The Generative AI Bullet Train: Get On Board, But Know The Risks
Artificial intelligence (AI) is the greatest disrupter of commercial and legal operations for decades. But while AI opens opportunities to help propel businesses ahead, is it also a tyrant to be reigned in?
Recent news headlines reveal the vast benefits of generative AI, a form of deep learning (think ChatGPT and deepfake photos and videos). But the risks – not least because of the lack of regulation – must not be ignored.
The opportunities for businesses are undoubtedly vast: the accurate production of text at in seconds, improving the customer experience with creation of artificially-created ‘presenters’, simulated photos and images; speedier generation of new ideas; greater optimising of workflow processes and more. But understanding the associated risks of embracing the latest AI is crucial.
Risks
The Information Commissioner’s Office (ICO) recently issued a warning to the business community not to be blind to the risks “in their rush to see opportunity”. The fact is: AI technologies are moving at bullet speed and business organisations could get caught sharp for compliance breaches in their rush to jump on the AI train.
To be clear, the ICO is not discouraging businesses from adopting new technologies, rather it is seeking to encourage them to recognise the risks. However, it says it will take action where there is “risk of harm to people through poor use of their data”. Two particularly key issues of concern are data protection and privacy risks
The ICO is also reviewing the use by key businesses of generative AI, which creates ostensibly original content after collecting or querying vast volumes of information from publicly accessible sources online - including personal information. The potential power of these systems can transform businesses and entire industries. The ICO review will be looking at whether businesses have tackled privacy risks before introducing generative AI.
Stephen Almond, the ICO’s executive director of regulatory risk, recently said: “Spend time at the outset to understand how AI is using personal information, mitigate any risks you become aware of, and then roll out your AI approach with confidence that it won't upset customers or regulators.”
What should we do?
Any business looking to invest in and utilise generative AI need to be fully aware of the risks from the start. They can then implement practical measures to assess, monitor and deal with the risks, having procedures in place to promptly raise alerts to potential compliance issues arising. This means updating IT policies, introducing appropriate and up-to-date staff training, drawing up robust governance policies and staff policies (such as a ChatGPT policy).
The ICO recommends the use of privacy enhancing technologies – particularly for organisations using large volumes of personal data. Other important tech such as data loss prevention technology is also available.
The ICO website has a raft of tools to help businesses deal with the risks associated with AI at ico.org.uk.
If you would like us to cover an issue in the next NGM Tax Law Newsletter, we would be pleased to