Artificial intelligence (AI) offers unprecedented possibilities. But with opportunity comes risk. Whatever you do with AI, make sure you have proper guardrails in place before you start.

AI is a transformative power. It doesn’t just have the ability to change the way we work or the way our organizations operate—it can alter almost everything, from the way information is generated and consumed, how daily tasks are performed, and perhaps most importantly, how decisions are made.

That decision-making part has sparked a lot of discussion, especially in the Ethics community, about data quality, bias, fairness, equity, societal good, and other concerns. While the debate is ongoing, one thing is certain: every organization will be held accountable (by both the legal system and the court of public opinion) for how it uses AI systems.

This means organizations using AI face more risk. Companies that are not putting guardrails around the monitoring of output from AI systems are going to be exposing themselves not only to potential security vulnerabilities but also to fairness and ethics and bias weaknesses in their systems.

AI is fueled by data. As a result, AI data governance is one of the most important guardrails for every organization that is considering an AI initiative.

Data Governance for AI

Establishing data governance specifically for AI systems is foreign territory for many organizations. What is the best way to get started?

1. Assign accountability: Someone in the organization must take ownership of AI data governance. If you don't have somebody at the table who is representing the consumer, representing the customer, representing the person AI data output is going to be making decisions about, your organization is assuming significant risk. Whether it's someone within the legal team, the compliance team, the security team, or the IT team, someone at a senior level within the company should be accountable for AI data governance and for ensuring there are checks and guidelines for how AI initiatives are launched.Even if all you want to do is leverage generative AI for internal use cases, such as improving employee productivity, someone needs to be listening to the teams and monitoring the output. Otherwise, problems can occur.By assigning accountability, everyone in the company knows there is a person they can go to for any questions around decisions related to AI use internally or externally. The person in this role is responsible for acting as a type of North Star for the organization, providing guidance and updates on where the organization is from an AI data governance perspective. This includes making sure the organization has an AI data governance policy and employees are trained on the key elements of that policy.

2. Create an AI data governance policy: This document is a foundational element of your AI strategy. It should be practical and define management’s intention, the board’s intention, and the company’s intentions for the use of AI within the organization. This policy is also going to support the legal team and the HR team by ensuring that administrative guidance has been provided to all personnel who have been granted access to use AI.An AI data governance policy is similar to a standard data governance policy, but there are some key differences. For example, an AI data governance policy,

   • Covers the management of organizational data (ensuring data quality, integrity, security, and compliance) specifically used by AI systems, with the added focus of making sure the data used to train AI models is unbiased, ethical, and transparent.
   • Addresses governance of AI models and decision-making processes of AI systems to ensure accuracy, fairness, and diversity.
   • Defines what ethical data usage means within the organization.
   • Includes provisions to ensure compliance with any AI-specific regulations which may emerge.
   • Contains departmental and/or use case specific provisions for the management, protection, authorization, and use of data sources by AI systems.  There are many more elements to an AI data governance policy. Creating a practical document requires cross-functional participation and oversight by subject matter experts from inside (and perhaps outside) your organization.

3. Partner with your privacy team: Every organization considering AI solutions cannot do so without addressing privacy. Improperly using or inadvertently exposing privacy information is a serious risk, and organizations must make provisions to ensure it doesn’t happen. As you develop your AI strategy and create your governance policies, make sure your privacy team has a prominent seat at the table.

Taking the Next Step

Moving forward with AI requires due diligence. Because turning on an AI solution without careful planning could expose confidential information to the wrong people or result in biased or erroneous decisions.Having an overarching data governance policy for AI is not optional—consider it table stakes. When hard decisions need to be made around the use of AI in your organization, the policy document serves as the reference and guide for everyone.The AI journey is exciting and complex, with tremendous business potential and new risks to manage. Creating a data governance policy for AI is only one step. Other steps in your AI journey include developing your AI strategy, defining use cases, assessing your preparedness, determining whether to build or consume AI infrastructure, and executing a proof of concept. Watch for more posts coming soon on other aspects of building, deploying, and managing AI systems. For help with any stage of your AI journey, ePlus offers a comprehensive set of services. Check out ePlus AI Ignite for more information.

Related articles