Use of Generative AI in the Workplace
Recently, the introduction of Artificial Intelligence has caused many industries and companies to consider how best to govern its use by the employees. In response to such, the Office of the Privacy Commissioner for Personal Data, Hong Kong published the Checklist on Guidelines for the Use of Generative AI by Employees advising managers on corporate governance of AI.
Scope of the AI Policy
- Permitted AI Tools: Clearly identify which specific AI tools are permitted to be used in the course of work
- Extent of Use: Clearly outline the tasks in which AI tools may be utilized (e.g. drafting, summarizing information, creating visual or textual content)
- Applicability of the Policy: Clearly state where and when the policy applies (e.g. specific departments or whole organization)
Protection of Personal Data Privacy
- Input Information: Provide clear guidelines on what types of information can be inputted into generative AI software (consider the sensitivity of proprietary data and confidential data)
- Output Information: Provide clear directions on limitation on the use of information generated by AI tools considering the nature of the input information
- Alignment with Other Policies: Consider the impact of AI generated information on other policies such as those on data storage, personal data handling and information security
Review of AI Generated Information
- Accuracy: Emphasize the importance of human verification of the accuracy of AI generated content
- Bias and Discrimination: Highlight the risks of AI in generating biased information (e.g. due to one-sided input information)
- Watermarking: Provide guidance on the proper citation and labeling of AI generated information
Data Security
- Employee Qualifications: Specify the employee training required for the use of AI tools
- Security Measures: Specify the limited devices on which AI tools can be used. Reemphasize the need for unique and strong passwords.
- Response to Data Breaches: Devise a comprehensive AI Incident Response Plan to mitigate the impact of potential data breaches
- Violations: Specify the possible consequences for violation of the company’s policies on AI use
General Advice on Supporting Employees
- Transparency and Clarity: Regularly communicate and explain the company policies and keep employees updated on new changes or amendments
- Training and Resources: Provide education on the capabilities and limitations of AI tools with along with a designated support team for technical guidance
- Feedback Mechanism: Establish clear channels of communication for the provision of feedback regarding the implementation of company policy
For further assistance on the management of AI use, please refer to the more comprehensive “Artificial Intelligence: Model Personal Data Protection Framework” and regarding data security in general refer to the “Guidance Note on Data Security Measures for Information and Communications Technology” by the Office of Privacy Commissioner for Personal Data, Hong Kong
