Purpose:

To ensure that employees use AI applications responsibly while safeguarding confidential information and personally identifiable information (PII).

Absolutely nothing that, bundled with other information found elsewhere on the internet, has the remotest possibility of identifying a person or company should ever be entered into an AI app. 

Chat GPT is approved for general use, provided the rules below are followed. Please contact Roberta to request approval for other AI apps. 

1. Confidentiality and Data Privacy

• Do not share confidential information: Employees must not input confidential company data, trade secrets, or any information related to clients, partners, or vendors that could harm the company if disclosed. 
• PII Removal: All PII (such as names (even first names should be changed) , addresses, phone numbers, email addresses, Social Security numbers, and financial details) must be removed from any data before it is entered into AI tools.
  
• Internal Company Info: Any information stored in AutoTask or other cloud services we use, including configuration item names that use the customer's company name fully or partially, company locations, ticket numbers, etc. must be changed before being entered into AT tools. 
• Sensitive Data: Information such as passwords, security credentials, or personal financial information must not be entered into AI applications under any circumstances.
  
• Sensitive Links. Do not input links to SecureNotes data, SharePoint shares, or company or customer web site URLs. 
  
• Do not upload files that may contain any of the above. 
  

2. Approved Use Cases

• AI can be used for general tasks such as:
  
  • Drafting non-confidential emails, reports, or summaries.
  • Providing general information, analysis, or brainstorming ideas.
  • Automating routine tasks (e.g., data processing without sensitive content).
• All use cases involving AI must comply with this policy and relevant legal and regulatory requirements.

3. Employee Responsibilities

• Understand the tool: Employees should familiarize themselves with the capabilities and limitations of AI applications before using them for work purposes.
• Anonymize Data: Employees must ensure that any data entered into AI tools is free of any identifying markers, or unrelated to specific individuals or clients.
• Regular Review: Employees must periodically review the data they enter into AI systems to ensure compliance with this policy.

4. Data Handling Procedures

• Secure Inputs: Always review information before inputting it into AI applications to ensure it does not contain sensitive or confidential details.
• Data Retention: Employees must not store confidential data or PII within AI platforms that do not provide adequate security or encryption.
• Compliance with Regulations: Ensure all AI use complies with data protection laws such as GDPR, HIPAA, and other industry-specific regulations.

5. Training and Support

• Training: Employees will receive training via our Cyber Security Training platform on best practices for using AI tools. 
• Support: Management will provide guidance on secure AI usage, and employees must consult Roberta before using any new AI applications not previously approved.

6. Consequences of Non-Compliance

• Violations of this policy may lead to disciplinary actions, including but not limited to warnings or termination of employment, depending on the severity of the breach.

7. Policy Updates

• This policy will be reviewed and updated as AI technologies evolve, or as required by legal and regulatory changes.

Approval & Effective Date
This policy is effective from 10/2/2024 and must be adhered to by all employees using AI tools.