Technology is evolving at an ever-advancing pace, and HR needs to keep up. A legal expert outlines three emerging risks for employers to be across.
The speed at which technology continues to develop is often exciting and sometimes concerning. These developments raise both challenges and opportunities for management and HR practitioners.
Three recent developments that have garnered much attention are artificial intelligence (AI) platforms, biometric data collection (such as fingerprints and voice recognition) and newer social media applications such as TikTok.
HR has an important role in managing the cybersecurity risks they pose.
Risk of using AI platforms at work
There has been substantial recent media coverage of AI platforms, most notably ChatGPT.
Much of that reporting has focused on the possibility of such technology being applied to make the work of employees easier by being able to undertake many routine (and sometimes complex) tasks. There is also the chilling prospect of various cohorts of employees being replaced entirely by ChatGPT in the near future.
One of the risks arising from AI platforms is employees using it surreptitiously to perform duties allocated to them and then passing the work the AI platform produces as their own. As sophisticated as AI platforms can be, there is also concern about the accuracy of the
work produced, with significant errors frequently detected.
The risk from errors and falsehoods is compounded by the authoritative tone adopted in work produced by AI platforms, which often has a veneer of infallibility.
There are also substantial cybersecurity risks. First, in order for the AI platform to produce what an employee wants there is a risk the employee might provide the platform with confidential or private information in the course of asking it to execute tasks.
Second, the platform might collect data on the device or system on which it is installed that’s then sent to the platform owner.
Third, there’s the risk that installing the platform might leave the systems of the organisation more susceptible to hacking attacks or other violations from hostile actors.
There are a number of ways HR practitioners can lead in managing these risks, including:
- Developing and implementing workplace policies about AI use
- Ensuring transparency about AI use and requiring employees to disclose work developed with AI
- Protocols around sharing confidential information with an AI platform
- Commissioning an IT risk assessment of common AI platforms for policy development
Think you can tell the difference between AI and human-generated text? Take HRM’s quiz to find out.
Use of biometric technology
Biometric data can streamline administrative practices by making it easier to record employee attendance, location and identity for system access.
However, given the sensitive and uniquely personal nature of the data, significant risks can arise if it is misused. HR should keep some basic principles in mind, such as:
- Only collect with consent (or pursuant to a reasonable and lawful direction, which will require assurances in relation to the following points)
- Store biometric data securely and with care
- Limit access to biometric data to those who have a need to use it
- Use the data only for the purpose for which it was collected
Using TikTok at work
TikTok has become as controversial as it is successful, with claims (disputed by the company) about the app collecting data to be sent to foreign governments or enterprises.
While social media policies should address what is posted or uploaded to apps like TikTok, there is additional policy work to be considered in relation to the data risks potentially posed by the installation of the TikTok app itself.
HR practitioners should consider whether employees should be allowed to download or retain TikTok on work-related devices given the data risks said to be involved.
One key consideration is whether there is any legitimate purpose for TikTok being installed on a business device.
Employers with Bring Your Own Device (BYOD) policies, however, might not be able to issue employees with a reasonable and lawful direction to remove the app from personal devices also used for work.
This limitation reflects a broader problem with BYOD policies – the lower cost of implementation can come at the expense of employer control, which can compromise cybersecurity measures.
Need help brushing up on HR laws and compliance around? AHRI’s short course, Introduction to HR Law, will give you an understanding of the key elements of legislation, regulation and practices HR needs to be across.
This article first appeared in the May 2022 edition of HRM Magazine. Michael Byrnes is a Partner at employment law firm, Swaab.