Corporate AI Policies Evolve to Navigate the Challenges of Generative AI

The rapid advancement of generative AI technology has compelled corporate legal teams to swiftly adapt and establish policies that address the legal and ethical implications of its use. When ChatGPT, a popular generative AI tool, was introduced, in-house lawyers were faced with the task of safeguarding confidential business and customer data while preventing the tool’s potential to produce inaccurate information.

To effectively govern the use of generative AI, companies are recognizing the need for a dedicated individual or team responsible for AI governance and compliance. This role often falls to the chief privacy officer, who, in collaboration with experts from various fields such as IP, data privacy, cybersecurity, and research and development, evaluates requests to use generative AI on a case-by-case basis. The primary goal is to weigh the risks against the benefits for the business, while establishing long-term frameworks and principles.

Salesforce, an enterprise software giant, has been proactively addressing ethical concerns associated with AI for years. However, generative AI has presented new challenges, prompting the company to release an AI acceptable use policy. As the technology continues to evolve, responsible usage discussions will persist alongside emerging regulations.

Crafting appropriate policies for the use of generative AI requires companies to consider various legal pitfalls, including security breaches, data privacy concerns, potential employment issues, and copyright law implications. While waiting for targeted AI regulations, organizations are consulting existing frameworks and privacy laws to shape their AI governance programs. Regulators’ inquiries are also influencing companies’ policy development processes.

The utmost concern of corporate counsels is preventing security breaches and data privacy violations. Unauthorized access to sensitive information and the inadvertent incorporation of confidential data into training sets pose significant risks. Inaccuracy is another apprehension, as generative AI models may produce incorrect answers or hallucinate fictional information. To mitigate these risks, companies must establish internal governance procedures and safeguards, ensuring factual accuracy, unbiased content, and copyright compliance.


Q: Who should be responsible for AI governance and compliance within a company?
A: The role of overseeing AI governance and compliance often falls to the chief privacy officer, who collaborates with experts from various fields to evaluate requests for AI usage.

Q: How can companies address the legal pitfalls of generative AI?
A: Companies can craft policies that address security breaches, data privacy concerns, employment issues, and potential copyright violations by consulting existing privacy laws and frameworks and following regulators’ inquiries.

Q: What are the primary concerns regarding the use of generative AI?
A: The main concerns are security breaches, data privacy violations, the potential for inaccurate information, and the risk of incorporating confidential data into training sets.

Q: How can companies mitigate the risks associated with generative AI?
A: Companies can establish internal governance and safeguards, including human review processes to ensure factual accuracy, unbiased content, and copyright compliance.