CEO Andrew Crawford warns, “Every business without a policy is unintentionally handing secure data protected by law to Artificial Intelligence (AI) engines.”
EASTVALE, Calif., May 22, 2023 /PRNewswire/ — CEO Andrew Crawford of Compliance Specialists, a thought leader in data security compliance services for the smallest U.S. businesses, announced today his company is immediately distributing the Artificial Intelligence (AI) Acceptable Use Policy his firm uses to protect businesses from unknowingly disclosing valuable private and confidential data. Companies can download the policy for free at https://compliancespecialistsusa.com/artificial-intelligence-acceptable-use-policy/.
Crawford sees how businesses rushing to embrace AI have already opened doors compromising secure Protected Information that by law must not be shared.
Crawford, who serves on the Legislative Committee of the National Society of Information Technology Service Providers (NSITSP), said, “It is critically important right now for every business to be protected to grow and to prevent business killing events from the unintentional unsecure use of AI (Artificial Intelligence).”
Real Risks and Dangers to a Business:
Illegal Transfer Puts Legally Protected Information at Risk:
It seems harmless when an individual chooses to experiment with AI software for a particular task. By accessing the software through a public interface like a web browser or database program, that individual unknowingly transfers Protected Information into the AI engine that now becomes public information. The AI engine absorbs your business’ Protected Information into its data library. Data Security and Privacy Laws prohibit the disclosure of Protected Information. Without providing training and oversight, the business broke the law, without understanding how AI works and without providing any policy guidelines controlling the use of AI.
Negligence Attracts Financially Dangerous Lawsuits:
There are expensive consequences for breaking Data Security and Privacy laws. “Potentially tens of thousands of dollars in fines for negligent data breach is no small matter,” he said. Once a breach is publicly disclosed, the business’ public negligence in jeopardizing Protected Information and failing to create a written Data Security Plan including policies and procedures attracts lawsuits on behalf of all plaintiffs whose information was jeopardized. Even one frivolous lawsuit can become a business-killing event.
U. S. Federal Trade Commission Concerns
The U. S. Federal Trade Commission is demonstrating its concern about AI being used in ways that create fraud, through factual misrepresentation for example. There are also concerns about AI algorithms which create discrimination. “These areas of concern add to the already significant risks and dangers from the unsecure use of Artificial Intelligence that occurs in a business which does not have a policy in place to control the acceptable use of AI,” Crawford said.
“Most businesses have yet to put in place any Artificial Intelligence (AI) Acceptable Use Policy. When a business does have the policy and follows it, a business can shut the door on compromising Protected Information and putting their business at risk,” he said.
Protections:
Here are some of the protections that occur when a business applies the policy:
- Disallows ad-hoc use of AI and requires documented pre-approval;
- Allows documented pre-approval of AI for business purposes only;
- Prohibits transferring Protected Information the business must legally protect when accessing AI software through public interfaces like web browsers or cloud resident databases;
- Requires verifying specific AI results for factual accuracy and for conformity to business legal and ethical obligations;
- Assigns oversight authority and responsibility for the business use of AI to an individual;
- Discloses certain uses of AI in the Privacy Policy and requires giving clients the ability to “opt-out”;
- Requires training for all employees on specific AI policy restrictions following relevant data security and privacy policies and procedures.
About Compliance Specialists:
Compliance Specialists exists specifically to protect and serve the smallest U.S. Businesses’ need for Compliance with data security and privacy laws. Specializing in True Small Business Data Security™ the company protects small businesses from everyday common data security attacks that damage and end up destroying or bankrupting small and family-owned businesses.
Contact:
Andrew Crawford
Compliance Specialists
951-732-7401 Media Extension 7
359346@email4pr.com
SOURCE Compliance Specialists
