Use of AI and Privacy Policies

Article

As U.S. businesses and organizations continue to utilize and integrate large language models, generative AI, and other artificial intelligence platforms in their operations, it is important to review and update its policies and procedures, especially when it comes to disclosures of how information is used and what kind of information is being processed by these AI models. Immediate impacts of the use of AI may require a business or organization, especially health care and government organizations, to closely review and update their privacy policies and terms of use.

While it is important to ensure that your AI platform is secure, this alone is not enough to protect your organization from violations of applicable law and potential consumer complaints. Your business should disclose to website users in its privacy policy or elsewhere, that AI may or will be used with certain activities or platforms. Where required by applicable state law, your business may need to request consent to use AI in processing personal information, e.g., applications for employment.

Additionally, when engaging an AI vendor, your business should audit or test the AI program to ensure that the algorithms used does not produce biased or discriminatory results. You should also require the vendor to provide an easy-to-understand explanation of the algorithm’s logic, and know the training data set that was used to train the AI system. Understanding this information is important because if your business receives a request pursuant to an individual’s data privacy rights, as set out in your privacy policy, your business will be in a position to meaningfully respond and take any appropriate actions. These are just some of the issues your business should address prior to implementing an artificial intelligence platform, particularly if it is a generative AI system. Depending on the State in which your business operates or processes personal information of individuals, the extent and magnitude of liability resulting from violations of data privacy laws may vary and could be significant.

Lower to middle market businesses and organizations may not have the resources to address the implications of utilizing AI in their operations. They should seek the advice of legal counsel who understand the issues and are able to address them within the scope and means of those businesses and organizations. You can contact us below for more information on how the use of AI models and platforms may impact your business or organization, and how to implement or update your policies to address those implications and potential liability.

Burr
Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.


Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.