top of page
dpo-bg5.jpg

PCPD AI Framework

​AI Framework: Artificial Intelligence: Model Personal Data Protection Framework

  1. Establish AI Strategy and Governance

  2. Conduct Risk Assessment and Human Oversight

  3. Customisation of AI Models and Implementation and Management of AI Systems

  4. Communication and Engagement with Stakeholders

Please refer to PCPD AI Framework for details.

Checklist on Guidelines for the Use of Generative AI by Employees:

The Guidelines by PCPD recommend that organisations cover the following aspects when developing their internal policies or guidelines on the use of Gen AI by employees, with key elements as follows:

  • Scope of permissible use of Gen AI: Specify the permitted Gen AI tools (which may include publicly available and/or internally developed Gen AI tools), the permissible purposes of use (for example, drafting, summarising information and/or creating textual, audio and/or visual content) and the applicability of the policies or guidelines;

  • Protection of personal data privacy: Provide clear instructions on the types and amounts of information that can be inputted into the Gen AI tools (for example, whether to include personal data or other data), the permissible purposes for using the output information, the permissible storage of the output information, the applicable data retention policy and other relevant internal policies to comply with (for example, those on personal data handling and information security);

  • Lawful and ethical use and prevention of bias: Specify that employees shall not use Gen AI tools for unlawful or harmful activities, emphasise that employees are responsible for verifying the accuracy of AI-generated outputs through ways such as proofreading and fact-checking, and for correcting and reporting biased or discriminatory AI-generated outputs, as well as providing instructions on when and how to watermark or label AI-generated outputs;

  • Data security: Specify the types of devices on which employees are permitted to access Gen AI tools (for example, work devices provided by employers) and the categories of employees who are permitted to use Gen AI tools (for example, those who have operational needs, have received relevant training, and have prior permission), require employees to use robust user credentials, maintain stringent security settings in Gen AI tools, and report AI incidents (such as data breach incidents involving the use of AI, unauthorised input of personal data into Gen AI tools, abnormal output results and/or output results that may potentially breach the law) according to the organisation’s AI Incident Response Plan; and

  • Violations of policies or guidelines: Specify the possible consequences of employees’ violations of the policies or guidelines, and refer to the PCPD’s “Artificial Intelligence: Model Personal Data Protection Framework” (Model Framework) for recommendations on establishing Gen AI governance structure and measures.

 

Please refer to Privacy Commissioner’s Office Publishes (1) Checklist on Guidelines for the Use of Generative AI by Employees for details. 

Copyright @2024 The University of Hong Kong. All Rights Reserved.
bottom of page