Since ChatGPT's launch in November 2022, artificial intelligence has been on everyone's lips. Technology has opened up a world of possibilities. But is there something that you as managers in your organization should be aware of? Of course there is. We have summarized the most important below.
AI, especially advanced Large Language Models (LLM) such as ChatGPT, BARD and T5, opens up opportunities not least to contribute to increased productivity, creativity and thus provide a competitive advantage if you are sharper than your competitor to get the best out of of the AI tool. However, responsible, safe and effective use of AI requires some thought.
Dansk Erhverv has therefore published a number of good advice for managers and employees in connection with the use of artificial intelligence. The Center for Cyber Security has also published a number of considerations on IT security that are also worth considering. We have tried to summarize:
- Policy for use of AI: We encourage you to draw up an internal policy that establishes guidelines for the use of AI in your organisation. A well-defined policy will ensure responsible use, transparency, clear frameworks for use and resource consumption. This will be crucial to ensure a harmonious integration of AI in your workflows.
- Long-term business strategy: It is essential to evaluate your organization's long-term strategy and competitiveness in relation to AI. Consider the value of data used to train models and weigh the pros and cons of building internal capacity versus using external models.
- Legislation in the area: It is important to keep up-to-date on the legislation in the area to ensure compliance and future-proof your business practices. This applies not only within personal data law, but also legal areas such as copyright and IT security. It may be mentioned that there is a instructions on the way from the European Data Protection Board. Here you can get hold of us at any time Unitas.
- Protection of data: Pay attention to which information you process in the models. Several models are not closed systems and therefore should not used to process confidential or sensitive personal data or trade secrets. You must thus ensure privacy, security and protect trade secrets.
- Copyright and Intellectual Property Rights: Be careful not to infringe on the intellectual property rights of others when using AI tools. Avoid using other people's work, images, products, etc. without permission. You must also be aware that AI-generated material generally does not obtain copyright protection.
- Abuse of AI models: Be aware of the risk of misuse of AI models. This applies both internally and externally. It is important to have clear guidelines and procedures in place to prevent accidental or intentional misuse of AI models. This may include access control, traceability of actions and continuous monitoring of the system to identify potential abuse scenarios.
- Training of employees: With the increased use of AI models, it is important to ensure that your employees are properly trained and have the necessary skills to work with these technologies, but also understand the risks involved. Consider workshops that focus on increasing employee understanding of AI as well as AI's application areas.
- IT security: The AI models are used by hackers to make their attacks more frequent and effective. Among other things, the models can be used to generate credible phishing emails or malware. CFCS therefore recommends that all systems, programs and devices are kept up to date, that basic security measures are implemented, that a procedure for incident management is established and tested, and that data and configurations are backed up in a separate environment.
There are many factors to take into account, and development in the area is progressing rapidly. Overall, it can Unitas help through analysis, preparation of policies and procedures as well as advice in all the areas mentioned.
From a data protection perspective, you should involve Unitas early in the implementation of AI, as the process may include the processing of personal data that must be mapped in your compliance system, including the preparation of DPIA (consequence analysis) and TIAs (transfer impact assessment).
If you want advice about information security, GDPR, NIS2 etc., you are always welcome to contact us. You can read more good advice on the use of AI in the articles from Dansk Erhverv and Center for Cybersecurity.
References:
Danish Business (2023), Good advice for companies' use of artificial intelligence: https://www.danskerhverv.dk/siteassets/mediafolder/dokumenter/09-gode-rad-om/gro_kuntig-intelligens.pdf
Center for Cyber Security (2023), Theme article: AI and cyber security: https://www.cfcs.dk/da/temasider/ai-og-cybersikkerhed/
Safe Digital (2020): Measures to ensure the use of artificial intelligence: PowerPoint Presentation (sikkerdigital.dk)