惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
Stack Overflow Blog
Stack Overflow Blog
月光博客
月光博客
T
Threat Research - Cisco Blogs
小众软件
小众软件
有赞技术团队
有赞技术团队
酷 壳 – CoolShell
酷 壳 – CoolShell
Apple Machine Learning Research
Apple Machine Learning Research
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Tailwind CSS Blog
Cisco Talos Blog
Cisco Talos Blog
V
V2EX
博客园 - 【当耐特】
C
Cybersecurity and Infrastructure Security Agency CISA
Hugging Face - Blog
Hugging Face - Blog
The Cloudflare Blog
The Last Watchdog
The Last Watchdog
Simon Willison's Weblog
Simon Willison's Weblog
T
Threatpost
S
Secure Thoughts
O
OpenAI News
P
Proofpoint News Feed
S
SegmentFault 最新的问题
Forbes - Security
Forbes - Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Application and Cybersecurity Blog
Application and Cybersecurity Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Last Week in AI
Last Week in AI
宝玉的分享
宝玉的分享
Scott Helme
Scott Helme
T
Tenable Blog
A
Arctic Wolf
L
LINUX DO - 热门话题
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
Visual Studio Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
腾讯CDC
博客园 - Franky
WordPress大学
WordPress大学
Know Your Adversary
Know Your Adversary
博客园_首页
雷峰网
雷峰网
IT之家
IT之家
PCI Perspectives
PCI Perspectives
L
LINUX DO - 最新话题
H
Heimdal Security Blog

Privacy Ref

Welome to Privacy Ref Academy CIPP/US Training at The Florida Bar Annual Meeting Certificate in Data Privacy and Protection Univ. of Technology, Jamaica, and Privacy Ref launch Data Privacy Training Initiative The need to verify Policy Compliance Privacy Ref named one of the Best Data Privacy Service Providers in the U.S. Massachusetts bill follows latest Privacy Law standards Thoughts after the IAPP GPS Personal Privacy Tips
Bring AI into the Privacy Program in 2025
Lizzy Hill · 2025-02-05 · via Privacy Ref

Artificial intelligence is seemingly, suddenly everywhere in 2025—and possibly already being used within your organization. With the increasing popularity and use of artificial intelligence by organizations also comes additional regulations and best practices. The European Union’s Artificial Intelligence Act may be the first law to regulate the use of artificial intelligence, but it is closely followed by other countries, including Brazil where an AI law was just signed and several US states including California and Colorado.

A privacy professional knows that artificial intelligence is the privacy program’s business. Before inwardly groaning at the idea of creating another governance program for artificial intelligence, consider how artificial intelligence management can be incorporated into the privacy program. This will not only preserve resources and energy but also make use of existing systems and processes to minimize the lift of governing artificial intelligence.

Risk management

The use of artificial intelligence for business purposes necessitates an understanding of the risks involved and mitigation measures to limit these risks. To comply with the EU AI Act and some of the upcoming US state AI laws, deployers of artificial intelligence must conduct some version of a risk assessment, sometimes called a conformity assessment or data protection impact assessment (DPIA).

If the EU AI Act or state comprehensive privacy laws apply to the organization, there should already be a DPIA or privacy impact assessment (PIA) process in place. Questions covering the use of AI can be added into the PIA and DPIA template in that case so that the artificial intelligence use can be risk ranked and risk mitigations can be identified.

Transparency

Once the use and risks of artificial intelligence are known and mitigated, and as they are updated and tracked, this information can be used to inform employees and consumers about the use of artificial intelligence. The EU AI Act and some of the US state AI laws require that people interacting with AI systems be notified of that fact.

Language about the use of AI and the data used to train it can be added to internal privacy policies and external privacy notices. Depending on the use, there may be new processing purposes added to the privacy notice or a smaller addition that certain processing may be performed in an automated fashion. New processing purposes should also trigger an alert to consumers per certain US state laws.

If automated decision-making is a new processing purpose of personal information using AI, the right to opt out of automated decision-making may need to be built into the existing data subject rights request fulfillment process and listed in the privacy notice.

AI Literacy

AI literacy is the requirement that artificial intelligence evaluators and users have the minimum knowledge and understanding to perform the tasks expected of them using AI. This includes a basic understanding about AI, along with combination of technical skills, critical thinking, practical application, and legal and moral awareness. Anyone responsible for human oversight of AI or using artificial intelligence on behalf of the business should be AI-literate.

Look to current training and awareness activities for opportunities to introduce artificial intelligence topics such as risks and appropriate use. Artificial intelligence can be introduced in short training videos or in-person training along with awareness activities or exercises such as privacy incident practices. It may also be necessary to create a policy on appropriate use of artificial intelligence which can be circulated using existing communication mechanisms such as newsletters or internal privacy pages.

Another place where AI can be incorporated to increase literacy is in the Privacy Steering Committee or similarly named security and privacy committee that meets regularly. Perhaps this committee can double on a recurring schedule as an Artificial Intelligence Review Committee, or a smaller subset of these folks can review AI requests and report to the steering committee regularly.

Reach out to Privacy Ref with all your organizational privacy concerns, email us at info@privacyref.com or call us 1-888-470-1528. If you are looking to master your privacy skills, check out our training schedule, register today and get trained by the top attended IAPP Official Training Partner.