Artificial Intelligence Policy Writing
How do you write a policy for the use of artificial intelligence (AI) in the workplace?
This is not one of the standard policies that can be a quick copy and paste from the internet.
What is the AI appetite of your organization?
How is your organization using AI?
Does your organization have regulatory/ compliance requirements?
What is the AI appetite of your organization?
What does this mean? Think of it as a similar exercise as determining the risk appetite of your organization. Some organizations want to use AI for innovations, others to aid in streamlining tasks to free up employees for other tasks. And, some organizations are not ready to use AI in any way.
Sometimes the discussions are held in security committees or working groups to determine what the right level of AI usage is acceptable to the organization. It is important to keep in mind that the AI appetite may change as more is learned and the rating may need to be updated.
How is your organization using AI?
This is a question that most organizations are not able to answer fully without research and understanding. There are many players that have to look at how things can be used in each part and the overall picture.
Ethics play a big part in how organizations are using AI. This is not a neat and tidy question to answer. Ethics is often seen as black and white when in reality it is black, white and a huge gray area. What one person sees as okay with no issues another person can see as very wrong and against good judgment.
How does an organization figure out the balance between advantages and disadvantages with a side of ethics with AI? Well, it is the age-old answer of having to try things out. Trying things out with boundaries - that is. Remember using the guardrails when bowling. New technology requires that same plan. Start figuring how to get the ball down the lane with the guardrails to get things figured out. Make stricter rules for the use of AI within the organization to have guardrails such as AI use tracking. Once the how is answered the guardrails can be adjusted to meet the needs of the organization.
AI use tracking allows for innovation within the organization using AI while keeping data protected. This tracking also provides the data required to figure out how the organization is using AI and what rules or guidelines need to be in place to protect the organization.
3. Does your organization have regulatory requirements?
While the organization does a going through the discovery phase of integrating AI there are data protection rules that must be followed. It is an interesting balancing act that does require attention and constant adjustment to ensure compliance and innovation do not hinder one another.
Some organizations will simply have to say no to AI usage right now as regulatory requirements have not provided any guidance on how to implement AI.
Other organizations may be able to use AI technologies in some departments and not others. Marketing may be able to use the technology while engineering is not. Guidance may simply be down to what type of data is needed and how it is going to be used.
As I said, it is a balancing act that may have trial and error which is not the easiest process to implement. These questions are the starting point to give a framework for a policy. This will be one of those policies that has many updates and revisions as more data is collected and the technology matures.