generated from jhudsl/OTTR_Template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path04c-AI_Policy-how_to_navigate.Rmd
116 lines (68 loc) · 10.3 KB
/
04c-AI_Policy-how_to_navigate.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
```{r, include = FALSE}
ottrpal::set_knitr_image_path()
```
# Why do I need an AI policy?
Big technological shifts always trigger a period of explosive growth where the technology and what's possible changes incredibly quickly. We're in that stage right now with AI systems. Everyone is curious, scared, and interested in AI. Chat GPT accumulated 100 million users in 2 months, which is faster than many other major apps.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1LWHYGtstIn8gTzGBJpffycHbh2DDrogmYregm_MGZD8/edit#slide=id.g2a847b11aec_3_2")
```
The future workforce is already regularly using AI and bans will not be practical nor effective. Over 40% of university students use ChatGPT for coursework. Thirty-nine percent of prospective students say they wouldn’t consider going to a college that banned Chat GPT and other LLMs.
<div class = disclaimer>
`r config::get("disclaimer")`
</div>
Each month regularly brings new opportunities and surprises, many of which we can’t anticipate and require organizations to adapt quickly. Everyone is using AI, but no one really knows how to use it properly. The rapid changes are making new capabilities feasible while also bringing to light new and unique concerns. However, adopting this new technology at the right time and in a way that minimizes mistakes and bad outcomes can make great things happen for your organization. It’s a bit like catching the tail of a rocket ship just being launched, but catching it in a way that doesn’t burn you to a crisp.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1LWHYGtstIn8gTzGBJpffycHbh2DDrogmYregm_MGZD8/edit#slide=id.g2642a7f2d76_1_30")
```
New technology adoption is scary, and while caution is advisable, all-out bans are not practical. Thirty or so years ago, we had a similar technological shift with the advent of the Internet. At the time, using the Internet for common, everyday tasks was a big deal, and there was fear about how it would change how we work. Now, we have accepted the Internet as a way of life and it’s a normal experience to look things up on Google or shop on the internet. In 30 years, AI systems will be the same.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1LWHYGtstIn8gTzGBJpffycHbh2DDrogmYregm_MGZD8/edit#slide=id.gcf1264c749_0_135")
```
Employees will use AI and this will make them more effective. Thoughtful AI policies can balance your employees' use with safety and security measures.
<!-- # VIDEO Why do I need an AI policy? -->
# Elements of an AI policy
A good AI policy should be a living document that evolves as your company adapts to AI use.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1C7TykleNSbPkaiJBJeCbxYte5sWWZ8J3uixt9RMyiWg/edit#slide=id.g2a0db34665a_0_6")
```
As AI tools advance, so should the policy surrounding them. It should provide clear guidance and frameworks for developing, deploying, and using AI systems in a responsible and ethical manner. Having a policy in place that is well communicated can provide an extra level of security for your organization and employees.
<div class = disclaimer>
`r config::get("disclaimer")`
</div>
When writing an AI policy, you might consider whether asynchronous collaboration versus synchronous collaboration is right for you. With an asynchronous approach, people write their individual sections of a document by a deadline, after which the full policy is polished and edited. With a synchronous approach, an organization might convene a set of meetings with experts over a length or time to work on the document together. There are benefits and drawbacks to both approaches, and you will know which best fits your organization's needs.
In general, a policy might have sections devoted to the following topics:
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1C7TykleNSbPkaiJBJeCbxYte5sWWZ8J3uixt9RMyiWg/edit#slide=id.gcf1264c749_0_135")
```
1. _Purpose and Scope_. In this section, you might define what your organization's goals and plans for AI use, as well as what types of AI systems the policy will cover. This section might also contain definitions of specific terms, like what your organization considers AI or generative AI. A purpose and scope section can ensure everyone is aligned and avoid ambiguity.
1. _Values and Principles_. This section states how your organization's core values and principles will guide your use and development of AI tools. Some possible principles might be fairness, transparency, accountability, safety, or privacy.
1. _Governance and Oversight_. You may want to establish a clear governance strategy for overseeing AI initiatives. This includes the roles of those involved in decision-making, as well as their responsibilities.
1. _Data Management and Privacy_. This section outlines data governance practices that ensure data quality, security, and responsible use in AI systems. You should make sure your guidelines are compliant with relevant data privacy regulations like GDPR, CCPA, and other industry-specific regulations.
1. _Fairness and Non-discrimination_. In this section, you can lay out how you might monitor and audit AI systems for possible bias. This section can also include guidelines for developing or deploying AI in ways to avoid perpetuating or exacerbating bias or discrimination based on protected characteristics.
1. _Risk Management, Safety, and Oversight_. A section like this might lay out robust testing procedures to monitor, identify, and mitigate potential risks associated with AI systems, including security vulnerabilities, safety hazards, and unintended consequences. It can also identify ways to ensure oversight and accountability for AI systems, ensuring humans remain ultimately responsible for AI-driven decisions.
1. _Education and Training_. This section describes how your organization will provide training and education programs on AI systems on responsible AI development, deployment, and use. You can also detail how these training modules will be created and what topics are necessary for different groups of employees.
1. _Feedback and Review_. In this section, you can establish a mechanism for regularly reviewing and updating the AI policy as technology and best practices evolve. You may also want to implement procedures for employees to give feedback about AI issues or concerns within your organization.
<!-- # VIDEO Elements of an AI policy -->
# Building an AI advisory team
**AI Policy is a teamwork endeavor**. Experts from many different fields need to come together to bring the latest updates. As someone in charge of making sure your organization is using AI wisely and properly, staying up-to-date on the laws, regulations, and computational resources is vital. It's also something that is really difficult to do alone. Building a team of individuals that can help you confidently navigate the evolving landscape should be one of your top priorities as a leader.
<div class = disclaimer>
`r config::get("disclaimer")`
</div>
There are multiple possible roles that you could fill, depending on your organization's AI needs and uses. Having representation from technical, policy and social science backgrounds helps ensure a multidisciplinary, holistic approach to building and overseeing responsible AI.
**This list is a starting point for you when deciding what sort of roles you need for your own team and is not written in any particular order.** This is not an exhaustive list of all possible experts that you can gather. You should consult with your legal council, board members, and other oversight staff in order to properly address your own specialized needs.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1H3ppNjSW6OU25Z44MZWMtl1R_MH8BT-roJxiiH5Rlyk/edit#slide=id.g2a83edd52b2_0_160")
```
1. _Legal counsel_ that understands AI and the nuances of the rapidly changing laws can advise on regulations relevant to your organization.
1. _Policy and governance analysts_ can research and draft internal policies on transparency, auditability, harm mitigation, and appropriate AI uses. They can also advise and assist with compliance.
1. _Data protection officers_ who can aid with implementing privacy-by-design principles and handling personally identifiable information legally and securely are especially important for organizations that deal with personal data.
1. _Ethicists_ are experts who can provide guidance on ethical issues and review systems for potential biases, risks, and policy compliance.
1. _Trainers and educators_ can create and run programs aimed at keeping all employees aware of responsibilities in developing and using AI respectfully and in compliance with AI policies and regulations.
1. _Oversight committee members_ are experts who review research studies (both before a study begins and while it is ongoing). Their job is to make sure researchers are protecting the welfare, rights, and privacy of research subjects. Oversight committees like institutional review boards are especially important for organizations involved in any human research that uses AI.
1. _Technical experts_ understand how to design, build, and deploy AI models. They can also offer advice on the algorithms, data, and computational infrastructure your organization might need. They might be AI or machine learning experts, data scientists, DevOps engineers, cloud architects, or systems engineers.
1. _Information security architects_ are vital for identifying and mitigating the security risks associated with AI systems. They can provide advice on data privacy measures, security weak points, and incident response plans.
The specific roles and their required skillsets will vary depending on the size, industry, and AI maturity of the company. Having a balanced team with both technical and strategic expertise is key to successfully implementing AI policies in your organization. Remember, effective communication and collaboration between these roles is crucial for a successful AI implementation.
```{r, out.width = "100%", echo = FALSE}
ottrpal::include_slide("https://docs.google.com/presentation/d/1H3ppNjSW6OU25Z44MZWMtl1R_MH8BT-roJxiiH5Rlyk/edit#slide=id.g2a83edd52b2_0_214")
```
<!-- # VIDEO Building an AI advisory team -->