Business Insider reported that a recent survey found almost 70% of employees using ChatGPT (and other generative AI tools) have hidden it from their employer. The survey found that some employees were secretly using these generative AI tools to gain a competitive advantage against other employees or to enjoy the time saving 'benefit' while their employers remained silent about whether these tools should be used. From a risk management perspective, this is an alarming statistic. This article recommends proactive strategies for businesses who have employees using ChatGPT without their knowledge to address potential consequences.

The key risks of unauthorised AI use in businesses

Your employee may use ChatGPT to summarise board papers, reformat meeting minutes, or create content without your knowledge. This may seem to them to be an efficient and harmless use of new technology. However, if these employees are doing it, then this may expose your business to numerous legal risks including:

  • exposure of confidential company information;
  • unauthorised disclosure of personal information;
  • privacy and data security concerns over the materials disclosed;
  • potential loss of your company's intellectual property;
  • liability for breach of other company's intellectual property or confidential information rights by using the generated work; or
  • plagiarism of intellectual property

Consequences of these risks to your business

  • the consequences of breaching contract terms depending on the information exposed, including loss of contracts and claims for damages or for profits or property in copied material;
  • actions by customers for breaching warranties in relation to whether the work produced are lawful or whether you own the intellectual property in them;
  • potential notifiable data breach, which can lead to penalties from the regulators;
  • loss of trade secrets or legal professional privilege;
  • facing law suits from the intellectual property owners;
  • reputation damage- regarded as not a safe business partner

Every business should proactively review whether it is exposed, as you will have more time to manage and mitigate these risks by taking prompt, preventative action.

Take action now: Review and Respond

This is an emerging area of risk management. One option is to issue a direction to all employees to voluntarily disclose whether they've used ChatGPT or other generative AI (like Google's Bard) in their role. If so, the employee can explain their usage. If appropriate in the circumstances, you may offer amnesty to employees who voluntarily disclose during this period. This will help you assess and manage the company's exposure and risk levels.

After the voluntary period concludes, and depending on the discoveries, you may consider launching an IT investigation to review whether there is any undisclosed usage. If you uncover undisclosed usage, your company may consider investigating the relevant employees and uses, which may lead to disciplinary action.

Carroll & O'Dea Lawyers can assist with your review and with analysing your business and employment risks.

Time to implement an emerging technology policy

All businesses should consider their approach to generative AI and other emerging technologies. It's important to be transparent with your employees about the company's expectations and policy regarding these emerging technologies.

It is not surprising that individuals may seek out more efficient ways to do their work, which could benefit the company's bottom line and employee engagement; however, the benefits should be weighed against the legal risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.