9-6 Information Technology Artificial Intelligence (AI) Policy (2024)

1. Introduction
This policy encompasses the use of all AI technologies, with a particular focus on Limited Memory AI technologies, such as Generative AI, given that Generative AI represents the predominant form of AI currently in use. Some examples of common tasks that Generative AI may assist users with, include creating or editing:

• Emails and letters
• Sales and advertising materials
• Spreadsheet calculations
• Document or information sorting
• Coding development or debugging
• Blog posts, reports, and other publications
• Outlines or summaries of information
• Policies and job descriptions
• Memoranda and similar documents

There can be risks in using this technology, including uncertainty about ownership of the AI-created content and security and privacy concerns with inputting proprietary or confidential information about an employee, client, operations, etc. when interacting with the AI technology. Additionally, the accuracy of the content created by these technologies cannot be relied upon, as the information may be outdated, protected, misleading or fabricated. This policy is provided in support of County Administrative Policy 9-2 Information Technology Use and Security Policy.

2. Roles and Responsibilities
Administrative Policy 9-2: Information Technology Use and Security Policy describes roles and responsibilities related to technology use and security, which are also relevant to this policy, but below are additional responsibilities related to artificial intelligence (AI).

A. User Responsibilities
Users are all workforce members (employees or any other individual performing work on behalf of, or with approval of Local Agencies) authorized to access Local Agency IT resources and are responsible for:

1. Reviewing this policy to ensure that they understand the risks of using AI tools and how to use them in a safe, secure, and compliant manner; and
2. Using artificial intelligence in accordance with this policy.

B. Local Agency Department Head/General Manager
Local Agency Department Head/General Manager and/or Designee are responsible for:

1. Enforcing this Policy manual within their Local Agency;

2. Ensuring all Users of Local Agency IT resources and data are made aware of this policy and that compliance is mandatory;

3. Ensuring all Users receive education regarding their responsibilities before using artificial intelligence;

4. Determining how Artificial Intelligence (AI) should be utilized by Users within their Local Agency and establishing supplemental artificial intelligence policies, standards, procedures, or guidelines as needed for their business
purposes, provided they are not less restrictive than County policies. Prior to final approval, Local Agency Department Head/General Manager and/or Designee are responsible for:

a. Providing supplements to Human Resources for review;
b. Providing notice to employee organizations regarding any proposed
supplements; and
c. Providing supplements to Local Agency’s Local Information Service
Provider to review for consistency with County/Local Agency IT security
policies;

5. Provide training in support of established procedures and guidelines; and

6. Obtaining a signed acknowledgment from Users that they have had an opportunity to read, and will comply with, this Policy manual before using artificial intelligence.

3. Limited Use

Due to the inherent risks of this new and evolving tool, and the need to comply with this policy and other County Administrative Policies, including but not limited to 9-2 Information Technology Use and Security, use of AI technology while performing work for the County of Sonoma must be limited. For example, no County confidential, restricted, personal, proprietary, or protected data of any kind, including data that is not owned by the County, may be shared (copied, typed, interfaced, etc.) with these platforms without performing a due diligence and compliance review as described below, which includes a review by County Counsel, as it would be a violation of County Administrative Policy 9-2 Information Technology Use and Security and, depending on the information, it may violate state and/or federal law. This includes installing AI technologies on County owned and managed systems. One of the key features of AI is its ability to memorize and learn from the information and data that is shared with it so, when AI has access to County data, even self-contained AI technologies that run on County owned and managed systems, it may share the sensitive data that was used to train it with others.

The use of transcription or other tools that have access to phone calls, video conferences, or other recorded conversations shall not be used without guidance from County Counsel. Use of these tools may violate attorney-client privilege,
California State law regarding the recording of two-party conversations (which is a crime), or other regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or Criminal Justice Information Systems (CJIS). If these services are not used properly then the individual using the technologies could violate the law, which could result in the individual being fined or imprisoned. For all of these reasons these technologies are discouraged although, for certain use cases, they may be appropriate when implemented with guidance from County Counsel.

AI tools are known for generating content that is not accurate or in some cases, the content is completely made up. This is referred to as AI hallucinations. For this reason, all AI generated content must be reviewed for accuracy. AI tools may also generate content that is the same or closely similar to content owned by others, including content that has a copyright, patent, or trademark. If any AI generated content is known to be or later discovered to owned by others, then immediately cease using the content and report the discovery to County Counsel for review.

Reliable sources for fact checking include official documents and statements, academic journals and publications, encyclopedia, and reference books (this does not include Wikipedia, or similar user-data driven websites), and government websites. Best practices for verifying data include but are not limited to checking multiple sources, critical thinking and context, peer-expert consultation, and checking for citations and references.

AI technology shall not be used for obtaining legal or other professional advice otherwise requiring licensure. AI technology shall not be used to create work product that requires a professional license or certificate e.g., legal, medical, engineering, surveying, etc. AI technology shall not be used as a replacement for required County Counsel review, or any review and certification by any other licensed professionals. Improper use of AI may constitute unlicensed practice of professional trades (e.g., unlicensed practice of law, unlicensed surveying, etc.), which is a crime.

4. Bias and Discrimination

AI technologies may produce biased or discriminatory results, so AI shall not be used for any type of decision-making activities that may exclude options from otherwise being considered.

Some activities that AI shall not be used for include, but are not limited to: Reviewing, narrowing down, or selecting potential new employees, employees for promotions, proposals submitted by potential vendors responding to request for proposals (RFP), decisions about health care, benefits, or any other type of activity that might exclude an option from otherwise being considered.

AI should only be used in a similar manner to a Google or Bing search, as part of an information gathering activity or to fine tune verbiage for a letter, email, or other document, where the final decision on how to proceed is left up to a human being.

Follow all applicable laws, regulations, and County policies when using AI.

5. Ethical Use

Each employee is responsible for using AI tools in a manner that ensures the security of sensitive information and aligns with County policies including, but not limited to, Sonoma County Administrative Policy 9-2 Information Technology Use and Security, Equal Employment Opportunity Policy, and Civil Service Rules. These technologies shall not be used to create content that is inappropriate, malicious, discriminatory, or otherwise harmful to others or the County.

Employees shall also comply with all data privacy and security standards such as those found in HIPAA, CJIS, the Internal Revenue Service (IRS), and the California Consumer Privacy Act (CCPA) to protect Personally Identifiable Information (PII), Protected Health Information (PHI), or any sensitive data in AI prompts. Employees must also treat AI prompts as if they were publicly visible online to anyone, and treat AI prompts, data inputs, and outputs as if they are subject to the California Public Records Act.

6. Transparency

The use of AI systems should be explainable to those who use and are affected by their use. To ensure transparency when using this technology, indicate when AI significantly contributed to a work product. When considering types of contributions, use the following guide as a template for citations:

1. Whole Document Example: [AI Assistance: This document was generated with the assistance of an Artificial Intelligence language model, OpenAI GPT-4, 2023.]
2. Whole Document Example: [Artificial Intelligence contributed to the development of this document using Google Bard, 2023.]
3. Specific Citation Example: OpenAI. (2023). ChatGPT (Mar 14 version) [Large language model]
4. In text example for specific information: (OpenAI, 2023)

7. AI Due Diligence and Compliance Review

Given the high risks associated with using AI, all AI technologies must be reviewed for security and compliance before they are implemented in order to ensure data protection, legal compliance, and adherence to County policies, covering the following key areas:

1. Data Access and Protection:

• Identification of the types of data AI technologies will access; and
• Assurance that data will be adequately protected against unauthorized access.

2. Vendor Data Usage:

• Clarification on the vendor's intentions with the County's data, including:

i. Utilization for AI platform training purposes; and
ii. Potential sale or use of insights derived from County data.

3. Legal and Regulatory Compliance:

• Evaluation of AI deployment against existing laws, regulations, and County policies to prevent legal violations.

4. Security Assessment:

• Completion of a security review by the County Information Security Officer to identify and mitigate potential vulnerabilities.

5. Contractual and Legal Safeguards:

• Review by County Counsel of all contracts or terms of use to ensure they contain adequate legal protections for the use and confidentiality of County data.

This comprehensive due diligence process is designed to safeguard both the County’s interests and users of AI technologies.

Back to top

9-6 Information Technology Artificial Intelligence (AI) Policy (2024)

FAQs

What is the policy of AI? ›

AI policies play a pivotal role in shaping responsible AI adoption within organizations. By delineating clear guidelines, fostering transparency, and prioritizing ethical considerations, these policies help navigate the complex landscape of AI governance.

What is the AI acceptable use policy? ›

Broadly speaking, an AI acceptable use policy is a set of rules and guidelines that govern the responsible, ethical, and effective use of artificial intelligence technologies. It outlines acceptable behaviors, practices, and procedures related to developing, implementing, and using AI systems.

What is the federal AI policy? ›

To ensure accountability, leadership, and oversight for the use of AI in the Federal Government, the OMB policy requires federal agencies to: Designate Chief AI Officers, who will coordinate the use of AI across their agencies.

What do you mean by good AI policy? ›

Answer: - A good AI policy refers to the concerns that must be in the favor of the customers. The topics that can be said as the good AI policy is the transparent system right of the data collection, freedom of leaving the system and the design data deletion options.

What are the 6 rules of AI? ›

Microsoft outlines six key principles for responsible AI: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability.

What are the 5 rules of AI? ›

A robot may not injure humanity, or, by inaction, allow humanity to come to harm.
  • A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  • A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
Dec 1, 2019

What is a trustworthy AI policy? ›

Executive Order 13960 promotes the use of trustworthy AI in the Federal Government. Under this policy, agencies are required to design, develop, aquire and use AI in a way that fosters public trust and confidence while protecting patient privacy. Public trust plays a vital role in the acceptance and adoption of AI.

Do companies need an AI policy? ›

Yes, it's more important than ever.

No one really knows how to deal with AI yet. But as the use of AI technologies works its way deeper into our business practices and as AI slowly enters the legislative arena, we're looking at, AI Act, it's critical to have a policy ready.

What is AI legally? ›

An artificial system developed in computer software, physical hardware, or other context that solves tasks requiring human-like perception, cognition, planning, learning, communication, or physical action. An artificial system designed to think or act like a human, including cognitive architectures and neural networks.

What are the main points of the AI Act? ›

Four-point summary
  • The AI Act classifies AI according to its risk:
  • The majority of obligations fall on providers (developers) of high-risk AI systems.
  • Users are natural or legal persons that deploy an AI system in a professional capacity, not affected end-users.
  • General purpose AI (GPAI):
Feb 27, 2024

Who regulates AI in the US? ›

As of January 2024, the U.S. doesn't have a binding federal law specifically regulating the development, deployment and use of AI.

What is the use of AI policy? ›

An AI policy for corporations generally outlines guidelines and principles that govern the development, deployment, and use of artificial intelligence within the organization. These policies are crucial for ensuring ethical practices, managing risk, and complying with relevant laws and regulations.

Who should own the AI policy? ›

In many organizations, the ownership of the AI strategy and agenda can vary. It often falls under the purview of senior leadership, such as the Chief Technology Officer (CTO), Chief Data Officer (CDO), Chief Information Officer (CIO), or Chief AI Officer (CAIO).

What is the ethical policy of AI? ›

AI systems must be designed and used in a way that respects the rights to privacy, non-discrimination, and freedom of expression, among others. AI systems must be developed and used in a manner that is fair, unbiased, and inclusive.

Are there any rules for AI? ›

Since 2016, numerous AI ethics guidelines have been published in order to maintain social control over the technology. Regulation is deemed necessary to both foster AI innovation and manage associated risks.

What are the current regulations for AI? ›

Currently, there is no comprehensive federal legislation or regulations in the US that regulate the development of AI or specifically prohibit or restrict their use. However, there are existing federal laws that concern AI albeit with limited application.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Manual Maggio

Last Updated:

Views: 6283

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.