Skip to content

ChatGPT: What in-house attorneys need to consider ASAP

As a powerful language model, ChatGPT can be an incredibly useful tool for employees in many different roles. However, the use of ChatGPT in a corporate setting also presents certain risks and challenges that companies must be aware of. To regulate the use of ChatGPT effectively, companies should develop clear policies and procedures for employee use of the language model, taking into account considerations such as GDPR and insider information.

One of the key considerations for companies is ensuring that the use of ChatGPT complies with GDPR and other relevant data protection regulations. This means that companies must ensure that any personal data processed by ChatGPT is done so lawfully, transparently and with explicit consent from the data subject. Additionally, companies must ensure that data is stored and processed securely, and that employees are trained on their obligations under GDPR and other relevant data protection regulations.

“The privacy considerations with something like ChatGPT cannot be overstated”

Mark McCreary, the co-chair of the privacy and data security practice at Fox Rothschild LLP

Another important consideration is the risk of insider information being shared or disclosed through the use of ChatGPT. Employees must be trained on the importance of maintaining confidentiality and not sharing sensitive information with unauthorized parties. Companies must also ensure that access to ChatGPT is restricted to only those employees who need it to perform their job duties and that access controls are in place to prevent unauthorized use or access.

To regulate the use of ChatGPT effectively, companies should develop clear policies and procedures that cover all aspects of employee use of the language model. This should include guidelines on the types of data that can be processed by ChatGPT, procedures for ensuring that confidential information is not disclosed, and protocols for handling any breaches of security or data protection regulations.

Companies should also ensure that employees are trained on these policies and understand the risks associated with using ChatGPT. This includes training on the importance of data protection, confidentiality, and insider trading regulations. By providing regular training and guidance, companies can ensure that employees are using ChatGPT in a responsible and compliant manner.

Another important aspect of regulating employee use of ChatGPT is monitoring and auditing. Companies should implement regular checks and audits to ensure that the language model is being used in compliance with company policies and procedures, data protection regulations and other relevant laws. Companies should also have processes in place to investigate and handle any potential breaches or misuse of ChatGPT.

So, what should companies be doing right now? I would suggest that, in the near-term, companies should block ChatGPT until safeguards and training are implemented. Trade secret and confidential/private information “bells” cannot easily be “un-rung”. I would personally recommend that companies, after temporarily blocking ChatGPT usage, quickly pull together an internal summit of thought leaders, IT security, legal, and data privacy and discuss the process for employees to be cleared for ChatGPT usage. Among other things, cleared usage likely would involve (1) a legitimate use case; (2) training; and (3) on-going monitoring and reporting.

All in all, the use of ChatGPT can be a valuable tool for employees in a corporate setting, but it is important that companies take steps to regulate its use effectively. Companies should develop clear policies and procedures for employee use of ChatGPT, take into account GDPR and insider information risks, provide regular training and guidance, and implement monitoring and auditing processes. By doing so, companies can ensure that the use of ChatGPT is responsible, compliant and in line with company values and regulations.

Click to rate this post!
[Total: 3 Average: 5]

Leave a Reply

Your email address will not be published. Required fields are marked *