Responsible AI

Aussie Workers Are Increasingly Exposing Customer Data to Public AI

New PagerDuty research finds 40% of Australian workers have uploaded customer data to public AI tools, despite company policies and privacy risks.

Aussie Workers Are Increasingly Exposing Customer Data to Public AI

Key takeaways

  • 40 per cent of Australian office workers surveyed have uploaded customer data to public AI tools, and 28 per cent have entered confidential company or financial data into a generative AI platform.
  • 70 per cent use AI tools regularly at work despite company policies restricting their use, with 36 per cent hiding that use to avoid scrutiny and 45 per cent doing so to avoid being told to stop.
  • The findings come from incident management firm PagerDuty, which polled 1,250 office professionals across Australia, Japan, the UK, and the US.
  • 75 per cent of Australian workers believe they understand AI better than the IT teams managing it, a dynamic PagerDuty links directly to the growth of shadow AI.

What Happened

In-body image for: Aussie Workers Are Increasingly Exposing Customer Data to Public AI
Illustrative AI-generated image by Mindiam (Flux 1.1 Pro Ultra)

New research from incident management firm PagerDuty has found that Australian workers are routinely feeding sensitive data into public AI tools, often in direct defiance of workplace policy.

The survey, which polled 1,250 office professionals across Australia, Japan, the UK, and the US, found that 70 per cent of Australian office workers make regular use of AI tools during their workday despite company policies restricting their use. More concretely, 40 per cent of those polled had uploaded customer data to public AI tools, while 28 per cent had entered confidential company data or financial information to their generative AI platform of choice.

Workers are not simply unaware of the rules. Thirty-six per cent said they were hiding their AI use to avoid scrutiny from their bosses, and 45 per cent keep their use secret so they cannot be told to stop. Despite this, 53 per cent had already faced some form of censure for their actions.

Callum Eade, vice president, APAC at PagerDuty, told Cyber Daily: "It's clear that Australians are embracing AI, with nearly all of the survey respondents (96 per cent) crediting it for helping them in their personal life. So it makes sense that they want to use the technology to improve their work."


Why It Matters

When employees feed customer records or financial data into a public AI tool, that information can be retained, used for model training, or exposed through a breach at the AI provider. Australian privacy law places the obligation on the organisation holding the data, not the individual worker who uploaded it.

The Office of the Australian Information Commissioner has published guidance specifically addressing this gap. Its guidance on privacy and commercially available AI products notes that organisations remain accountable under the Privacy Act when staff use external AI tools to process personal information, regardless of whether that use was sanctioned.

Eade put the organisational tension plainly: "But this is where the issues can arise. A large majority of workers think they understand AI better than the IT teams that manage it, and when workers feel overly restricted on what tools they can use, it can build tension and frustration between the two groups. This has led many to use unsanctioned AI tools, resulting in shadow AI."

The 75 per cent of workers who believe they understand AI better than their IT teams is not just a cultural curiosity. It is the condition that makes shadow AI persistent. Workers who feel confident and constrained will find workarounds, and those workarounds carry real legal exposure for their employers.


Key Details

The PagerDuty survey covered 1,250 office professionals across four countries: Australia, Japan, the UK, and the US. The Australian figures reported by Cyber Daily include:

  • 70 per cent use AI tools at work despite restrictive policies.
  • 40 per cent have uploaded customer data to public AI tools.
  • 28 per cent have entered confidential company data or financial information into a generative AI platform.
  • 96 per cent credit AI with helping them in their personal life.
  • 75 per cent believe they know how to use AI professionally better than the teams managing AI tools.
  • 53 per cent have faced some form of censure for their AI use.
  • 36 per cent hide their AI use to avoid scrutiny from managers.
  • 45 per cent hide their use so they cannot be told to stop.

Eade also flagged a cultural fracture forming inside organisations: "Lastly, an internal cultural disconnect can develop where individuals and teams begin using tools despite the risks, others that don't want to engage with the tech, and everyone in between."


Background and Context

Shadow AI is not a new concept, but the scale revealed in this survey is striking. The pattern mirrors what happened with shadow IT a decade ago, where workers adopted cloud storage and messaging apps before IT policies caught up. The difference with AI is the nature of the data at risk. Uploading a spreadsheet to Dropbox without approval was a governance problem. Uploading a customer database to a public large language model is a potential notifiable data breach under the Privacy Act 1988.

The OAIC's guidance on commercially available AI products is explicit: organisations must conduct privacy risk assessments before deploying AI tools that handle personal information, and they must ensure contractual protections are in place with AI vendors. When workers bypass approved tools entirely, those protections do not exist.

PagerDuty's recommendation, as relayed by Eade, is for leaders to "close the gap between what's approved and what workers want to use to reduce shadow AI, and invest in their AI skills and training." The goal, Eade said, is to "help keep top performers engaged and create a culture where innovation and knowledge sharing are encouraged."


What Comes Next

PagerDuty's advice points toward a practical path: expand the list of approved tools, invest in training, and treat AI governance as a cultural project rather than a compliance checkbox. Eade's framing is that leaders "should understand the risks shadow AI can create across the organisation" before those risks materialise as breaches.

For Australian organisations, the OAIC guidance provides a starting framework. Privacy impact assessments, vendor contracts that prohibit training on customer data, and clear internal policies on which AI tools are approved are the minimum steps. The survey results suggest that without visible, practical alternatives, workers will continue to use whatever tools they find most useful, regardless of what the policy document says.

Sources & citations

  1. David Hollingworth, "Need to know: Aussie workers are increasingly exposing customer data to public AI," *Cyber Daily*, 9 July 2026
  2. Office of the Australian Information Commissioner, "Guidance on privacy and the use of commercially available AI products."
JUST THE WEEKLY ROUNDUP

One Friday email. The five things AU operators actually need to know.

Operator-tested, primary-source linked, citation-first. Written by an operator, not a marketing team. Or, for a personalised view first, take our 90-second quiz.

Unsubscribe anytime. No spam. See our privacy policy.