Risk Management for Use of GenAI in the Workplace

This McDermott Will blog addresses the increasing use of GenAI tools by human resources professionals and identifies areas of focus for employers, relevant legal developments, and potential compliance approaches.  It also offers guidance on how to avoid legal risks when implementing GenAI-based GenAI-based HR and employment management software. Here are some specific recommendations on how to address the legal risks that may arise:

– Comply with notice requirements. Although only a handful of states have passed employment-specific regulations on AI, more are soon to follow. These laws generally have a few principles in common, including obligations on users to alert applicants about the AI system in use, what the AI system is looking for, and how the business is using this data.

– Maintain records and implement strict privacy safeguards.Because AI systems rely on large volumes of applicant data, implement strong data security measures to protect against security breaches and protect applicants’ sensitive personal information.

– Preview AI results to assess the existence of potential bias. Conduct privileged internal review of the AI software being used to determine if a bias has developed and, if so, promptly remove it from the system. This includes review of inputs, how the technology undergoes the supervised learning process, and defined targets.

The memo also stresses, among other things, the importance of learning from a company’s AI vendors how their systems process data, the need to collaborate with counsel when reviewing vendor contracts, and the importance of engaging meaningfully with employees and addressing their concerns about the implications of AI.