Select the directory option from the above "Directory" header!

Menu
Privacy Commissioner issues guidelines for organisations using generative AI

Privacy Commissioner issues guidelines for organisations using generative AI

Seven point guidance released as privacy watchdog warns about "premature" AI adoption.

Michael Webster (Privacy Commissioner)

Michael Webster (Privacy Commissioner)

Credit: Supplied

Privacy Commissioner Michael Webster has outlined his expectations around New Zealand organisations using generative artificial intelligence (AI).

Webster outlined seven points of advice to help organisations engage with the potential of AI in a way that respected people’s privacy rights.

"I would expect all agencies using systems that can take the personal information of New Zealanders to create new content to be thinking about the consequences of using generative AI before they start", he said.

AI’s use of New Zealanders’ personal information is regulated under the Privacy Act 2020.

The seven points are:

1. Have senior leadership approval

Businesses and organisations must involve their senior leaders and privacy officer in deciding whether or how to implement a generative AI system.

2. Review whether a generative AI tool is necessary and proportionate

Given the potential privacy implications, review whether it is necessary and proportionate to use a generative AI tool or whether an alternative approach could be taken.

3. Conduct a Privacy Impact Assessment

Assess the privacy impacts before implementing any system. This should include seeking feedback from impacted communities and groups including Māori. Ask the provider to clarify how information and evidence about how privacy protections have been designed into the system.

4. Be transparent

Be clear and upfront when you tell your customers and clients that you’re using generative AI and how you are managing the associated privacy risks. 

Generative AI is a new technology, and many people will be uncomfortable with its use or don’t understand the risks for them. Giving them information about the generative AI system you’re using in plain language will be essential to maintain consumer trust and your organisation’s social licence to use AI.

5. Develop procedures about accuracy and access by individuals

Develop procedures for how your agency will take reasonable steps to ensure that the information is accurate before use or disclosure and how you will respond to requests from individuals to access and correct their personal information.

6. Ensure human review prior to acting

Having a human review the outputs of a generative AI tool prior to your agency taking any action because of that output will mitigate the risk of acting based on inaccurate information. Any review of output data should also assess the risk of re-identification of the inputted information.

7 .Ensure that personal or confidential information is not retained or disclosed by the generative AI tool

Do not input into a generative AI tool personal or confidential information, unless it has been explicitly confirmed that inputted information is not retained or disclosed by the provider. An alternative could be stripping input data of any information that enables re-identification. The commissioner also strongly cautioned against using sensitive or confidential data for training purposes.

"I would expect agencies to do their due diligence and privacy analysis to assess how they comply with the law before stepping into using generative AI," Webster said.

"Generative AI is covered by the Privacy Act 2020 and my Office will be working to ensure that is being complied with; we will investigate where appropriate."

The commissioner has already sent a letter to government agencies outlining his caution around prematurely jumping into using generative AI without a proper assessment and signalling the need for a whole-of-government response to the growing challenges posed by the technology.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyprivacy commissionerAIartificial intelligencegenerative AI

Show Comments