TAMING THE AI WILD WEST: 6 STEPS TO PROTECT YOUR BUSINESS

Whether business owners want it or not, AI is quickly becoming integrated into software tools, online platforms, and automated solutions in the marketplace. AI systems influence customer behavior, purchasing decisions, political opinions, and social values. Many business owners feel that without AI, their business may fall behind the competition. As a result, they often adopt AI first and worry about governance later. Unfortunately, this approach can easily lead to uncomfortable conversations with regulators, litigators, or insurance carriers.

Those business owners who may not yet be implementing AI tools in their operations usually have no idea how extensively their employees are already using them and what serious legal and operational concerns such use can create. According to Business Wire, 80% of AI tools used in business are not managed by IT or security teams. But the use that starts as a handy way for employees to draft emails or summarize documents may create serious legal and operational concerns for the business. To address and proactively prevent liability, here are the 6 key items every business owner should address:

1. Stop “Shadow AI” by Setting Approved Tools. Employees often bypass IT and security oversight by using tools like ChatGPT or Claude to troubleshoot code, summarize documents, and polish contracts, deliverables, or communications. This unauthorized use, creating hidden security risks, is known as “Shadow AI”.  Shadow AI can lead to violations of privacy laws, financial services regulations, and contractual obligations that go undetected until after an incident occurs. The only way to eliminate it is to create a simple policy that clearly defines for your employees what AI is and what AI tools or platforms are approved for use in the workplace.

2. Protect Confidentiality and Data Security. A conversational interaction with AI may encourage your employees to paste sensitive data into the query box, without considering where it goes or how it is stored. Enticed by the ease and speed with which AI provides results, they may accidentally expose your trade secrets, internal financial data, sensitive communications, or personally identifiable information of your customers. Your staff must understand that the only tools they can use are licensed enterprise tools for your business with strict privacy controls. They must never enter confidential information into an open AI platform unless expressly authorized. Uncontrolled use of AI tools may not only impact your business’s security. It may also result in violations of federal and state laws and contractual obligations.

3. Clarify Copyright and Intellectual Property Ownership. Many businesses in the creative space are increasingly using AI to write website copy, design branding, and create software code. However, many owners and employees are not aware that pure AI-generated content does not qualify for copyright protection. The U.S. Copyright Act requires human authorship for the creation of a copyrighted work. Additionally, AI models are trained on existing materials, so an AI-generated image or article could inadvertently infringe on someone else’s copyright. Thus, a business owner could spend thousands of dollars generating content that the business (or client) doesn’t legally own, or that violates third parties’ intellectual property rights. Solution? Require detailed human review and contribution for all AI-assisted work.

4. AI Hallucinations and Accuracy. AI platforms frequently “hallucinate”, presenting fabricated facts or fake citations as truth. A good AI policy must require employees to remain fully responsible for the accuracy of any AI-assisted work and independently verify all AI-generated facts.

5. Monitor for Bias in Employment Decisions. If an HR department uses AI tools to assist with hiring, firing, disciplinary actions, or promotions, the company policies must clearly outline such use. The tools must be actively monitored to ensure there is no built-in bias. Lack of attention may result in violations of Title VII or the Americans with Disabilities Act. Several local jurisdictions, such as New York City, California, Colorado, Illinois, Texas, and Connecticut already adopted laws that address the use of AI tools in hiring.

6. Train Your Employees Properly. Drafting an AI policy alone is not enough. HR professionals and business leaders must shift their focus to training employees and managers to apply these rules appropriately in their day-to-day work. Employee training should clearly cover approved and prohibited use cases, describe the limitations of AI tools, and the consequences of misuse or non-compliance.

As you operate your business, treat AI governance as a company-wide risk management function. The legal landscape is shifting constantly, with states passing their own varied AI workplace laws. Since there is currently no federal law preempting this patchwork of state regulations, businesses and employers operating in several states are at high risk if they do not pay close attention. Make sure your AI policies include a provision stating that they are subject to frequent updates, and advise your employees to consult current rules every time they start a new AI project.