Generative AI: Rules of the game

We all know that the adoption of Generative AI platform / tool has grown at a breakneck pace. The focus is often on Open AI's large language model, Chat-GPT. But GenAI does not stop at text generation. It also promises greater efficiency, improved output, and better use of resources to produce other content. However, organizations that want to take advantage of this should also be aware of the potential threat this technology has posed to the business world. This requires them to set few rules of the game to protect the sensitive data and customer privacy - to avoid running afoul of regulators.

Despite all the excitement about the potential of the now widespread and easily accessible technology, there is growing concern about its legal admissibility and possible liability risks for companies. Not least the temporary ban on Chat-GPT in Italy has shown that GenAI's features entail many legal uncertainties. Companies that want to use GenAI in their own business should therefore address these challenges. If GenAI tools are used incorrectly, there is a risk of fines, claims for damages, cease-and-desist letters, or the unintentional disclosure of trade secrets. Companies can counter this by creating internal guidelines for the use of GenAI that provide employees with clear rules on how they should handle data in the new environment. There are some key points that I believe should be considered when drafting a GenAI policy for their business:

Differentiation between Input and Output Data
When dealing with GenAI, it is important to look carefully at the data used. Users can "feed" the tool with their own data ("Input Data") and then use the data generated by it ("Output Data) for different purposes. Both data sets require separate consideration with corresponding guidance for employees.

Training of GenAI models
GenAI acquires its capabilities through training with (large) data sets. In some cases, ongoing training to meet the user's needs is beneficial and desirable; in other cases, it could be undesirable or even harmful. It is therefore important to check the requirements in the individual case in their company and to make appropriate agreements with the GenAI service provider. This must be reflected accordingly in the internal guidelines for employees.

Privacy
Data protection can be a major stumbling block for companies when using GenAI. This is particularly risky because data protection violations can result in severe fines. Companies should therefore be aware of the exact processing of Input Data carried out by the GenAI tools they use. This is a prerequisite to provide a sustainable legal basis for data processing performed by the tool and to fulfil the information obligations towards the data subjects accordingly.

Intellectual property rights
While companies entering Input Data must ensure that they have the necessary licences for the intended use, many complex questions can arise with regard to the rights to further use of the Output Data. To avoid costly cease-and-desist letters from rights holders, appropriate measures should be taken to minimise this risk, depending on the use scenario. This also requires clear rules for employees who are trained in its use and any necessary checks before Output Data is published.

Trade secrets
Companies also need to think about protecting their trade secrets when using GenAI. Agreeing how the software works and how it handles Input Data with the service provider can help prevent confidential data from appearing in the wrong place.

Security, Truth and Bias
GenAI is powerful, but not omnipotent. The possibility of incorrect Output Data must never be lost sight of. Appropriate measures must be taken to prevent this from causing damage to the business or third parties. Adverse outcomes can also occur if Output Data are biased against certain people. Companies should therefore also take appropriate measures to address this risk.

Every new wave of technology adoption comes with threats – but to ignore GenAI’s potential poses a far greater risk to enterprises in the long term. To manage risk effectively, enterprises must implement an architecture able to meet all challenges while offering a route to successful GenAI deployment. But the bottom line is enterprise leaders need to work with their risk, security and legal stakeholders as early as possible, collaborating with them so they understand the unique characteristics of GenAI and they can put themselves in the best possible position to unlock the potential of GenAI without falling foul of the dangers increasingly associated with it.

 

*********************
*************

Comments

Post a Comment

Popular posts from this blog

Generative AI & Meta-Leaders

In the wake of advances in generative AI and large language models (LLMs), there is excitement about what the technology means for businesses. But we should not forget that this advancement is also posing a catch-22 situation to the traditional leadership. The transformative potential and rapid acceleration of generative AI are creating an imperative for them to act quickly. They should rethink their skillsets and develop new skillsets like – ability to make better sense of data insights, ability to ask better questions, ability to learn from smart mistakes etc. It is true that ChatGPT has taken the world by storm. In just 5 days since its launch in November last year, it gained one million users, a feat that no other popular online services have managed to achieve. But it is not the only generative AI tool, others include Midjourney and Dall-E for images generation, GitHub Copilot for coding, and even conditional generative adversarial networks (cGAN) such as Pix2Pix, developed by
Read more

Good automation! Select right process for RPA

Someone said very rightly – “Automation is good, so long as you know exactly where to put the machine.” In all my previous blogs I wrote about BOT failure, ROI Modelling, Cost saving, RPA Governance, CoE, POC, POV etc. But then I realized that before taking a deep dive into any of these subjects, first we need to have a right RPA process identification & prioritization methodology in place. Everybody across the industry agrees that Robotic process automation (RPA) can make a big difference for organizations tormented by repetitive routine processes – the kind that suck up the productivity of people whose time would be better put toward more important work. But many are confused by what seems to be a deceivingly simple question — which are the right processes for RPA? The poor choice of process for initial pilot is the leading root cause for failure to meet customers’ expectations. Robotic Process Automation (RPA) doesn’t suit every process and in majority of cases we don’t have
Read more

RPA Exception Handling – Be in control

Companies in every major industry are turning to semiautonomous computers (better known as BOTs) to automate large- and small-scale business processes. This technology replaces human intervention in back-office operations, improving operational efficiency, reducing costs and increasing margins. However, organizations cannot employ this technology effectively unless the BOTs are engineered properly. And one of the most important component of this BOT engineering is Exception handling or in simple words right categorization of the errors and then developing solutions around the same to deal with those errors to meet the expectations of the RPA owner. Occasionally, in the course of its work, an RPA BOT definitely encounter a situation it was not programmed to handle – and, in those cases, it will stall. Those cases can be for foreseeable reasons – security or access constraints – or it can be for unforeseeable reasons – like missing or incorrect data. Increasingly, RPA developers are ab
Read more