Industry
Property Management
Challenge
The client was already using AI to move faster, but adoption had outpaced control. Staff were relying on personal ChatGPT accounts for business tasks involving sensitive data, with no central oversight, no clear prompting rules, and no structured governance. The risk was not poor intent — it was a growing gap between everyday AI use and the business controls needed to manage it safely.
Results
In a single workshop, AutomateNow helped the client identify 3 critical risks, deliver 5 working governance templates, and define 3 immediate next actions. Model training exposure was addressed, safer prompting practices were introduced, and the business left with a practical framework it could apply across the wider team. This was not a static policy document — it was a working governance structure.
Key Product
AI Governance
About Customer
Note: the client has been anonymised at their request. All facts and outcomes are accurate.
- Industry: Property and land management
- Location: United Kingdom
- Data sensitivity: High — personal names, addresses, reference numbers, and legal records
- AI exposure: Multiple team members using personal ChatGPT accounts for business-related tasks
- Service delivered: AutomateNow AI Governance Workshop with working governance templates
This client is a UK-based property and land management business handling land title registrations for individuals and organisations. Their work involves highly sensitive personal and legal data, so the margin for error is small.
Like many capable, forward-looking teams, they had already started using AI tools to improve day-to-day efficiency. The issue was not intent. The issue was structure. They recognised that AI adoption was happening faster than governance, and chose to deal with it early — before unmanaged exposure became a bigger problem.
The challenge
This was not a business resisting change. It was a business moving quickly.
Team members had begun using tools like ChatGPT to support drafting, request handling, and administrative work. That behaviour came from good instincts: people were trying to work faster and better. But AI had entered the business informally, through individual initiative rather than a clear organisational plan.
That created a familiar gap. The organisation had no central visibility into how AI was being used, what data was being entered, or what level of risk already existed across the team.
In sectors dealing with sensitive information, that gap matters.
What was happening before the workshop
Once AutomateNow sat down with the client representative, three critical risks became clear almost immediately:
- Personal accounts were being used for business activity
Staff were using personal ChatGPT accounts, often on free plans, for business-related work. That meant no audit trail, no central oversight, and no administrative control over how company information was being handled. - Sensitive data was being entered directly into prompts
Names, addresses, and reference numbers were being pasted into AI tools to support drafting and correspondence. A safer approach had not yet been established. - Model training exposure had not been addressed
On free-tier accounts, conversation data may be used for model training by default unless settings are changed. The organisation was not aware of that exposure, and no formal control had been put in place.
What stood out most was not negligence, but visibility. The client openly acknowledged they did not yet have a clear picture of AI usage across the wider team. That honesty created the right starting point for a practical governance intervention.
The solution
AutomateNow delivered a structured AI Governance Workshop built around a practical five-template framework designed for organisations already using AI without a formal governance model.
This was not a theoretical compliance exercise. It was a working session focused on identifying real usage, categorising real risks, and putting sensible controls in place that the client could actually use.
The five-template framework
1. AI Use Case Inventory
A structured way to identify where AI is being used, by whom, for what purpose, and on what data.
2. Risk Categorisation
Each use case is reviewed according to data sensitivity, frequency of use, and the consequences of misuse or error.
3. Control Specification
Appropriate controls are defined for each risk level — from account settings and prompting rules through to platform changes.
4. Review Cadence
Ownership and review timing are established so governance stays current as tools and usage evolve.
5. Policy Summary
A plain-language summary the organisation can share internally, use in onboarding, and reference in future decision-making.
What the workshop delivered
The workshop gave the client more than recommendations. It produced a working governance foundation.
Three immediate actions were identified and assigned:
- Move AI usage away from fragmented personal accounts and into a business-managed environment with stronger data protection
- Introduce a PII-free prompting protocol, using AI for structure and drafting while adding sensitive data manually afterwards
- Extend the AI Use Case Inventory across the wider team to create a full organisational view of AI usage and risk
The session recording also created a useful audit trail — capturing the risks identified, the logic behind the recommendations, and the practical actions agreed.
Results at a glance
- 3 critical risks identified in the first session
- 5 working templates delivered to support ongoing governance
- 3 immediate actions assigned and prioritised
- Model training exposure addressed through a clear setting change and governance intervention
Why it mattered
The immediate value was clear: the client surfaced hidden risks and put practical controls in place quickly.
But the bigger outcome was structural.
Before the workshop, AI adoption was happening without a framework. After the workshop, the client had a practical model for understanding usage, reviewing risk, and making better decisions as adoption grows.
Before
- Personal free ChatGPT accounts used for business tasks
- Sensitive PII entered directly into prompts
- No central visibility into AI use across the team
- No formal policy, review process, or risk structure
After
- Clear recommendation to move to a business-managed AI account with stronger protection
- Safer prompting protocol established
- Five-template governance framework delivered
- Full team AI inventory scoped as the next step
This matters because many businesses are in exactly this position. AI often enters through capable people trying to do good work faster. The risk does not begin with bad intent. It begins when adoption outpaces governance.
What made this client different was their willingness to recognise that early and act on it.
What happens next
The next phase is to expand the AI Use Case Inventory across the wider team so the organisation can move from a single-session view to a complete operational picture.
Once that is in place, AutomateNow will support a follow-up review to assess the full inventory against the governance framework, refine controls where needed, and help formalise the organisation’s longer-term AI policy.
Because AI usage will continue to evolve, the framework is designed to evolve with it. That means governance becomes an ongoing operating discipline, not a one-off exercise.
Closing
AutomateNow’s AI Governance Workshop is designed for businesses that want clarity before problems escalate. It helps leadership understand how AI is already being used, where the risks sit, and what practical controls need to happen next — without slowing down the productivity gains that made AI attractive in the first place.
