The IT charter: a tool to protect the company from the risks associated with the use of ChatGPT by its employees
What is ChatGPT?
ChatGPT is a type of conversational agent, a chatbot, using generative artificial intelligence, developed by OpenAI.
ChatGPT uses deep learning models to generate contextualized responses based on previously supplied training data.
Users contribute daily to training the robot through their requests, prompts, and evaluations of responses.
ChatGPT is free to use (for the basic version), simply by creating an account on the OpenAI website.
What can ChatGPT do?
ChatGPT can :
– generate reports and articles,
– produce summaries,
– help recruit candidates by analyzing large quantities of data,
– create product descriptions,
– create visual content,
– analyze data sets and create new combinations or associations of R&D ideas,
– propose new architectures and designs,
– contribute to simulations,
– contribute to the generation of computer code.
The range of uses is endless, and can be applied to all areas of the company.
What are the risks of using ChatGPT?
Lack of confidentiality
When users interact with ChatGPT, they may unwittingly divulge sensitive information – financial, commercial, personal or corporate know-how. Language models can capture and use this information.
Disclosing inaccurate information
ChatGPT generates responses based on statistical models and training examples. These responses are not always reliable, and the information provided may be erroneous or incomplete.
Employees may therefore spread inaccurate information inside or outside the company, to the detriment of the company.
Cognitive bias
The conversational tool’s responses are based on training models, which themselves use existing data. The data originally used may have been selected in a biased way. The responses or recommendations may in turn be biased, to the detriment of the company.
Copyright infringement
Since AI models such as ChatGPT learn from large quantities of data, including copyrighted documents, it is possible that the content generated may unintentionally correspond to existing works and infringe copyright.
What provisions should I include in my IT charter concerning the use of ChatGPT?
Provisions on the rights granted by Open AI’s general terms and conditions of use.
Employees must be made aware of the rights conferred by Open AI’s general terms and conditions of use, by means of their IT charter. These rights may differ according to whether the version is free or paying.
Confidentiality provisions
All employees must be aware of the confidentiality of the data they use and transmit. They must take care not to divulge confidential information outside the company.
For these measures to be effective, the company needs to draw up an inventory of its information assets, and qualify the degree of sensitivity of each type of information in each of its departments.
Employees can then refer to this qualification.
Provisions concerning the General Data Protection Regulation (“GDPR”). Each employee must not transmit personal data outside the company when using ChatGPT and must comply with the GDPR. The IT charter must include provisions concerning the GDPR and in particular the definition of personal data so that each employee is duly informed.
Provisions for responsible use
Answers generated by the tool must be verified and validated by users. The IT charter must stipulate that information is checked by employees using several independent sources before being communicated inside or outside the company. If such checks cannot be carried out, then employees must specify this when transmitting the information. A gradation in the reliability of information can also be introduced.
If one or more employees are planning to integrate ChatGPT responses or other forms of bot-generated content into a commercial product or service, they must ensure that the rights of potential copyright holders are respected. In this way, they minimize the risk of facing legal consequences linked to copyright infringement.
The use of tools such as ChatGPT represents a significant step forward for employees in their day-to-day work. However, the use of this type of conversational agent must be approached with caution, due to the proven risks to information security and its use. By complying with an IT charter, employees can acquire best practices and benefit from the advantages of these tools, while minimizing the various risks to which the company is exposed.