Employers warned that generative AI covered by New Zealand's Privacy Act
The Office of the Privacy Commissioner has issued a warning to businesses on the potential consequences of using generative AI following their rapid rise across the world.
In a new guidance resource, the privacy commissioner warned about the following prominent generative AI tools including:
- OpenAI's ChatGPT
- Microsoft's Bing search or Copilot products, which leverages GPT-4
- Google's Bard
"I would expect all agencies using systems that can take the personal information of New Zealanders to create new content to be thinking about the consequences of using generative AI before they start," said Privacy Commissioner Michael Webster in a statement published on Scoop.
According to the commissioner, generative AI's use of personal information is regulated under the Privacy Act.
"Generative AI is covered by the Privacy Act 2020 and my Office will be working to ensure that is being complied with; we will investigate where appropriate," Webster said.
The use of generative AI imposes the following potential privacy risks, it said:
- The training data used by the generative AI
- Confidentiality of information your agency will enter a generative AI
- Accuracy of information created by the generative AI
- Access and correction to personal information
Preventive measures for privacy
It is the responsibility of agencies to comply with the requirements of the Privacy Act, according to the office. To do so, they are expected to carry out the following measures before using generative AI tools:
- Have senior leadership approval
- Review whether a generative AI tool is necessary and proportionate
- Conduct a Privacy Impact Assessment
- Be transparent
- Develop procedures about accuracy and access by individuals
- Ensure human review prior to acting
- Ensure that personal or confidential information is not retained or disclosed by the generative AI tool
"I would expect agencies to do their due diligence and privacy analysis to assess how they comply with the law before stepping into using generative AI," Webster said.
The guidance came as more employers around the world issue guidance on generative AI tools, such as ChatGPT, amid security concerns on confidential data.
Early this year, Samsung suffered from information leakage after some employees encoded confidential sources in ChatGPT, prompting the company to temporarily ban its use for staff.
Apple was also recently reported to have banned ChatGPT, as well as Amazon, Verizon, Citigroup, Goldman Sachs, Wells Fargo, and Accenture.