Newly Updated Guidance: FPF Releases Updates to the Generative AI Internal Policy Considerations Resource to Provide New Key Lessons For Practitioners

Today, the Future of Privacy Forum (FPF) Center for Artificial Intelligence is releasing a newly updated version of our Generative AI internal compliance document – Generative AI for Organizational Use: Internal Policy Considerations, with new content addressing organizations’ ongoing responsibilities, specific concerns (e.g., high-risk uses), and lessons taken from recent regulatory enforcement related to these technologies. Last year, FPF published a generative AI compliance checklist, which drew from a series of consultations with practitioners and experts from over 30 cross-sector companies and organizations, to provide organizations with a powerful tool to help revise their internal policies and procedures to ensure that employees are using generative AI in a way that mitigates data, security, and privacy risks, respects intellectual property rights, and preserves consumer trust. 

Generative AI uses have proliferated since the technology’s emergence, transforming how we interact, work, and make decisions. From drafting emails and computer code to performing customer service functions, these technologies have made significant progress. However, as generative AI continues to advance and find new applications, it is essential to consider how the internal policies governing them should evolve in response to novel challenges and developments in the compliance landscape.

Key takeaways from the Considerations document include:

• Privacy, data protection, and AI impact assessments are ongoing responsibilities that entail cross-team collaboration from across the organization;
• Employees using generative AI systems should be aware of public policy considerations—such as those related to addressing bias and toxicity—that override system outputs in order to mitigate or prevent the social and ethical harms that may arise from the deployment of generative AI systems;
• In addition to privacy counsel, organizations should engage with experts representing a variety of legal specialties to issue spot and identify appropriate mitigations; 
• Organizations that develop and use generative AI tools should follow the latest enforcement trends, such as algorithmic disgorgement, and use them to encourage internal compliance with legal requirements; and
• It is important for organizations to evaluate whether certain applications of generative AI systems either qualify as high-risk uses, or are prohibited under relevant laws, such as the EU AI Act, as these determinations can affect organization’s compliance obligations and the contents of internal policies.

As generative AI becomes mainstream through tools such as chatbots, image generation apps, and copilot tools that help with writing and creating computer code, it introduces new and transformational use cases for AI in everyday life. However, there are also risks and ethical considerations to manage throughout the lifecycle of these systems. A better understanding of these risks and considerations is essential as practitioners devise policies to manage the benefits and risks of generative AI tools. The re-release of Generative AI for Organizational Use: Internal Policy Considerations strives to do this. Download the updated version of the Considerations document.