User data usage policy for Now Assist

  • Release version: Washingtondc
  • Updated April 8, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User Data Usage Policy for Now Assist

    The User Data Usage Policy for Now Assist emphasizes the importance of user data security and provides options for customers to manage their data. Users can mask sensitive information or choose to opt-out of data sharing for model improvements.

    Show full answer Show less

    Key Features

    • Secure Data Transmission: User data is securely transmitted using Transport Layer Security (TLS) 1.2 to centralized ServiceNow compute hubs for AI processing. Input and output data are not cached or stored on these hubs.
    • Data Privacy: User data is not commingled with other customer data, ensuring confidentiality, especially for domain-separated instances.
    • Third-Party Services: ServiceNow may utilize third-party endpoints like Azure OpenAI Service to enhance AI capabilities, with strict adherence to data privacy within the ServiceNow network.
    • Sensitive Data Masking: The Sensitive Data Handling plugin can be enabled to mask sensitive data before it is sent to LLMs, although this may affect result accuracy.
    • Retrieval Augmented Generation (RAG): Certain features, such as AI Search, utilize RAG to only pass accessible information to the LLM, ensuring users receive relevant content based on their permissions.

    Key Outcomes

    By understanding and applying this policy, ServiceNow customers can ensure their data remains secure while benefiting from advanced AI functionalities. Customers can also manage their participation in data sharing programs to contribute to the continuous improvement of AI services or choose to opt-out as needed.

    Now Assist is designed to keep user data safe and secure. You can also mask sensitive data or opt-out of sharing data for model improvements.

    How your data is sent and stored

    Your AI workloads are securely sent using Transport Layer Security (TLS) 1.2 from your ServiceNow instance to one of three centralized ServiceNow compute hubs (datacenters with GPUs for AI workloads), where the AI prediction processing takes place. The data used to generate the response is deleted from the compute hubs after the response has been generated. The result is then returned to the ServiceNow instance.

    The input and output data isn’t cached or stored on the compute hub and is transient.

    Your data isn’t commingled with other customer data when using Now LLM Service for generative AI.

    Also, there’s no commingling of data for domain-separated instances when you use Generative AI services.

    When appropriate, ServiceNow might leverage third-party endpoint services (for example Azure OpenAI Service) to augment Now LLM Service to power Now Assist capabilities. Further, to confirm quality of service, ServiceNow might use Azure-hosted GPUs for Now LLM Service capacity bursting in case of high customer demand. Data processed by third-party endpoints isn’t subject to use or access by third-party providers and are operated within the ServiceNow network boundary..

    Mask sensitive data

    Sensitive data can be masked before sending it to LLMs. You need to enable and configure the Sensitive Data Handling plugin. To configure the plugin, see Configure sensitive data handling for generative AI.

    After you enable the plugin, it’s designed to mask sensitive data before it’s sent to the LLM, but could result in less accurate results because the specific data isn’t included within the prompt.
    Note:
    This plugin, within the context of generative AI products, doesn’t mask the sensitive data that exists in records within your instance, nor does it help prevent new sensitive data from being stored on the instance itself.
    ServiceNow might use Retrieval Augmented Generation (RAG) for selected AI features (for example NowAssist for AI Search) and passes information to the LLM based on what the requester can access within the system. If a user searches for something in the portal using Now Assist in AI Search, AI Search finds the article and then sends that to the LLM as a part of the prompt. Because AI Search knows what the user has access to, it won't send an article that the user isn't able to access.
    Note:
    For some features, such as case summarization, the agent generating the summary might have more permissions than other people who have access to the record. If they choose to paste that summary to the work notes, the agent should check to confirm that the data they're sharing in the work notes is appropriate to share with others who have access to that record.

    Opt out of data sharing

    Data Sharing helps ServiceNow to continuously advance and improve its Now LLMs, based on the latest customer usage. If you no longer want to participate in the customer data-sharing program, you’re able to opt out.

    To opt out, follow the instructions in Opt out of data sharing for Now Assist.