AI isn’t taking over the whole world, just mine

April 26, 2023

 

iCIMS Staff

5 min read

Earlier this month, the four-day Global Privacy Summit 2023 spotlighted the big picture of data privacy and protection to 5,000+ privacy professionals in Washington, D.C. Hosted by the International Association of Privacy Professionals (IAPP), the world’s preeminent annual data privacy and protection event promised to light the way on a variety of topics and emerging trends in the face of mounting complexity.

Privacy professionals are increasingly being called on to help their organizations make sense of the evolving landscape of AI/ML and to lead a path forward for AI governance, drawing on long-standing privacy principles. The summit had much to say about the challenges my industry colleagues and I are facing. As a privacy professional at @iCIMS, a global recruitment software company that helps 6,000 companies hire faster and more equitably with AI, I was looking forward to hearing from peers. Listening to leaders from some of the top global brands affirmed our principle-based strategy to building our privacy program is the best way to ensure adaptability in the ever-evolving data protection and AI landscape.

Here were some of the consistent themes regarding AI governance programs:

• It is critical for organizations to align on terminology and definitions as it relates to its use of AI/ML. This may seem obvious; however, this is easier said than done considering there are so many different definitions of AI across the industry. Even though NIST, ISO, IEEE, U.S. DOD, and the U.S. GAO, all have varying definitions of AI, an important part of establishing an AI governance program is for companies to align on their own definitions, even if the industry is not.

• It is also vital for organizations to consider its use cases when establishing its AI governance program. All use cases should be identified and assessed and will require support across the business. A couple of important factors that were discussed included:

• • Distinguishing the differences between Artificial Intelligence, Machine Learning, Deep Learning, and Generative AI.
  • Recognizing there are also different types of intelligence, including assisted intelligence, automated intelligence, augmented intelligence, and autonomous intelligence, and particularly noting the differences of when humans are involved and when humans are not involved.
• Organizations should be aligning their AI principles to their corporate values. AI presents a broad array of unique risks, driven by societal, market, and regulatory forces. Risk management is often unique to each organization and its values, so it’s important for AI principles to align accordingly.

AI wasn’t the only complex topic addressed at the Global Privacy Summit. It’s no surprise that international data transfers remain under the spotlight. With the increasing number of countries adopting privacy rules around the world, and the U.S. expanding state laws and considering a federal privacy law, the need for a global solution for international data transfers is becoming even more critical. Some key aspects discussed included:

• The 38 countries that make up the OECD have adopted the principles outlined in the Declaration on Government Access to Personal Data Held by Private Sector Entities in an effort to build trust and provide a standard for limited and constrained government access to personal data.
• Current and former chairs of the EDPB and the ICO, as well as Max Schrems, agreed that (1) the EU-US Data Privacy Framework is an improvement with regards to addressing some of the key issues raised as part of the Schrems II ruling, and (2) we need a global standard for international transfers. Currently, the GDPR is the standard, but even the GDPR will need to be reformed over the next 5 years.
• Standard Contractual Clauses (SCCs) are being adopted globally, but it’s only one piece of the international transfer pie. The new Trans-Atlantic Data Privacy Framework could provide some relief for organizations struggling to maintain Transfer Impact Assessments (TIAs). China did publish their own version of standard contractual clauses, but the security assessment requirement still applies for large scale and high-risk data.

All in all, the conference clearly demonstrated that the demands of privacy professionals continue to grow as organizations are faced with an increasing number of privacy regulations and growing expectations of privacy from consumers. Not to mention the use of AI/ML only adding to the complexity of the role of privacy professionals. Thankfully, the privacy program we have built at iCIMS enables us to be adaptable to the ever-changing laws impacting the space, and our dedicated privacy team is steadfast to staying on top of the ever-evolving privacy landscape.

At iCIMS, we maintain a principle-based privacy program, which allows us to scale our program and support our customers with their compliance obligations as privacy regulations and requirements continue to evolve globally. Additionally, iCIMS is committed to evolving and strengthening our AI according to best practices and global regulations so our customers can feel comfortable that its teams are recruiting ethically and responsibly, ensuring our Responsible AI principles align to our company values of customer-obsession, innovation, and accountability.