Data policy
A data policy defines what information may enter which AI systems. Advisory data often includes nonpublic personal information, tax documents, account numbers, health and family information, and legally sensitive records.
Related tool categories: compliance, archiving, and approved enterprise AI environments such as Smarsh, Global Relay, Red Oak, Comply, SmartRIA, RIA in a Box, Microsoft Copilot, ChatGPT Enterprise, and Claude Enterprise.
What this means in practice
- Classify data by sensitivity.
- Approve tools by data class.
- Require redaction/anonymization where possible.
What good implementation looks like
Good advisor AI implementation connects this workflow to the firm’s systems of record, makes uncertainty visible, and keeps the advisor in control of client-facing decisions.
Risks and controls
- Public AI tools should not receive client NPI unless explicitly approved.
- Confirm whether vendors train models on prompts, files, or transcripts.
Advisor value: AI should reduce administrative drag and surface better context, while the planner provides judgment, prioritization, and accountability.