What NOT to paste into AI and how to sanitize info

Getting your Trinity Audio player ready…

If you’re new here, I’m AI Program Manager, Kate. When AI first became accessible to me, I started trying all kinds of things to see what can I simplify in my life. I’ve been aware of the GDPR, but to me it was more about someone else’s data.

Who cares about a random Ukrainian living in Lithuania doing some work, living some life? Wrong! Scams, phishing, data leaks – the world wide web is a dangerous place to hang out in, if you don’t know the rules!

So, what do you need to know to not accidentally leaking sensitive info while using AI. Because the biggest risk isn’t that AI gives you a silly answer… It’s that you paste something you should never paste.

And yes – even though the internet is full of reports where some person uploaded all the medical/health data and got a diagnosis that turned out to be true, while doctors didn’t catch it, it is still the fastest way to go from “helpful tool” to “GDPR oopsie.”

First: a simple rule of thumb

If you wouldn’t paste it into a public LinkedIn post… don’t paste it into AI. Even if the tool feels private. Even if it’s “not trained on your data“, or “just for a second.” Treat AI like a powerful assistant who should only see clean, minimal info.

What NOT to paste into AI (the “nope list”)

1) Direct identifiers

  • Full names, personal emails, phone numbers
  • Home addresses, personal social profiles
  • National ID numbers, passport numbers
  • Employee IDs, customer account numbers

2) Payroll + finance data (HR folks: be extra careful)

  • Salary amounts tied to a person
  • Bank account / IBAN details
  • Tax forms, payslips, contracts with names
  • Bonus / performance data linked to individuals

3) Medical / health data (special category – highest sensitivity)

  • Diagnoses, symptoms, medications
  • Sick leave reasons, doctor notes
  • Disability accommodations
  • Anything that reveals health status (even indirectly)

4) Confidential business data

  • Unpublished financials, internal strategy decks
  • Client lists, pricing terms, signed contracts
  • Security details, credentials, access info
  • “Internal drama” (yes, that too)

If you remember only one thing: health + identity + money is the danger triangle.

“Medically clean” data: how to sanitize in 60 seconds

Here’s the goal: keep the meaning, remove the identity.

Step 1) Replace identity with placeholders

  • “Monika Petrauskaitė” → Employee A
  • “Marketing team lead” → Manager (role only)
  • “Vilnius office, 3rd floor…” → Office location (general)

Step 2) Remove dates that can identify someone

  • “On Feb 3rd” → early February
  • “Last Tuesday at 14:05” → last week

Step 3) Generalize rare details

Rare combinations can identify people even without names.

  • “66-year-old librarian with 3 kids” → mid-career professional
  • “Only person in Team X on sick leave” → team member

Step 4) Keep only what AI needs

Ask yourself: “If I remove this detail, can AI still help?”
If yes → remove it.

Step 5) Use summaries instead of raw documents

Instead of pasting a contract/payslip/email thread:paste a sanitized summary + the decision you’re trying to make

Real-life example (HR/payroll edition)

Don’t do this:

“Here’s Marta’s payslip + sick leave note + manager email. What should I do?”

Do this:

“I need guidance on a payroll correction case. Employee A has a leave period affecting pay. Policy says X, manager requests Y. Help me compare options and risks.”

Same problem. Zero personal data.

Copy-paste prompt (HR / payroll, systems-minded)

Use this when you want AI as a thinking partner (not a hack machine), while staying privacy-safe:

P (Persona): You are an HR/payroll operations advisor who is systems-minded and risk-aware.

A (Audience): This is for me (HR/payroll) and a manager who needs a clear decision summary.

R (Request): Help me untangle this payroll/HR situation and recommend next steps — WITHOUT using any personal data.

T (Tone): Clear, calm, practical. No jargon.

S (Specs):

– Do NOT ask me to share names, medical details, IDs, bank info, or raw documents.

– If my description includes sensitive data, tell me what to redact and suggest a safer version.

– Ask up to 3 clarifying questions (only what’s necessary).

– Then provide:

  1) a 5-bullet situation summary

  2) options A/B/C with pros/cons

  3) risks (legal/compliance, people, data)

  4) recommendation + why

  5) a 7-day action plan

  6) a “sanitized summary” I can paste safely next time

Sanitized context (no identifiers): [paste your situation here]

Constraints: [deadline, policy rules, approvals, tools]

Quick safety checklist before you hit “send”

Did I remove names, emails, phone numbers, IDs?

Did I remove or generalize medical/health info?

Did I avoid pasting payslips, contracts, raw docs?

Did I keep only what’s needed to solve the problem?

Am I following my org’s AI policy / approved tools?

(If your company has a DPO/legal team: when in doubt, ask them. This post is general guidance, not legal advice.)

Now that our prompts are squeeky clean:

Use AI like a scalpel, not a diary. The more precise you are, the better it performs – and the safer you stay. Oversharing isn’t a shortcut, it’s a risk.