Insights
AI Is in Your Workplace – What Are Your Generative AI Employee Guidelines?
December 7, 2023
Following the buzz created by OpenAI’s release of GPT-4 in the spring of 2023, generative artificial intelligence adoption has continued to grow immensely. According to McKinsey, 60% of organizations are now leveraging generative AI in at least one function of their work. Out of those who are using the tool, 40% plan to increase their investment and 28% have added it to their board’s agenda.
Some of the many advances made through AI include the automation of routine tasks, expeditious processing of workflows, more effective chatbots for better customer engagement, smart decision-making and reducing human error, content generation, and many, many more. There are also many societal benefits being derived from AI, as seen in health care (early diagnosis of diseases), education (better platforms for student learning), and environmental protection (reduction of carbon footprints and early warning systems for disaster management), to name a few. Nevertheless, there are also some warning signals. Recent advances in AI have raised alarms within the public domain regarding how companies prepare their organizations to harness the efficiencies presented.
The global race to create generative AI is outpacing universal AI governance. The EU is leading the way with the introduction of the AI Act to be finalized and in place early in 2024, which will afford organizations two years to comply with the new regulatory framework. But the technology is already outstripping the draft regulatory frameworks, a problem many foresee as an ongoing concern with how fast AI is moving.
Large Language Model (LLMs) platforms such as Open AI’s ChatGPT, Amazon’s Bedrock, Google’s Bard, and Salesforce’s Sales GPT & Service GPT, along with many other tech companies, large and small, are scrambling to offer the latest generative AI solutions to all. ChatGPT has become the fastest web platform to reach 100 million users, a clear indication that generative AI is not going away. What security issues come with generative AI? How are the privacy concerns of individuals being met? What guardrails are in place to ensure there is a governance structure to follow? Furthermore, what regulatory bodies will invoke governance laws to ensure all organizations remain compliant?
The Lack of Generative AI Regulation
In late March of 2023, 1,000 leading individuals in AI issued a letter suggesting a six-month global pause on advanced AI development until shared safety protocols for designs are developed, implemented and audited by independent experts. “Powerful AI systems should be developed only once we are confident that their effects will be positive and their risks manageable,” the letter said.
The UN has also weighed in with recent declarations from U.N. Secretary-General Antonio Guterres stating, “AI will have an impact on every area of our lives” and suggesting that the creation of a “new United Nations entity to support collective efforts to govern this extraordinary technology” would be in order. While recognizing AI’s benefits to society in health care, education, human rights, and business, left unchecked, it can become a very dangerous tool used for the wrong purposes.
In late July, President Joe Biden met with leading technology firms Amazon, Anthropic, Google, Inflection, Meta, Microsoft and OpenAI to discuss their voluntary commitment to the “safety, security and trust of AI”. In addition to these commitments, on October 30th, Biden issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence advancing a framework to be used by both federal agencies and the private sector.
In Canada, the recent hearings on Bill C-27 which included the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence Data Act (AIDA), which is a modernization of PIPEDA, are bound to have an impact on LLMs with pending legislation sometime in 2024.
So, where does this leave us today? In the absence of international collaboration on a regulatory framework, country regulators and local enforcement will be necessary at least for the short term. Broader universal enforcement will be required to ensure that new developments related to AI will require rigorous review and inspection before being released to the general public. Will this eliminate the dark side of AI – Probably not. But in the absence of such regulation being crystallized, there are steps organizations should consider before they get too far down the rabbit hole. An important and immediate step your organization should implement immediately is a generative AI governance policy.
Creating Your AI Governance Plan
ChatGPT and BARD are the dominant platforms that perform a wide range of tasks, including generating content, summarizing documents, generating code for software, HR training and development, and writing comprehensive business plans, among many other performance features.
There are inherent risks involved with employees using open-source platforms for potentially sensitive information. Remember open source means your responses are part of the aggregation of information being used to further train the open-source model. Many companies have shifted to a closed enterprise generative AI system which is where we at Adastra have been spending a great deal of time recently.
Generative AI is not a simple plug-and-play process. It requires careful consideration and having a policy in place to govern employee actions is essential to safeguard your organization while harnessing the power of AI. Your generative AI policy should identify the following:
Scope
What purpose(s) are employees permitted to engage with AI tools? Identify the areas that might make sense and add value to your organization – drafting materials, initial research, and creating reports are a few areas with great benefits. Also, identify areas that will either not be permitted or may be limited – using client information, investment decisions, and personnel decisions for employees, to name a few. Consider everything you are doing in the public domain. Ensure your security and data privacy policies are upheld in all facets of your generative AI governance policy. Consider watermarking all documents that have incorporated generative AI. It will allow greater visibility and may lead to further scrutiny of sensitive areas that require more analysis.
Quality Control
Consider training your AI tools using either data that your customers are openly sharing with you or first-party data you collect. While it is impossible to remove all biases from your training data, it is good practice to have a human review process in place to remain compliant. Users can often over-rely on the outputs generated by these tools without questioning their accuracy – a phenomenon known as automation bias. Generative AI platforms are also capable of producing incorrect information in such a convincing manner that the user is led to believe the information to be true – a phenomenon called hallucinations. Both instances cannot be overlooked, and vigilance is required to ensure the accuracy of the information you are collecting.
Prompt Engineering (PE)
PE is a review process whereby your programming team is fine-tuning LLMs to create the best possible data quality design for improving the useability and interpretability of AI systems. PE experts help identify both errors and capabilities within your model, helping to reduce biases and hallucinations while giving clearer information consistent with your company’s standards and requirements to enhance your downstream objectives. Consider PE as table stakes for your generative AI program.
Cybersecurity and LLMs
At this stage of heightened popularity of the effectiveness and time savings with some of the leading platforms, the dark web has recently advertised the arrival of WormGPT and FraudGPT. While there is little impact to date on the security of the larger platforms such as Google, Microsoft and OpenAI, the ability for criminals to better articulate messages for phishing exercises and writing malware codes in volumes not previously seen are a growing concern.
Employee Training
Having a generative AI governance policy training session for all employees is critical to fully understand the framework boundaries. As generative AI is still very much in the infancy of its development, the velocity in which it is moving will require ongoing updates to your training. You should consider regular (quarterly) reviews along with any regulatory changes (there will be many). Hence, all members of your organization are clear on the policy and any additional changes as they occur. As inputting client and company data can be risky, it is important that all employees understand and adhere to organizational policies to ensure responsible usage of the platform.
Ongoing Monitoring
Ongoing monitoring of employee engagement and generative AI usage will allow you to observe and ensure compliance carefully. Have a policy in place whereby individuals using one of the Generative AI platforms must tag their work so that others are aware of the source. Create a team of individuals within your organization that will be responsible for this area; significant regulatory changes are coming. Additionally, this team should monitor activities related to your organization’s new AI Governance structure to ensure all employees comply with the mandated framework. You want to have qualified “eyes” on everything to ensure compliance.
Regulatory
The regulatory environment is forthcoming. It would be prudent to have your legal counsel abundantly aware of these changes beginning with the European Parliament’s AIA on January 1, 2024. Canada, the United States, along with many other countries, will follow shortly, and your governance structure may be impacted. Being compliant will involve close attention to these global regulatory bodies and the introduction of amendments to your generative AI policy.
These are exciting times. We are experiencing many efficiencies and discoveries that will positively impact our society and economy, so we must embrace AI. Having a keen eye on what your organizational generative AI governance policy is capable of today will undoubtedly pave the way for a greater tomorrow.



