Are your employees licensing your company’s confidential information without realizing it?

Does your business have an AI acceptable use policy? Is there a framework in place for employees to run a software by Legal and IT before downloading it? If your answer to either question is “no” or “I’m not sure,” then it’s time to get to work. In various studies, around 80% of employees have admitted that they use software at work that has not been approved or authorized. With the increased prevalence and adoption of AI tools, including as add-ons to many existing programs that enterprises use, companies are facing serious problems with their confidential information being collected and accessed. And no, in some cases, paying extra for an enterprise-level license will not save you.

A SaaS company recently asked me to review the Privacy Policy and Terms of Use for an AI tool that its employees were using, to record their video meetings and transcribe notes. I found that this AI tool requires users to grant a license to the data it collected from them: in fact, “a worldwide, non-exclusive, perpetual, royalty-free, fully paid, sublicensable, and transferable license to use, edit, modify, reproduce, distribute, prepare derivative works of, display, and otherwise fully exploit” the aggregated data that it collected, including photos and video recordings. Nowhere did it explain how it aggregated or anonymized the personal data, nor what it would do to remove confidential business information from those recordings and transcriptions (possibly, because it doesn’t). And, if you read the terms of the license, this AI tool was giving not just itself the ability to use this data but also the ability to sublicense (sell) and transfer it to others. As for recourse? The AI tool required that the user indemnify it for any claims arising out of the use of these recordings, as well as a class action waiver and arbitration clause for disputes.

AI tools can improve efficiency and effectiveness. By no means am I advocating a ban on AI in the workplace. That said, it’s important to understand what tools your company is using and how those tools use, store, or even sell your data. The concern here is not only the personal data of your employees but the confidential information of your enterprise. I would begin by identifying and reviewing the current AI tools that the employees use, so that we can spot any tools that we definitely do not want to permit and mitigate potential damage. Then, I would prepare an AI acceptable use policy, tailored to the needs and dynamics of your business, as well as communications around the policy, to make sure that employees actually understand and adopt it. Contact info@ambartlaw.com with any questions or to get started.