With the rise in usage of generative AI, it’s become very common for many knowledge workers to leverage ChatGPT in crafting email communications, draft deliverables, and perform routine workplace document generation tasks. This has opened up a new world of possibilities… and risks.
ChatGPT tells you from the jump not to share your secrets and sensitive information with it. But is everyone in your organization aligned on a common definition of “sensitive information”? Do you have operational standards in place to guide employees on how to classify data as “confidential” or “non-confidential”? If not, a whole new can of worms may just be opening up in your organization as your employees start to use ChatGPT.
Most organizations have “Acceptable Use Of …” policies guiding how employees use hardware devices, software applications, the internet in a bid to mitigate associate risks of loss of access or data that can damage the organization’s income, reputation or key assets. There’s clearly a case here with generative AI. ChatGPT promises to “aggregate and anonymize” your data if it ever needs to use it to improve system performance and capabilities. But there are definitely categories of information that cannot be anonymized in totality. Because of the promise of aggregation and anonymity, users may lose their guard when sharing input prompts and include confidential company information while interacting with the ChatGPT model.
To stay ahead of the potential risks, it’s time to get an Acceptable AI Usage Policy. Some organizations might reflect on the risks and prefer to ban outright use of generative AI, but this isn’t recommended as there are definitely benefits of getting quick access to functional knowledge, generating process workflows in minutes, fast-tracking online research, and swiftly developing or debugging code, all of which provide organizations a degree of competitive advantage. Instead of an outright AI ban, provide guidance on acceptable AI use in your enterprise through an Acceptable AI Use Policy. This policy should itemize the ways employees can use generative AI, and the ways they cannot use generative AI. Since this is an emerging space, the policy should also make it clear that reviews to the policy will be frequent and employees should employ good judgement, erring on the side of caution in the gray areas.
Have you started to put together your “Acceptable AI Usage” Policy for your organization?
#MondayMusings
No Comment! Be the first one.