By Matt Heldt
Generative Artificial Intelligence (AI) has now become a part of daily life. While its benefits, such as efficiency and resourcefulness, are hard to deny, so are situations where AI does not work as advertised. Workplaces are no exception to this tension. The legal considerations around using AI in the workplace evolve nearly as quickly as the technology itself. Some fundamental questions, however, remain consistent and important to consider throughout this progress.
Are employees using AI?
With its promise for increased efficiency, AI has entered the workplace. But employers have embraced the use of AI at varying levels. Some encourage AI and invest in secure, approved products for employees. Others resist or ignore.
Regardless of an employer’s perspective, employees may still decide (without asking) to use AI for their work. For that reason, employers must determine: (a) whether their employees are or should be using AI for work; (b) which AI tools they are using; and (c) how and for what purpose. Without understanding these details, an employer is ill-equipped to draft (and enforce) policies to govern AI use, safeguard assets, and prevent legal risks.
Is AI creating legal risks?
While AI use may not automatically create legal risk, it can lead to unforeseen consequences. For example, AI outcomes may be affected by user error, misinterpretation of user inputs, or misinformation in its knowledge base. Below are some areas of potential legal exposure when employees use AI:
Confidential Information. One of the highest risks of AI use is its impact on confidential business information. While some AI products are secure and confidential, many are not. If an employee inputs trade secrets or other confidential business, client, or personnel information into AI databases, that employee may be exposing it to third parties and breaching the confidentiality of that information.
AI Note Takers. “AI Note Takers” are AI tools that record meetings and send a transcript or summary to a list of recipients, which is not necessarily the meeting participants. This nearly ubiquitous functionality can risk the privacy, privilege, and confidentiality of sensitive information. While there is a clear benefit to AI Note Takers, they may incorrectly transcribe or interpret conversations or send the transcript or summary to unintended recipients. These concerns are particularly serious with HR functions that must protect against inadvertent disclosure of employee health information, workplace investigations, and other confidential personnel information. Employers should also assume that an AI Note Taker’s summary, including any errors, is discoverable in a subsequent lawsuit. Moreover, absent appropriate permissions, using AI Note Takers to record live or virtual meetings may violate Oregon’s or other states’ recording statutes and expose users to criminal liability.
Employment Decisions. AI use for workforce management has increased. While AI’s ability to review a stack of resumes and summarize candidates in minutes may be appealing, these tools present risk of bias and privacy violations. States are responding by enacting laws that regulate AI use in employment decisions. California, Colorado, Illinois, and New Jersey already regulate the use of AI in hiring, requiring employers to ensure any AI models are free from bias. More states are likely to follow. These risks are already playing out in courts. Recently, a nationwide class action against Workday, Inc. over its AI screening tool was allowed to proceed. Currently, Oregon does not regulate employers’ AI use, but the legal landscape is changing rapidly.
What should employers do now?
Responsible AI use in the workplace starts with drafting clear policies that outline the permissible AI tools and uses, detail when and which employees may use such tools and uses, provide other appropriate restrictions, and outline penalties for noncompliance. Employers should regularly train employees, enforce their policies consistently, and audit their current AI systems for security and compliance with laws and best practices. Finally, employers should work with legal counsel to develop their policies and audits, before taking employment action related to AI use, and remain aware of new legal requirements related to AI as states continue to develop such laws.
Contact an attorney in Tonkon Torp’s Labor & Employment Group to discuss how these issues may impact your organization and for guidance on developing compliant AI workplace policies.
Matt Heldt is an attorney in Tonkon Torp’s Labor & Employment and Information Privacy & Security groups where he works on litigation matters and offers employers strategic and practical advice on labor relations, compliance, and employment issues.
Filed under AI (Artificial Intelligence), Information Privacy & Security, Labor & Employment, News & Publications