Navigating the intersection of data privacy laws and the rise of AI

John Brushwood

John Brushwood

John Brushwood (john.brushwood@traliant.com) is Compliance Counsel at Traliant in Arlington, Virginia, USA. He specializes in data privacy and cybersecurity law.

By John Brushwood, JD, CIPP

Artificial intelligence (AI) has seen significant advancement and adoption over the past few decades. 2023 alone was a defining year for AI with the emergence of a sophisticated generative AI tool, ChatGPT, which has made AI more easily accessible to the public, speaking particularly to those with low or no coding experience.[1] As a large, language model-based chatbot that can compose written content or engage in human-like conversational dialogue, the intention of ChatGPT is to enhance productivity and efficiency. More broadly, AI is being implemented across most businesses today to streamline processes and understand data trends, with many leaders feeling that AI will substantially transform their industry and shape the future of work.[2]

AI presents opportunity and risk

While AI brings significant time and cost savings to businesses and employees, the degree to which these technologies have evolved brings significant risk and can be detrimental if not governed properly. Data privacy is one area where risk can be at its highest. For instance, AI tools used for automated decision-making may violate not only data privacy laws but also sector-specific laws—such as the Fair Credit Reporting Act, Equal Credit Opportunity Act in banking, and Title VII of the Civil Rights Act in the context of hiring and promotions. Additionally, many AI tools do not comply with current data privacy rules, such as those included under Europe’s General Data Protection Regulation.[3] Lastly, businesses also run the risk of employees improperly disclosing personal or business data into tools like ChatGPT.

As AI continues to catch the eyes of business leaders looking to enhance processes, it’s also top of mind for policymakers as well. At the federal level, the Biden administration implemented the AI Bill of Rights in 2022,[4] followed by an Executive Order in 2023,[5] both provide guidance on how to ensure AI is safe, secure, and trustworthy. There’s also been action at the state level: California proposed the requirement of data impact assessments for automated decision-making,[6] and Connecticut enacted a bill that regulates how AI is used for personal data privacy.[7]

While these laws directly regulate the intersection of data privacy and AI, the reality is that many organizations are unprepared to comply with them. Further, taking a reactive approach to AI regulation is no longer a feasible or safe option, putting compliance leaders in a position today where they must create a proactive AI governance strategy that avoids the risk of unlawful conduct and the penalties that follow. While it may seem like a daunting task with so many existing and proposed laws currently in flux, there are essential steps they can take today that can significantly reduce data privacy concerns.

This document is only available to members. Please log in or become a member.
Become a Member Login
 

What to read next...

Small things with big implications


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings