Civil Municipal - June 2024
CREATE A POLICY THAT WORKS In Grove City, the information systems department took all of this into consideration and championed the development of a policy to ensure the city could embrace the operational efficiencies that come with AI, while ensuring its sensitive data remained protected. First, the city took a detailed look at its data and classified it accordingly. Generally, it fell into four classification levels: public data, internal data, confidential data and restricted data. The city then determined that AI fit into the appropriate use policy and updated that policy with the core consideration that all uses must be approved by the information systems department. Employees must sign off on this policy at the time of hire, and then on an annual basis. When considering a request to useAI,the information systems team reviews what classification of data a department is using and if it will put the city’s data at risk. For example, any information that would need to be redacted upon reporting, i.e. personal identifiable information (PII) or victim information would not be approved for AI use. Additionally, Grove City’s information systems department manages IT for five township fire departments in the city, so in that case healthcare considerations come into the equation. For example, patient information and HIPAA considerations. While the above scenarios are mostly a common sense take on what would qualify as sensitive information, there are often scenarios that are more nuanced. For example, sharing information about the city’s infrastructure, and the potential for cybersecurity risk.According to Forbes,“global cybercrime damage costs are expected to grow by 15 percent per year over the next two years, reaching $10.5 trillion USD annually by 2025.” This is a crucial consideration. Water, sanitary, stormwater, communication, IT infrastructure in the state of Ohio is protected infrastructure and should not be disclosed as they can put a municipality at high cybersecurity risk. AN EVOLVING TECHNOLOGY LANDSCAPE Whether local governments decide to enact a formal policy or more informal guidelines, it is important that they recognize that AI is a growing force in our technology landscape—one that must be given careful consideration. The efforts in Grove City serve as a model for local governments grappling with the complexity of AI governance. As the nature of AI changes, and experts learn more about its many pros and cons, the policies can and will shift as well. Having a strong framework in place will help adapt to an ever-changing technology environment to continue to ensure the safety and security of employees, citizens, and municipalities as a whole—now and in the future. time-consuming tasks. But using a tool like ChatGPT comes with inherent risk. For example, hypothetically, if Grove City’s HR team was interested in changing the city’s dress code, it could easily ask the free-to-use AI ChatBot, ChatGPT, to write a policy that explains that a blue polo is now required. However, what many don’t realize is that the data fed into ChatGPT is now no longer proprietary; it is now in the public domain. This essentially means that this data could be used by others outside of the organization, and potentially in ways that were not intended. In this hypothetical example, the data is not sensitive, therefore risk is low. However, local governments deal with a large amount of sensitive information that should not be shared publicly. This is where the right policy comes into play. According to the same HR Trends report referenced earlier, a whopping 78 percent of government agencies do not have documented policies or procedures surrounding AI, even though it is already being used to help agencies automate routine tasks, develop data-driven policies, and improve service delivery. 14 CIVIL AND MUNICIPAL VOLUME 05, ISSUE 06
Made with FlippingBook
RkJQdWJsaXNoZXIy MTI5MjAx