Ian Cook, VP, Research and Strategy at Visier, builds business success by linking people data to business outcomes.
Legal frameworks often lag behind the pace of technological development. However when it comes to the rapid adoption and application of AI, including Generative AI (GenAI), the relevant authorities are moving faster than before. On July 5, the first in a swathe of pending legislation globally will come into force in New York (paywall). This legislation makes it very clear that employers will hold legal accountability for the way in which their business deploys AI.
The commentary related to this legislation spells out that the use of AI for employee-focused decisions is considered high risk. The CHRO and their team will need to pay particular attention to when and how they chose to deploy AI within their technology stack. In the New York legislation, the company—not the vendor—is carrying liability for the use of the AI system and has to go so far as to publish a 3rd party audit confirming that the AI is bias free and operating as specified. These measures attempt to stamp down previous problems with AI recruitment, similar to when Amazon had to scrap their program when it was revealed to show bias towards women.
The new advancements in GenAI capabilities are also covered by this legislation. It may seem that a technology which returns written answers to typed inputs will be relatively harmless, but this will not be the case in some key instances. For example, to work well, generative models need to be trained on company-specific data, which in some instances will involve sensitive employee data. I covered an example of this in my previous article which highlighted the people issues associated with GenAI. The way these data sets are assembled and maintained will need to be subject to audit and the responses generated by the system subject to validation. Digesting employee data within GenAI comes with a unique set of challenges, primarily revolving around the security required to implement these solutions.
The CHRO’s AI Dilemma
The difficulty related to implementing AI, the sensitivity of people data and the growing legal implications may lead CHROs to believe reducing their use and reliance on AI-based systems is the right course of action. For example, by shifting AI into stages of the work process where it automates discovery of candidates, rather than ranking of potential hires, HR can reduce risk and avoid legal jeopardy. However, no organization can stay competitive by ignoring technological shifts, and with budgets under constant scrutiny and employees continuing to be scarce and expensive, it is even more imperative that senior leaders leverage technology to reduce costs and improve delivery. This is the dilemma for every CHRO: how to deploy modern technologies which augment—and elevate the contribution of the HR function—and navigate the complexities of the evolving legal framework.
Avoiding Mistakes By Starting With Security
I believe the only way to get the best of both worlds—a performant AI system and a training data set that does not breach employees’ rights—is through security. The first two components involve the right infrastructure and security process, coupled with capabilities that ensure organizations are GDPR compliant.
The third component is the ability to secure data at both an individual and aggregate (summarized) level. This third element is the most important and least well understood component of security. Based on my experience, it’s common for an HR system to only support either a detailed look or a summarized view of the data—not both at the same time, based on the context of the person consuming the data.
Most companies experience the limitations of this security approach when they deal with their engagement vendors. Traditionally, engagement vendors promised anonymity and delivered this by only reporting data above a threshold. This process of aggregation meant that individual scores remained hidden. However, from an analytic perspective, this process quickly erodes the value and usefulness of the data. Constant hierarchy changes mean the aggregate results no longer match the details of where people work.
This same issue will roll over into work on AI or GenAI models. If aggregate data is used to train the model, then the results will be poor—not sufficiently specific. If detailed employee data is used to train the model, then it needs to be housed in a place where both detailed access and aggregate access can be blended together into a single output.
Data Security In Practice
An example of how GenAI may be used will help to explain why security is so critical. HR systems are being trained to improve how managers make decisions. A manager “asks” the GenAI whether or not their employee warrants a pay raise. To make this decision well, the manager needs to see the detailed pay for their employee and potentially other members on the same team. The manager also needs to be able to see summary data about others doing the same role, based on measures of similarity derived by the AI. This is a combination of detailed and aggregate access in a single output.
Without the proper security model the HR system is likely to return just the detailed data, which the manager already knows, or just the aggregated data, which is insufficient to support the best decision. Or if the GenAI has not been properly tested for security, you run the risk of returning details about people the manager should not see.
Security First
Demonstrations which show human-like and informative responses to people questions have a strong appeal to everyone in HR. Simplifying access to insights about people, their contribution and how best to manage them has enormous value. However, if you are the leader exploring these technologies and looking to bring them into your business, the first test that any vendor must pass is to demonstrate they can effectively secure your data, providing detailed and summarized views together based on the role played by the person asking.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here