Q: Lately I have been catching employees using AI to complete their work. We are now in the midst of creating an AI policy. What information should it specifically outline?
A: As technology advances, the use of AI is becoming more common in the workplace.
Employees are beginning to familiarize themselves with programs such as ChatGPT and Copilot, but they may not be aware of the risks of using AI in the workplace.
Creating an AI policy will ideally offer employees guidance on safe usage while also protecting the company from its misuse.
As a reference, the government of Canada has outlined the following tips on how to use AI responsibly. Your company’s policy may use this information as a framework.
Do …
• Write instructions in a way that will allow AI to produce impartial responses;
• Check that the generated answer doesn’t contain harmful stereotypes;
• Be transparent with your use of AI and take responsibility for what is prepared with its use;
• Tell your manager when you use AI and outline the ways in which it was applied;
• Review information generated by AI to ensure it’s accurate;
• Use it as a reference, not a comprehensive final result;
• Be aware that AI is not appropriate for all uses;
• Educate yourself on how AI works;
• Familiarize yourself with the strengths, weaknesses and overall risks of generative AI;
• Use public information with unclassified data only;
• Read and understand the terms of use of the AI tool;
• Set the AI tool so it does not save your conversation history.
Don’t …
• Assume the generated answer is factually correct and does not need to be double checked;
• Use generated responses that are biased/exclusionary or misrepresent groups of people;
• Assign tasks to the generative AI tool that should be completed by a human being;
• Input sensitive, personal or protected information into public AI tools;
• Search for ways to bypass the AI tool’s safety features;
• Portray content generated by AI as your own work;
• Use AI to generate content you don’t have the expertise or the ability to fact check;
• Assume that a single training session is enough despite the fact that generative AI is constantly evolving;
• Rely on generative AI programs;
• Use generative AI tools to work with nuanced language.
Key takeaways
The policy should outline specific AI tools that the company has vetted, licensed and authorized for use at work, if such tools exist.
For example, many organizations have adopted a secure version of Copilot for company use.
Your company’s AI policy should also stress the importance of not relying on AI-generated responses to complete work-related tasks, and to not upload private or sensitive matters to public AI tools.
Each employee should be required to read and sign this policy so that the company may be protected from the misuse of AI moving forward.
Employees would also benefit from regular training on safe usage.
Lastly, it would be ideal for the company’s IT team to periodically assess if employees have accessed public AI tools on company devices.
Such monitoring would also need to be stated in the policy.