Pythian Blog: Technical Track

It’s Time for ChatGPT Policies & Training

We have seen awareness and usage of ChatGPT explode. An hour does not go by that someone is not dreaming of the power it brings to consumers of technology and information.

With ChatGPT and the broader advancements in the conversational AI space, we have new risks to organizations regarding data usage, data sharing, creation of IP, and protected information. It is time that our data governance, cyber security, and data retention policies are updated to reflect the wide-scale awareness and excitement around conversational AI capabilities. This goes beyond just ChatGPT to a whole new category of tools that will emerge—stand-alone and integrated as capabilities in products already deployed in our enterprises.

These capabilities will increasingly be embedded in our everyday devices and workflows to increase company efficiency and effectiveness. But all good comes with new risks. With conversational AI, this includes data leakage, IP ownership conflicts and reproducibility requirements. Team members must be aware of this technology category, how and when to use it and the corporate policies around appropriate use. Some key questions your organization should be asking as you develop policies and roll them out through education programs:

  • What can you ask a conversational AI tool?
    • Conversational AI tools are beneficial for writing letters, documents, short statements or documentation. It has a highly flexible capability to write in different styles while ensuring consistency in tone.
    • DO be explicit about what types of documents can be produced using conversational AI tools. Document appropriate topics for engagement with these tools and identify what conversational AI tools are approved for use.
  • What can’t you ask a conversational AI tool?
    • You should never ask for anything that is customer specific, sensitive, covered by an NDA or can’t already be looked up online. Never ask these tools to write about unreleased company information.
    • DO be explicit about data that can and cannot be used by classification, category and customer. Align your policy to existing policies for data protection, so they become an extension of employee habits and not entirely new compliance domains to govern.
    • DO be explicit about tools that are not approved for corp use and why so employees understand the risk. This list may not be exhaustive of everything on the market, but it will show employees the diligence done to create and inform the policy.
  • How do you document the engagement with conversational AI as part of a business process?
    • Many business processes require a level of reproducibility or at least documentation on how content was created.
    • DO create a repository and process to document and log interactions with conversational AI.
    • DO educate staff on the processes for documenting interactions with conversational AI technology.
    • DO look for tools that auto-log and push employees to utilize them when possible.
    • DO develop policies for obtaining permission and notification of others, including customers, partners and vendors, if conversational AI tools were used to produce an asset or work product.
  • How do you educate teams on the appropriate use of conversational AI?
    • Conversational AI must be part of cyber security awareness, data governance and data retention training. Each should focus on its specific policies and usage constraints and regularly remind employees of awareness when using these tools.
    • DO train teams on appropriate use and where conversational AI can manifest as features in different systems and tools.
    • DO quarterly training to constantly update teams on new policies, remind them of the importance of compliance to protect company data and give them a chance to ask questions about a rapidly changing market.
  • How do you update policies & training as ChatGPT and other conversational AI technologies evolve?
    • This is a fast-moving industry with new vendors, capabilities and integrations being released weekly.
    • DO identify an owner in the organization to test new conversational AI tools and recommend policy changes and training updates.
    • DO refresh training content quarterly and continue to clarify the appropriate and proper use of these technologies to all staff.
    • DO have legal teams review data sharing agreements, IP ownership documentation and customer notification policies to determine what updates are needed to account for the use of conversational AI in your organization.

Conversational AI has been brought to the forefront with the release of ChatGPT. We are seeing multiple alternative approaches entering the market and integrations with common collaboration platforms, including Slack. Your employees will be curious about how to use this technology more effectively. We must embrace that passion and build guardrails to take advantage of this exciting trend while ensuring that intellectual property, confidential customer information and non-publicly released details are not exposed by unintentional behaviors. Start by defining your policies, then train people regularly while keeping an eye on the evolution of these technologies. A balance of policies, enablement, education and industry research will enable the successful adoption of conversational AI.

Comments (1)

Subscribe by email