To print this article, simply register or log in to Mondaq.com.
OpenAI, a private AI research and deployment company, announced the general availability of ChatGPT in November 2022. ChatGPT is a generative AI chatbot that enables human-like conversations. Due to its availability and ease of use, it has become very popular and has reached a record-breaking 100 million users by the end of January 2023. ChatGPT’s popularity has spurred other tech companies to launch generative AI applications. The rate of adoption of generative AI is impressive and alarming for some employers.
Companies across industries are responding to the infiltration of generative AI into the office. Many banks, defense contractors, and telecommunications companies have banned ChatGPT in their offices. Gartner recently surveyed HR professionals about the spread of ChatGPT in the workplace. Nearly half of those surveyed said they have created employee guidance on using ChatGPT. In contrast, about a third said they would not publish a ChatGPT usage policy at work.1
There are two key realities about generative AI in the workplace. (1) Employees are already using her ChatGPT and other generative AI at work. (2) little or no regulatory or legal framework to protect the business;
With its wide availability and ease of use, employees across all industries are finding ways to use generative AI at work. A recent study conducted by Fishbowl and Monster.com revealed that he 50% (50%) of workers surveyed use generative AI to perform or automate tasks in the workplace. rice field. However, the majority of these workers, nearly seventy percent (70%), have not yet told their employers.2 Cyberhaven Labs, a cybersecurity company that provides tools to identify and defend against cyberthreats to client data, says its employees continue to see exponential growth in the use of generative AI applications, especially ChatGPT. I am reporting that there are3 With or without policies, it is inevitable that some employees are using generative AI to help them in their jobs, or are already using it, unless we outright ban its use in the workplace.
The broad scope of creating and continuously learning capabilities of generative AI pose challenges to the application of existing regulatory and legal frameworks. Potential uses for this technology involve the many current laws and regulations governing products, privacy, intellectual property, and a myriad of industry-specific regulations. These existing laws and regulations failed to anticipate generative AI, leaving many open questions with few answers. Some governing bodies are recognizing regulatory and legal voids and launching proposals and initiatives. This year, China and the European Commission separately proposed legislation or regulatory frameworks aimed at AI developers, distributors and users. On April 11, 2023, the National Telecommunications and Information Administration (NTIA), a branch of the U.S. Department of Commerce, formally asked for input on policies that should shape the AI accountability ecosystem. Some states have passed laws on specific uses of AI technology, but most are based on consumer protection.None are considered frameworks aimed at regulating generative AI in the workplace
Turning a blind eye to generative AI can be costly.
Whether or not your business intends to take advantage of this technology, you should be aware of the risks associated with the lack of policies and training to address the use of generative AI in the workplace. Companies that are unwilling to analyze this technology and deploy procedures to regulate its use may face three significant risks:
- Unauthorized disclosure of intellectual property, confidential information, or trade secrets.
- Liability for Violations of Privacy, Consumer Protection, or Other Laws.and
- Lack of reliable monitoring, auditing, or internal checks.
Given the certainty that employees are using or plan to use generative AI in the workplace and the lack of current regulatory and legal frameworks explicitly targeting generative AI applications, these risks are not real. and can prove to be very costly.
Risk number 1: unauthorized disclosure:
The biggest risk companies face from generative AI is the unauthorized disclosure of sensitive information, trade secrets, or other intellectual property. Employees can easily share information with ChatGPT (or other generated AI) by cutting and pasting portions of documents into prompts. Such disclosure may lead to loss of trade secret status or additional protection and may give rise to contractual and other types of liability. Data security service Cyber haven recently reported that just over 3% (3.1%) of his monitored workers disclosed sensitive information to her ChatGPT. Also be aware that unsupervised and unregulated employees pose a significant and increased risk to unauthorized disclosure. “The average company leaks sensitive material hundreds of times a week to her ChatGPT, which incorporates and shares that material into its public knowledge base.”Four
Risk 2: Violation of Privacy, Consumer Protection and Other Laws:
Current data privacy and protection laws regulate and protect the privacy of consumers’ personal, financial and protected health information. Businesses that treat this information as a necessary part of their day-to-day operations include the European Union’s General Data Protection Regulation (GDPR), Federal Health Insurance, the Portability and Accountability Act of 1996 (HIPPA), and the California Consumer Privacy Act (CCPA). privacy laws of various states. With his one simple act of cutting and pasting protected data into generative AI, employees could violate these protection laws and expose the business to liability. Given how often the average company leaks confidential information to ChatGPT, many breaches can occur before employee misuse is finally discovered.
Depending on the “terms of use” for generative AI tools and the data used to train them, the unregulated use of generative AI by employees can result in business liability. As employees become more reliant on generative AI, they are less likely to verify the accuracy of technology answers. Most AI applications disclaim representations and warranties regarding the accuracy of the tool’s answers. We may also be unaware of when generative AI will provide results that infringe existing copyrights, trademarks, or patents. Employee mistakes relying solely on generative AI adds a layer of legal risk to your business.
Risk number 3: Lack of reliable monitoring, auditing and internal checks:
The use of generative AI by unsupervised employees can effectively “undo” procedural and digital safety mechanisms. Employees accessing these tools via the Internet or proxies can interact with all sorts of information, making it difficult to monitor the information accessed. Detecting and preventing unauthorized access to sensitive information and other inappropriate uses of generative AI is also a problem in the absence of training and policies for its use in the workplace. Even in the best of circumstances, the need for greater transparency around some generative AI algorithms and machine learning models makes it difficult for companies to audit their decision-making processes. Unregulated use of generative AI makes the audit process more complex and, depending on the extent of its use, more costly.
A proactive approach is essential to minimizing these risks.
Companies must take a proactive approach to maximizing its productivity benefits while minimizing the risks associated with unregulated use of generative AI. Temporarily banning the use of generative AI while assessing the situation and developing plans, depending on potential risks and liabilities, may help some businesses. With or without a temporary ban, companies need to determine how much generative AI is being used today and decide how to use it.
Once companies have decided how they want to use generative AI, they should:
- Institutionalize the use of generative AI by carefully selecting applications with terms of service, privacy policies, and security measures that complement your business’s unique needs and requirements.
- Update compliance policies and training to educate employees about the types of information they can share with generative AI and identify the types of generative AI applications they are permitted to use.
- Requiring access controls, user authentication, and other measures to ensure that selected generative AI applications have access only to the information they need to perform their role.
- Work with your generative AI provider to ensure that their use of generative AI is monitored and audited to ensure compliance with company policies, guidelines, and current legal requirements.
Generative AI is a rapidly evolving technology, so having a dedicated person or group responsible for executing and updating your generative AI plan is also essential. By taking these measures and remaining flexible and proactive, businesses can minimize the risks that unregulated use of generative AI poses to the workplace.
footnote
1. Mukul Sharma, “ChatGPT Ban? Companies Formulate New Policies to Regulate Use of Artificial Intelligence,” https://www.wionews.com/technology/chatgpt-ban-companies-formulate-new-policies-to- regulate-use-of-artificial-intelligence-574401, updated 22 March 2023, (last visited 11 April 2023).
2. Lindsay Ellis, “ChatGPT saves time at work. Why are some companies banning it?” https://www.wsj.com/articles/despite-office- bans-some-workers-still-want-to-use-chatgpt-778da50e, last updated 22 Mar 2023, (last visited 13 Apr 2023).
3. Cameron Coles, Cyberhaven, “11% of the data employees have pasted into ChatGPT is confidential” https://www.cyberhaven.com/blog/4-2-of-workers-have-pasted -company-data-into-chatgpt/ Last updated on 19 April 2023 (Last visited on 21 April 2023).
4. Cameron Coles, “The Problem of Putting Company Data into ChatGPT,” https://www.cyberhaven.com/blog/4-2-of-workers-have-pasted-company-data-into-chatgpt/ March Update 04/21/2023 (last visited 04/13/2023) (emphasis added).
The content of this article is intended to provide a general guide on the subject. You should seek professional advice for your particular situation.
