RT AI TOOLKIT

Section 1/5: Employee Risk Issue

Your organisation may be engaging employees in the development and deployment of AI Systems when your organisation encourages employees to use AI Systems to increase productivity at work or uses AI Systems to manage employment relationships. 

Does your organisation have policies and procedures to authorise the use of AI Systems?

 
 
 
 
 

Does your organisation have technologies in place to manage the risks arising from employees using (unauthorised) AI Systems?

 
 
 
 
 

Does your organisation have policies and procedures to ensure employees utilise AI Systems responsibly to mitigate risk of intellectual property (IP) infringement?

 
 
 
 
 

Does your company have policies and procedures to ensure employees utilise AI Systems responsibly to safeguard the company’s assets?

 
 
 
 
 

Does your organisation inform employees before using their personal data in your organisation’s AI Systems?

 
 
 
 
 

Does your organisation obtain explicit consent from employees before using their personal data in your organisation’s AI Systems?

 
 
 
 
 

Does your organisation have a written policy that explains to employees the use of AI Systems in making decisions that impact the employment relationship?

 
 
 
 
 

Does your organisation have a written acceptable use policy that explains to employees the acceptable use of AI Systems, such as the need to verify AI hallucinations and prohibit attacks such as prompt injections and tampering with training data?

 
 
 
 
 

Does your organisation have published procedures that employees may invoke to raise concerns about the quality or accuracy of authorised AI Systems?

 
 
 
 
 

Does your organisation have policies and procedures to determine and clarify ownership of works or inventions made using AI Systems in the course of employment?

 
 
 
 
 

Does your organisation inform its employees (a) about the existence of automated decision-making or profiling systems, including AI Systems as may be applicable, and (b) specific details of the automated processing of personal data before its entry into the processing System of the employer? 

 
 
 
 
 

Does your organisation inform its employees on the nature, purpose, and extent of data being processed by automated systems?

 
 
 
 
 

Does your organisation have policies and procedures on the exercise of data subject rights in connection with the processing of their personal data using AI Systems?

 
 
 
 
 

Has your organisation informed its employees that they may exercise their data subject rights at any stage, including before, during, and after the development or deployment of AI Systems, such as in the training and testing phases? 

 
 
 
 
 

Has your organisation explained to the employees the risks associated with data processing, the expected output of the AI Systems, the impact of these systems on data subjects, and the applicable dispute mechanisms available in questioning the data processing of AI Systems?

 
 
 
 
 

Does your organisation have safeguards against the harms of extensive profiling such as discriminatory outcomes and infringement on the right to fair treatment?

 
 
 
 
 

Does your organisation inform the employees of the scope and consequences of the exercise of their rights under data privacy laws with respect to the deployment of AI Systems? 

 
 
 
 
 

Does your organisation implement mechanisms to allow the employees to question and contest automated decisions when the effect of such decisions poses significant risks to their rights and freedoms?

 
 
 
 
 

Does your organisation have the appropriate mechanisms (e.g., conduct of privacy impact assessments, integration of privacy-by-design and privacy-by-default, implementation of common industry security standards, continuous monitoring of AI Systems’ operation, creation of a dedicated AI ethics board; regular retraining and scrubbing of AI Systems; and mechanisms for human intervention) to ensure the responsible and ethical processing of personal data in the deployment of AI Systems?

 
 
 
 
 

Question 1 of 19