How to Build an AI Usage Policy
By Deborah Garry, Founder & CEO
As I was developing a presentation I gave recently on AI & Marketing, I was struck by the emphasis I found on developing a sound and thoughtful AI corporate policy.
As you begin to integrate AI tools into your processes and procedures, consider mitigating possible risks by building close collaboration between your legal resources, team managers and IT personnel so they choose the appropriate AI tools for employees and ensure vendors are closely vetted.
Why Organizations need an AI Usage Policy
Why is this important? Brands actively adopting AI tools are likely going to have a greater advantage over those who are hesitant.
Given the potential and the limitations inherent in AI, (see our blog about that) here are some best practices to consider in drafting an AI Usage Policy for your organization.
1. Principles
First, articulate the principles and guidelines for your organization.
- The Mission Statement: Why this policy exists, who it is for, and what it covers.
- The Principles. Be explicit in defining how AI is used in your organization
- Accountability – be diligent in capturing and retaining records on all of the ways AI is used
- Transparency – be clear about what AI is used for to everyone – from clients to partners to employees
- Fairness – be committed to strong oversight to avoid implicit and explicit bias in AI outcomes
- Privacy – be dedicated to the privacy of people using or impacted by the AI solution
- Safety Procedures – ensure the AI has been tested
- Reliability Standards – how consistent and stable the system can perform over time and across different situations, such as changes in data, environment, or user behavior. Typically, reliability is ranked according to the soundness, fairness, transparency, accountability, robustness, privacy and sustainability of a given system. However, there may be tradeoffs between accuracy and reliability.
- Performance Model – how well does the AI perform its task?
- Procedures for continued improvement – start slow, and test
- Feedback Mechanism – develop an open communications plan that everyone can use to express concerns and/or learnings
2. Data Usage & Oversight
Second, decide how data will be used, managed, and monitored.
- Sources of Data used to train AI systems are accurately documented, acquired ethically, and are not inadvertently released to public AI platforms in a way that can be absorbed and accessed outside of the organization
- Anonymize data to protect identities (especially important in medical but applicable to all industries)
- Transparency on what data is used and why
- Storage of data is secure with a robust protection program
- Transmission of data is conducted securely with industry standard (or better) encryption models
- When AI is solely responsible for decisions (no human intervention), such decisions should be clearly noted and transparent
- A process for challenging decisions should be clearly documented and available to all impacted parties, and executed consistently
- Ultimately, final decision making authority must be assigned to a human being with transparency on who that is (whether an individual or group)
3. Organizational
Third, implement necessary organizational protocols and policies.
- Ensure all your employees, current as well as new hires, are trained on the AI platform and are informed of the AI policy, and sign off on it as needed
- Provide a safe and secure means for raising concerns and questions, reporting violations, and providing feedback without fear of retaliation
- Document and implement a clear policy on disciplinary procedures should the AI policy be violated
- Outline and remain true to commitments to collaborate with clients, partners, industry leaders, regulators, government agencies and academics to review and refine AI practices, incorporate new learnings, and stay up to date on the latest trends and requirements
Disclaimer
The information provided in this blog does not, and is not intended to, constitute formal legal advice; all information, content, points and materials are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. Incorporation of any guidelines provided in this article does not guarantee that your legal risk is reduced. Readers of this blog should contact their legal team or attorney to obtain advice with respect to any particular legal matter and should refrain from acting on the basis of information on this article without first seeking independent legal advice. Use of, and access to, this article or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user or browser and any contributors. The views expressed by any contributors to this article are their own. All liability with respect to actions taken or not taken based on the contents of this article are hereby expressly disclaimed.