"I Always Felt that Something Was Wrong.": Understanding Compliance Risks and Mitigation Strategies when Professionals Use Large Language Models

Large Language Models (LLMs) have been increasingly adopted by professionals for work tasks. However, using LLMs also introduces compliance risks relating to privacy, ethics, and regulations. This study investigated the compliance risks professionals perceive with LLM use and their risk mitigation strategies. Semi-structured interviews were conducted with 24 law, healthcare, and academia professionals. Results showed that the main compliance concerns centered around potential exposure to sensitive customer/patient information through LLMs. To address risks, professionals reported proactively inputting distorted data to preserve privacy. However, full compliance proved challenging, given the complex interactions between user inputs, LLM behaviors, and regulations. This research provides valuable insights into designing LLMs with built-in privacy and risk controls to support professionals' evaluation and adoption of emerging AI technologies while meeting compliance obligations.