Should I use generative AI in my business?


This is likely to be one of the biggest challenges businesses will face in the near future. The answer to this question will depend on a range of factors, including:

  • The type of business and whether there are any sector-specific regulations, codes of practice, standards or guidelines applicable to the use of generative AI.
  • The size of your workforce and the individual roles making up the workforce.
  • The ability to manage the use of generative AI.
  • The data that will be used in the generation of content through generative AI.
  • For what purpose the output content will be used.

First of all, what is generative AI?

It is a type of artificial intelligence that uses computer algorithms to generate text, images and other content based on “training data,” often in response to a user’s prompt i.e. data inputted into the AI system.

What are the pros and cons of generative AI?

Particular Large Language Model (LLM) subsets of generative AI, such as ChatGPT, are seen as having immediate potential application in the business world. The most obvious benefit of such tools is that content can be generated in seconds, potentially saving hours of human effort on time-intensive but repetitive tasks. Clearly, there is a cost saving flowing from this.

Such tools have now been in existence long enough for flaws and risk areas to have emerged. Some of these are obvious. For example: the information generated being incorrect, as well demonstrated in the recent news story where two US lawyers and a law firm were fined $5,000 after fake citations generated by ChatGPT were submitted in a court filing (it’s worth a read:

However, businesses must also consider more insidious risks:

1. Data protection and security

This is a fairly obvious risk; but the tricky part is how to deal with it on a practical level. The costs of getting data protection and security wrong are substantial.

Allowing your workforce to use AI is likely to involve them including personal data in prompts to generate the output.

The business would need to put in place controls to ensure processing of any personal data is excluded or appropriately managed in compliance with UK GDPR, Data Protection Act 2018 and other relevant laws.

In addition, there are data and cyber security risks from downloading the AI software and mismanagement of passwords.

2. Confidentiality

In a similar vein to the preceding point, there is a risk of misuse and loss of confidential business information, including client or customer data, by its inclusion in prompts.

If data is lost, there may be little practical way of recovering it.

3. Intellectual property

Because this technology is so novel, it is currently unclear whether the output from generative AI is capable of copyright protection.

There may be an argument as to whether any output is the “author’s own intellectual creation”. It would also be necessary to assess the terms of use of the generative AI system to check ownership of any IP rights in the output.

In addition, there is a risk that the output of a generative AI system could infringe IP rights.

4. Discrimination, bias and inaccurate content

What you put in will influence what comes out. If the individual inputting data has inherent biases, then there is a risk that outputs will contain discriminatory or biased content.

Such biases also present a risk of inaccurate outputs or “facts” which may appear believable but are in fact highly inaccurate or even fabricated.

So, what are the practical considerations?

Deciding on specific areas of your business which could benefit from the use of generative AI is the first step. The next prudent thing to do is to research different generative AI based technologies to identify those that could be best used by the workforce to promote efficiencies and reduce costs.

Not all your employees will need to use generative AI in carrying out their duties, but you may identify roles which would be better utilised by introducing this tool.

The risks can, to some extent, be managed by implementing comprehensive, clear policies and providing training to staff who are authorised to use generative AI in the course of their work. The policies should address matters such as:

  • Any AI specific policy should dovetail with other policies on IT security, data protection and discrimination.
  • You may wish to list permitted and/or prohibited AI applications.
  • Requiring staff to use a work email address for log-in purposes.
  • Prescribing permitted uses of authorised AI applications, such as drafting internal comms, certain marketing tasks or conducting research.
  • Including the right to monitor all content on any generative AI application used for business purposes.

The training provided to staff needs to be bespoke to both the role and also the data that is likely to be processed. The training should reflect your policies.

In light of the above risk areas, you should think about the sensitivity of the data that could be used in prompts and how easy it is to monitor and manage the use of generative AI. You should always check with your insurer whether they have any conditions around the use of generative AI.

If you have already started to think about the pros and cons of the use of generative AI in your business, I would love to hear from you with your views.

This article is not legal advice, which it may be sensible to obtain before you take any decisions or actions in the areas covered. Please do contact me if you would like an initial discussion of your situation.

Rosie High Res
Rosie Evans
  • Employment