RT AI TOOLKIT

Section 4/5: Product Development Issues

This section is not intended to address the organisation’s engagement with any stakeholders but is aimed at assessing the organisation’s management of legal risks that may arise during the training and development of its AI Systems. 

Is your organisation aware of the legal risks associated with the type of data used to develop your organisation’s AI Systems?

 
 
 
 
 

Does your organisation inform data subjects before using their personal data in developing your organisation’s AI Systems?

 
 
 
 
 

Does your organisation obtain explicit consent from data subjects before using their personal data in developing your organisation’s AI Systems?

 
 
 
 
 

Does your organisation have a written policy that explains to data subjects how their personal data is used in developing your organisation’s AI Systems?

 
 
 
 
 

Is your organisation aware of the legal risks associated with issues such as data scraping, intellectual property (IP) infringement, and potential misuse, and has your organisation implemented the necessary controls?

 
 
 
 
 

Is your organisation aware of the common cybersecurity risks associated with AI Systems and has your organisation taken the necessary measures to address these common cybersecurity risks?

 
 
 
 
 

Does your organisation have adequate data management governance in place to ensure data is useful for the purpose that the AI is designed to support?

 
 
 
 
 

Has your organisation secured the appropriate registrations prior to employing AI generated systems, as may be applicable (e.g., automated processing, automated decision-making, and profiling)? Such registration includes registration with the National Privacy Commission, if your organisation is located in the Philippines.

 
 
 
 
 

Is your organisation aware of the legal risks associated with AI Systems, as may be applicable (e.g., automated processing, automated decision-making, profiling), that are not compliant with data privacy principles?

 
 
 
 
 

Does your organisation have policies and procedures on the exercise of data subject rights in connection with the processing of their personal data using AI Systems? 

 
 
 
 
 

Does your organisation have the appropriate mechanisms (e.g., conduct of privacy impact assessments, integration of privacy-by-design and privacy-by-default, implementation of common industry security standards, continuous monitoring of AI Systems’ operation, creation of a dedicated AI ethics board; regular retraining and scrubbing of AI Systems; and mechanisms for human intervention) to ensure the responsible and ethical processing of personal data in the deployment of AI Systems?

 
 
 
 
 

Does your organisation implement mechanisms to identify, monitor, and limit biases (e.g., systemic, human, and statistical) in the AI Systems?

 
 
 
 
 

Does your organisation implement mechanisms to ensure that the personal data utilized in the AI Systems are correct and up to date?

 
 
 
 
 

Does your organisation have mechanisms to exclude, by default, any personal data that is unlikely to improve the development or deployment of AI Systems, including its training and testing? 

 
 
 
 
 

Question 1 of 14