Critical 2024 AI policy blueprint: Unlocking potential and safeguarding against workplace risks

Many have described 2023 as the year of AI, and the term made several “word of the year” lists. While it has positively impacted productivity and efficiency in the workplace, AI has also presented a number of emerging risks for businesses.

For example, a recent Harris Poll survey commissioned by AuditBoard revealed that roughly half of employed Americans (51%) currently use AI-powered tools for work, undoubtedly driven by ChatGPT and other generative AI solutions. At the same time, however, nearly half (48%) said they enter company data into AI tools not supplied by their business to aid them in their work.

This rapid integration of generative AI tools at work presents ethical, legal, privacy, and practical challenges, creating a need for businesses to implement new and robust policies surrounding generative AI tools. As it stands, most have yet to do so — a recent Gartner survey revealed that more than half of organizations lack an internal policy on generative AI, and the Harris Poll found that just 37% of employed Americans have a formal policy regarding the use of non-company-supplied AI-powered tools.

While it may sound like a daunting task, developing a set of policies and standards now can save organizations from major headaches down the road.

AI use and governance: Risks and challenges

Generative AI’s rapid adoption has made keeping pace with AI risk management and governance difficult for businesses, and there is a distinct disconnect between adoption and formal policies. The previously mentioned Harris Poll found that 64% perceive AI tool usage as safe, indicating that many workers and organizations could be overlooking risks.

These risks and challenges can vary, but three of the most common include:

1. Overconfidence. The Dunning–Kruger effect is a bias that occurs when our own knowledge or abilities are overestimated. We’ve seen this manifest itself relative to AI usage; many overestimate the capabilities of AI without understanding its limitations. This could produce relatively harmless results, such as providing incomplete or inaccurate output, but it could also lead to much more serious situations, such as output that violates legal usage restrictions or creates intellectual property risk.
2. Security and privacy. AI needs access to large amounts of data for full effectiveness, but this sometimes includes personal data or other sensitive information. There are inherent risks that come along with using unvetted AI tools, so organizations must ensure they’re using tools that meet their data security standards.