Nonprofit Artificial Intelligence: Governance and File Sharing

 In Artificial Intelligence, Document Management

The Opportunities for Generative AI at Nonprofits

Generative AI tools like ChatGPT, Microsoft Copilot, and Google Gemini have quickly become both a tremendous opportunity and a source of tremendous risk for all organizations. Nonprofits are no exception. With Artificial Intelligence, governance of file sharing is more important than ever.

The opportunities afforded by generative AI are as varied as the missions of the organizations themselves. Generative AI can support customer service chat bots. Generative AI can speed up the drafting of emails, documents, or presentations. In other instances, nonprofits are using generative AI in more mission-centric ways. This includes promoting early childhood education in India with AI-enabled WhatsApp to enabling alerts for biodiversity and conservation programs, and more.

To prepare for the use of Generative AI tools like Google Gemini and Microsoft Copilot, it’s vital that nonprofits understand and actively manage their file sharing and access permissions to a degree that most never have.

The Opportunities for Generative AI Are Not Without Risks

While there are opportunities for generative AI to transform nonprofits, there are also tremendous risks. Services like Copilot for Microsoft 365 can access content spanning Outlook, OneDrive, SharePoint, and more for answers. Google Gemini for Business can access content from Gmail, My Drive, and Shared Drives for its answers.

AI surfaces content that once required a lot of searching to find. AI makes connections between content across these channels and surfaces content in powerful ways. This means an “anyone with access” link that provided access to a file or folder now allows sensitive information to be surfaced by an AI-assisted search.

It’s critical that nonprofits take governance and management of how they share files, folders, and file repositories more seriously than ever. Failing to take an active role in governance and management creates significant risks. Staff and contractors may now be able to use AI to surface human resources data, sensitive constituent data, or financial data.

Establish Governance for How Your Organization Can Share Files

In the era of cloud-based file storage and collaboration, governance gets much more complex. What was previously exclusively the purview of IT is now something that has profound implications for how organizations collaborate and, more importantly, manage risks.

Why is governance so important? Because AI respects the governance that your organization has established. Despite it being “intelligent,” AI doesn’t know who should have access to locations or files unless you have been thoughtful about that access. AI doesn’t know that someone mistakenly shared the entire HR folder with someone who shouldn’t have it. Artificial Intelligence is impacting governance and file sharing.

Critically important is assessing, understanding, and likely rearchitecting how files and folders are stored. Equally important is understanding how files and folders can be shared, and ensuring your environment is architected in a way that empowers AI while mitigating risks. Senior leadership, staff, and IT all have a role in governance. It can no longer be as simple as asking IT to grant access to a location for a team member.

Low Hanging Fruit – Label File Sharing Locations More Obviously

A first step, accessible to organizations of all sizes, is to improve naming so that locations are more obviously labeled to indicate the groups that files are shared with – for example “Finance Only,” “HR Only,” “Senior Leadership Only,” or “All Staff.”

Organizing files this way greatly increases the chances that AI will not surface files unintentionally. Better named locations help staff understand who does – and does not – have access to those locations.

Additionally, at our clients we see improved labeling of file locations addressing a common issue: when staff are not confident that they know who has access to a shared folder or drive, they don’t share it. They resort to saving a file on their OneDrive or My Drive, or worse yet their desktop. When that happens, institutional knowledge is now less available, limiting the value of AI.

Govern How File Sharing Locations and Files Can Be Shared

Before cloud-based file storage and collaboration, governance was much less complex. There was a “me” drive, a “team” drive, and a “company” drive. If you wanted to share a file with someone, you emailed them a copy. When a person saved a file in one of those locations, they could be confident it was only shared with the team or the company. Now, however, end users often have the ability to create a link to a file or folder and may share it with anyone they desire.

Limiting link sharing options for select locations is warranted. For example, the administrator may limit sharing to only those within an organization, or even only to those who already have access (in which case the link is effectively just a shortcut). Admittedly, for end users the approach of limiting link sharing options can add friction. But it is adding friction in places where careful thought needs to go into who can be granted access. There remain several options if a file does need to be shared with others in a way prevented by the file’s location. If sharing a file for informational purposes only, an email attachment may remain the best way to share. Or, where co-authoring is needed, one may move the file to a location that permits more flexible link sharing, such as a person’s My Drive or OneDrive.

Additional Ways to Improve Governance and Manage Risks

As your organizational use of AI matures, ongoing governance and risk management around file storage and sharing will become increasingly important. Some measures to invest in include:

  • Additional technology protection measures such as Data Leak/Loss Prevention solutions.
  • File sensitivity labeling to further protect confidential, proprietary, or privileged information.
  • Governance measures such as clearly defined shared file locations, access permissions, and onboarding and offboarding procedures.
  • Human measures such as a system administrator review of “unusual” sharing, and ongoing staff training.
  • Ensuring that file storage and sharing is adequately covered in your organization’s Acceptable Use Policy.

Manage The Risks to Leverage the Opportunities of AI

We’re incredibly excited by the potential of generative AI to augment and support the work of nonprofits. Thoughtfully managing the risks, especially around file sharing, ensures your organization can tap into these opportunities.

Before introducing a private instance of AI like Microsoft Copilot, ChatGPT, or Google Gemini for broad use in an organization, nonprofits must be thoughtful about file sharing, access control, and link sharing. No one likes restrictions on what they can do, but appropriate restrictions are needed to secure organizational data and manage risk. And that’s more important than ever with AI being capable of searching an organization’s files. File sharing takes on vastly greater importance with the advent of AI.

AI has become a forcing mechanism for nonprofits to evaluate something that historically was viewed very operationally – file storage and collaboration. This is an unprecedented opportunity to stop treating files as something simply needing to be stored, but as something that needs to be protected. Protect your files so they can be well-leveraged in the future as Artificial Intelligence makes the governance of file sharing a strategic differentiator for effective nonprofits.

Navigate the Change Associated with Artificial Intelligence

Part of investing in AI involves preparing your organization for the changes ahead. The Build Change Management Framework helps nonprofit organizations approach AI with a change management view.

Nonprofit Artificial Intelligence Aerial Picture of Structures