've got this big RFP and they want to know exactly how our data is going to be used . They want us to prove that our data has been scrubbed . You know , et cetera , et cetera . So it's , I think , a lot of it , a lot of the concern is . It's certainly in-house right .

It's certainly there's a concern with the IT department inside the AEC firm , but it's also being driven from their client side , from the user side maybe , if we use that term .

So it's one of those things to where , depending on what kind of work you're chasing , this becomes more or less a bigger problem for some than others . But generally speaking , most firms are like no , I don't want to use the public chat GPT because I can't secure the data .

So what you are finding is that a lot of firms are now moving towards this concept of private AI . So you have clients that are going out there and custom developing a chat GPT enterprise solution . Now there's obvious pros and cons to that right . The pros around that is that I control my environment . I can control my data .

The downside to that is that it does cost you more to do the upfront development to get it up and running . So now it's a balance of do I go the cheap route and potentially have some unknown data integrity , data privacy issues , or do I go a different route and spend more money and have a solution that actually solves what I'm looking for ?

Um , david is an expert on on IP and AI , and so he he walked through with all of our mastermind members . Here are the things that you need to be paying attention to . Here are the things you need to consider as you build out your own AI policy .

And , by the way , you need to have an AI policy because , whether you approve it or not , whether you like it or not , whether you know it or not , your employees are using AI in some way . Your employees are using AI in some way , you know , even beyond their Amazon wish list . They're using chat or they're using whatever .

So what policies , best practices do you need to have in place that everybody's adhering to ?

Some firms allow it for internal meetings and internal type activities , but not client deliverables . Other firms are like try to put it in everything that you possibly can figure out where it fits into your workflow . So right , at a minimum , it's just you have to go through the evaluation of what tools are we going to allow everyone to use .

What you find is most AEC firms are Microsoft shops , meaning that they have Microsoft Office , they have Microsoft Outlook . It's very easy to turn around and say you can only use Copilot . That's a very , very easy thing .

And Microsoft has their data policies are the best that I've seen so far among all of the AI solutions , mainly because what they say is that if your data lives within your Microsoft entity , in your Azure environment , it stays there . It doesn't go out to the underlying model .

So what you find is that the folks that are at Microsoft tend to be gravitating towards those kinds of solutions simply because they're getting the best of both worlds . One it's already built into my existing licenses , so I don't have another subscription .

It's built into my Microsoft license and my data is generally secure because it's within that Microsoft environment . That's great . So that's what you see . So it's as simple as identify what tools you want everyone to use and then basically start putting rules around .

These are the things that you're allowed to do , these are the things you're not allowed to do , and that should be your baseline policy .

So we understand the terms and conditions of the tools . We understand how the the that particular tool maybe it's all within Microsoft , maybe it's not we start to understand how it's being used , where it's being stored . Then and you mentioned right , we've got private AI models or custom AI models hosted on custom or on our own servers , et cetera .

What about regulatory considerations ? What's out there and you mentioned this before a lot of people that are pursuing government work . You know this is absolutely part of that conversation . There are other types of clients , you know types of work where this is going to be much more stringent , much clients are going to demand much more transparency , et cetera .

But what are some of the regulatory considerations that we need to keep in mind ?

How long are you really required to keep information ? And you have to kind of build some diligence around that . So we've gotten , you see , a lot of firms that get into this habit like , oh , we've been around for 25 years and I have proposals that date back and I have content and notes and everything to date back 25 years .

We probably need to revisit that . We probably need to revisit the fact of , like , now that everything is digital right , what is the legal requirement for us to retain information and at what point do we have to consider either archiving or purging

some of that One , not necessarily to limit our liability , but also to you know , at some point , does the retention of the data actually benefit the business long term , right ? Do I need something from 10 years ago ? So there's a lot of questions around that .

So I think you really would have to go in and start thinking about your data retention policy , because that is not something that most firms are thinking about going forward . And then you need to really kind of think about okay , from a from a government perspective , what does the contract stipulate ? How do we , you know , what am I allowed to do and not do ?

So you , it's really having to take all of those things into consideration , understanding where your business is .

smartphone on the job site to take job site pictures , and , as it turns out , that's not a good idea , because if something happens , everything becomes discoverable and that your employee's phone gets subpoenaed .

It would be interesting if and if you're a risk management consultant , maybe comment on this post , whether you're consuming it in video or audio format , because I think that's going to end up being an interesting part of this discussion as well .

So in some of these instances and we go back to the evaluation of the tools depending on the kind of business that you're pursuing , you may not be best suited to use a general AI like a chat GPT . You may have to look at something that's a little more specialized , whether that's from an open asset or a unit net where they have these specialized tools .

So , again , your tool evaluation is going to be really important , depending on the kind of work that you pursue .

I think the organizations need to kind of make that investment in time and energy to figure out how these tools work for them so that they're prepared going forward , because I think what you're going to find is that five years from now , 10 years from now , if you're an AEC firm that hasn't embraced this kind of innovation or technology or AI now , I think you're

in real trouble in the future , because I think more firms are going to be oriented that way , that have figured it out ?

The beautiful part about that is , yes , it's made by Microsoft , but you can pick any model that you want underneath it . You don't have to use Copilot .

You could use ChatGPT or Claude or Sonnet or Llama , so you get to pick the model that you want on the backend , and the benefit to that is is that some models are more expensive and cheaper than others , so that you can basically rein in your costs . So you get the custom solution with the model that fits your organization

that doesn't require any real hard development . You don't need a software developer to get it done . So there are solutions out there that help solve for some of these data security issues , data questions . The other big thing that comes up and this kind of ties into this loosely too is that cybersecurity plays a more significant role .

When you start thinking about how these tools are all connected . Everything's in the cloud . If you don't have strong cybersecurity policies and solutions in place today , adding this tool is not going to make the problem any easier .

So you really do have to be thinking about your cybersecurity , whether or not you're AI enabled today , and more so when you're AI enabled in the future .

then it ensures that it that we are aligning our ai policies with the overall company policies and and the culture that we've developed in our organization .

If I tell them to say do this , you're allowed to do this and not do this , it allows them to stay compliant with any regulations that they're going after . And then if I say you can do this and you can't do this , it aligns with the internal culture of what the company's policies are when it comes to this .

So I think when you fundamentally break it down , you know just coming up with simple do's and don'ts to start is a great place to help solve for all those other things downstream yeah , yeah , every game has rules , so why wouldn't uh ?

Obviously , people that are focused on GovCon , they have other requirements , so it requires other diligence , maybe specialized solutions . For the rest of us , we have options . Right , there's the obvious no code , low code type of options out there that you should be exploring .

If you're a smaller firm , off the shelf solutions with making sure that you're setting up your configuration correctly on the settings can help solve those problems at all . So

AI policy is number one . Settings can help solve those problems at all . So AI policy is number one . Two , it's the evaluation of the tools that are going to be best suited for your organization .

And then the third one is that , once you kind of solve for those other things , start thinking about your regulatory considerations , anything that may actually be that's unique , that you want to solve for , and then , when you have those three pillars in place , I think you're in a really good place to actually figure out how best to use artificial intelligence inside

your firm .

On data privacy , data security and AI we hear this day in and day out concerns on those fronts , so hopefully , this conversation that Frank and I have been having will help you put into action some of these things that we're talking about .

Again , wherever it is that you consume this be it the podcast version , be the YouTube version , the video version Maybe you're seeing it on LinkedIn or somewhere else Let us know what you think , let us know what your questions are . What are you struggling with ? What do you need to know more about ? What are you doing ?

We , we you know Frank said it earlier these topics come from conversations and from work that we're doing with our clients , with the people in our ecosystem , so to speak , and we want to make sure that these are as relevant as we possibly can . So let us know , help us out with that .

Our production team will put links to anything that we've mentioned that's deserving , that's needed , into the show notes below , and we'll be back again next week with another episode of AI Unpacked . So , frank , thanks so much for joining me today . It was a great conversation .