Should you consider implementing a policy on the use of generative AI?

Samsung has temporarily restricted the use of generative AI tools on company computers after it discovered that some employees had misused the technology by uploading sensitive code to ChatGPT. Should you consider implementing a policy on the use of generative AI?

Generative AI, such as ChatGPT, has great potential for business use in terms of enhancing employee productivity and efficiency, but it’s also not without its legal risks, particularly relating to data protection, the protection of confidential information, and copyright infringement

How far can you go with AI?

Samsung has banned the use of generative AI on company computers. It has also warned staff to take precautions when using the technology outside of work and advised them not to input any personal or company-related information into the services.

All workplaces are different, and some will have no use for the AI technology being developed, but some will.  Your employees may already be experimenting with using generative AI tools without your knowledge or permission, particularly if they’re in creative, software development, or other content creation roles. 

If this is the case, you might want to consider controlling the extent to which staff can use generative AI for work-related purposes. While the simplest policy would be a total ban on the use of generative AI (even if that’s only until you can better understand the risks and therefore formulate a better-informed policy), you might alternatively want to allow staff to use the technology to create content in a controlled way. In this situation, you should ask yourself the below questions: 

Questions to ask yourself when implementing an AI policy:

  • Which technology are you going to allow?
  • Will the generative AI outputs be used only within your business or externally too?
  • What will be the technology’s permitted/acceptable use cases, and what will be its prohibited use cases?
  • Are employees going to be warned not to share any confidential business information or personal data with the technology?
  • Will employees be required to carefully check the outputs for truthfulness, accuracy, and bias?
  • Will employees be required to amend the outputs to both suit the specific context and minimise the risk of copyright infringement?

You know whether this technology is something your company has or may wish to use; if you would like us to draft you a policy and guide you on how to implement and monitor such activities, please give us a ring.