Read More
Employers should establish a clear scope of permissible use for generative artificial intelligence to reduce the risk of data leakage, as emphasized by Ada Chung Lai-ling, the Privacy Commissioner for Personal Data.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
The Commissioner’s Office published a Checklist on Guidelines for the Use of Generative AI by Employees on March 31, assisting organizations in establishing internal policies for using Gen AI.
Speaking on a radio program on Sunday, Chung stated that as Gen AI becomes more prevalent, many employees are using it without their employers’ knowledge.
She hopes the guidelines will help businesses create internal policies that enable employees to use AI more safely, thereby maximizing its potential.
Chung noted that the guidelines consist of three pages, systematically outlining five key elements: the scope of use, protection of personal data privacy, lawful and ethical use and prevention of bias, data security, and consequences of violations.
A few days after the guidelines were released, some sector representatives expressed a desire for the Commissioner’s Office to create sample internal policies, which Chung noted they would consider.
Additionally, the privacy watchdog has established an AI safety hotline for businesses to inquire about issues and offers customized training courses.
In June this year, it will hold an AI safety seminar in collaboration with the Hong Kong Productivity Council.
Regarding AI risks, Chung highlighted that the primary concern is the risk to personal data privacy, particularly the misuse of data, such as employees secretly using collected customer data to train AI.
Another issue is that employees may input sensitive information that is not permitted by the company. Lastly, there is the problem of data leakage, as training AI typically requires large amounts of data, and any incidents could have serious consequences.
She stated that the office conducts annual reviews of various organizations, including government departments and related institutions, and has found no violations so far.
When data leakage incidents occur, they will investigate, publish a report, and issue enforcement notices to the relevant organizations, she noted.
Chung said the office has the authority to intervene if Gen AI tools cause data breaches.
(Cheng Wong)
SINGTAO
