By Michael Leach, Compliance Manager, Forcepoint
The Executive Order on AI that was announced today provides some of the necessary first steps to begin the creation of a national legislative foundation and structure to better manage the responsible development and use of AI by both commercial and government entities, with the understanding that it is just the beginning. The new Executive Order provides valuable insight for the areas that the U.S. government views as critical when it comes to the development and use of AI, and what the cybersecurity industry should be focused on moving forward when developing, releasing and using AI such as standardized safety and security testing, the detection and repair of network and software security vulnerabilities, identifying and labeling AI-generated content, and last, but not least, the protection of an individual’s privacy by ensuring the safeguarding of their personal data when using AI.
The emphasis in the Executive Order that is placed on the safeguarding of personal data when using AI is just another example of the importance that the government has placed on protecting American’s privacy with the advent of new technologies like AI. Since the introduction of global privacy laws like the EU GDPR, we have seen numerous U.S. state level privacy laws come into effect across the nation to protect American’s privacy and many of these existing laws have recently adopted additional requirements when using AI in relation to personal data. The various U.S. state privacy laws that incorporate requirements when using AI and personal data together (e.g., training, customizing, data collection, processing, etc.) generally require the following: the right for individual consumers to opt-out profiling and automated-decision making, data protection assessments for certain targeted advertising and profiling use cases, and limited data retention, sharing, and use of sensitive personal information when using AI. The new Executive Order will hopefully lead to the establishment of more cohesive privacy and AI laws that will assist in overcoming the fractured framework of the numerous, current state privacy laws with newly added AI requirements. The establishment of consistent national AI and privacy laws will allow U.S. companies and the government to rapidly develop, test, release and adopt new AI technologies and become more competitive globally while putting in place the necessary guardrails for the safe and reliable use of AI.
AI Regulation – The Wild West Survival Guide
Who will determine what risks are acceptable? At the moment, every gun slinger in town.
Posted this morning on Linkedin, in an article by WithSecure Cyber Security Advisor Paul Brucciani, he provides guidance to AI vendors and users who need to find their way through the regulatory Wild West. Interesting read should this be of interest as well.
https://www.linkedin.com/pulse/ai-regulation-wild-west-survival-guide-paul-brucciani-fciis-iixze