April 21, 2023

How to Protect Your Organization Using Best Practices for Generative AI

4 min

In recent months, artificial intelligence (AI) has taken center stage as the technology to watch, with generative AI systems like ChatGPT exciting companies, fascinating journalists, and concerning people in governance and risk functions. All of these are merited. While this technology and the best practices around it are both developing quickly, there are a few things to take into account now to begin future-proofing any work with this technology and protect your organization as you explore using these tools.

What is Generative AI?

Generative AI is a set of computational techniques that are used to generate new outputs, often based on conversational inputs. Like all AI, this is a set of instructions that, when combined like a recipe, can make complex decisions, and sometimes seem like magic—or like another human. Generative AI systems can answer questions, analyze data, write code, create new images based on descriptions, or make videos of real or fictional situations. In each case, the content created is new, or at least novel, based on many millions of examples of content that the AI has been trained on. While these tools can create sophisticated new content, they are not the equal of human work. However, soon they may well support people and products as they complete their own work.

What Risks Can You Protect Against, and How to Protect Your Organization

As we move towards more use of AI in our organizations, it is important to consider the technology, put in place best practices and guidelines for your organization, and thoughtfully take advantage of the opportunities presented by AI. These are a few of the things to consider when deciding whether, and how, to use generative AI in your organization:

  • Enthusiasm around these tools may outpace an understanding of their appropriate use or expectations of their output. Establish policies and best practices governing the use of these tools inside your organization, or for any external product offerings you may have.
  • Current generative AI tools are brittle, and function well only within a narrow scope. Evaluate how the system generates output and establish policies that include an appropriate level of human review and verification of generated content. Ensure that terms around external facing integrations emphasize any potential risks of not checking the AI’s work. There is an ongoing debate around the intellectual property rights of AI-generated materials. Be cautious if you use generative AI for work product that you need ownership of or are producing for others. Be aware that output that may not be unique, and that ownership could be disputed.
  • If your company is subject to sectoral or other compliance obligations, evaluate existing regulatory frameworks that may apply, regardless of how output is created, or a decision is reached. Understand whether a particular generative AI tool can comply with any legal, compliance, or ethical obligations.
  • Generative AI tools usually require you to submit information to the cloud, since processing requires large amounts of computing power. Don’t use AI tools that you don’t have an established contract with or control over to process sensitive, confidential, or privileged information. Review the terms and legal documents for any generative AI tool to ensure that they are consistent with your own terms, particularly your privacy policy and any copyright or ownership concerns.

While the technology behind generative AI is new, there are rules and regulations already in place that govern its use in particular situations. For example, AI tools used in hiring may be subject to the same anti-discrimination requirements that other hiring processes are subject to. Even so, there are many proposals that seek to regulate development or use of AI tools, with generative AI squarely in regulators’ sights. As best practices become clear, regulators in the U.S. and globally have been working to create governance mechanisms, frameworks, and rules for AI use.

AI and generative AI are going to remain a part of our work for the foreseeable future, even though it is early days for this technology in the public market. If you or your organization have questions about the risks, opportunities, and best practices of this technology, or simply wish to learn more, don’t wait to contact our technical experts and legal professionals , who stand ready to advise and assist.

If you have questions or concerns about privacy and generative AI, contact Heather West or any of the professionals on our Privacy and Data Security team.