There is little doubt that commercially available artificial intelligence (AI) tools are transforming the way people work. Tasks can be completed faster and cheaper, and you can tap into a broader range of information sources for more accurate, detailed results and insights.
Many Australian civil servants are also realizing the benefits they can derive from using these tools, including increased efficiency, enhanced decision-making, improved customer experience and more efficient resource management.
Research by the Department of the Prime Minister and Cabinet last year found that Australian communities expect higher standards of care, more customized and personalized services, and greater convenience and efficiency when using Australian Government services. I found out what I was expecting.
AI tools may be a way to achieve this, but agencies must also consider the risks of using AI. These include potential privacy risks as well as the need to ensure compliance with legal privacy obligations and the expectations of Australians.
Many people in the community are wary of using AI technology. In the latest report from OAIC, Community awareness survey on privacy, 43% of respondents are very concerned about their personal information being used by AI technologies, and 71% would like to be told whether AI is being used to process their personal information. thinking about. Almost everyone (96%) wanted conditions in place before AI was used to make decisions that could affect them – 70% said it made no sense to use AI at all More than half (55%) wanted the accuracy of AI – generated results verified by humans.
Unlike some other countries, Australian law does not currently specifically regulate the use of AI by Australian government agencies. However, work is being undertaken by data and digital ministers across Australia to develop an initial framework to ensure government use of AI. This is consistent with AI ethical principles and is expected to include common assurance processes. However, it is clearly still some time before this initiative yields any legislative results that could give legal powers to the handling of personal information.
Agency privacy risks
Government agencies that want to use AI tools or allow contractors to use those tools must ensure they consider privacy risks across a variety of scenarios. These risks may include not being sufficiently transparent about the use of AI tools and ensuring that people are aware of how their personal information is treated by the tools.
Other risks include whether personal information collected through AI tools, including information collected “by creation” (which can occur when data is generated or combined by tools), may affect agency functions or This may include not being able to ensure that it is reasonably necessary for the activity. Meets additional requirements regarding confidential information.
You should also consider the risks associated with disclosing personal information to an AI tool and its subsequent use of that information, including the possibility that it may be made available to other users of the tool. Government agencies must ensure that they have robust technology, risk, and governance controls in place to protect the personal information used.
Given that AI tools can inherit biases, factual errors, and unpleasant content from their training data, the accuracy and objectivity of their output can be unreliable. Other data quality risks can arise from AI tools creating “hallucinations” (i.e. simply fabricating information) or other errors due to the way the algorithms operate.
Considerations for APS staff
APS staff considering the use of AI tools should understand the tool's data flows and ensure that its planned use is clearly documented and consistent with basic ethical principles related to AI. need to do it. Conducting a Privacy Impact Assessment (PIA) is also a very important step. The Maddocks team is currently working with a variety of institutions to conduct a “Fundamental PIA” that considers the use of AI tools in general and can identify appropriate privacy guardrails to apply to specific He AI uses in the future. That's what I'm trying to do.
Such an approach would allow APS to use AI to “enhance” its service offering, subject to appropriate legal safeguards.
