Skip to Content

12 Tips to Help Your Business Address Generative AI Risks

With generative AI becoming increasingly prevalent, businesses face a spectrum of opportunities, challenges, and risks. While some organizations have been quick to bring generative AI into the fold, the majority are still wondering whether it’s the right tool and, if so, how to integrate it safely and effectively. Join Carlton Fields attorney Trish Carreiro as she provides tips for businesses considering whether and how to incorporate generative AI in their workstreams. Whether you're an eager adopter or a cautious observer, these tips cover the fundamentals, from assessing AI's suitability for your needs to fortifying cybersecurity measures and protecting your intellectual property.

12 Tips to Help Your Business Address Generative AI Risks

  1. Figure out the problem you want to solve and if AI is the right tool to do it. AI is not the right solution for every problem. Don’t fall for the hype. The term “AI” is being slapped on everything, including things that I wouldn’t consider AI at all. Don’t let the “AI” marketing label fool you into thinking a tool is more forward-thinking or helpful than it actually is.
  2. Consider supplemental cybersecurity protections and updates.
    • Criminals are using AI to write malicious code, to generate deep fakes, to inundate your security system, to personalize phishing emails. Be ready. Consider how to adjust cybersecurity protections to address this new threat and take advantage of new opportunities for protecting your business.
    • Along the same lines, consider updating your risk assessments and incident response plans. Threats change; we should change with them. 
  3. Consider defensive measures to protect your intellectual property from AI tools. This includes things like updating your terms of use, using available technology to minimize crawling on your website, being extra diligent with securing copyright protections, and attempting to identify any impermissible use of your IP.
  4. Implement an AI Acceptable Use Policy to clarify for your employees how your organization is addressing AI and how it will, or will not, use AI.
  5. Contract with AI in mind. Consider being explicit in contracts about the role AI can play and what, if any, data can be processed by it, for what purposes, and under what conditions.

Now, if you plan to implement AI: consider these 7 additional tips:

  1. Make sure you understand the technology and can explain it and step in to correct it when needed. Consider a Pilot Program to help.
  2. Consider revising your privacy notices and consents to be transparent about the data you feed into AI tools. Some AI tools will even explicitly require you to provide certain notices to AI users.
  3. Set up a framework and Governance Team to address AI. The NIST AI framework is a great place to start, but don’t stop there. Fold in the exponentially growing guidance and draft laws and bulletins, and all the rest that’s proliferating. Be especially sensitive of the context in which you plan to use AI, whether that’s for an employment-specific purpose or whether you’re functioning in a highly regulated industry – whatever it is. Context matters – a lot. So, for example, if you’re functioning in the life insurance industry, you’re going to want to make sure you’re aligning with the practices that have been called out by, for example, the NAIC, state insurance regulators like the Colorado Department of Insurance, the SEC, and in other state laws (both insurance-specific and more generally).
  4. Exercise available opt-out choices. If you’re using an API and it’s relying on ChatGPT, for example, ChatGPT offers a process for opting your commercial information out of training their algorithm. Consider exercising your right to opt out.
  5. Contract appropriately. Be sensitive to AI issues and the shifting legal landscape when negotiating contracts. This goes both ways. So, for example:
    1. Performing due diligence on and oversight of AI vendors and, more broadly, securing representations from vendors about their use or not of AI; and also
    2. Understanding the commitments and obligations your business has made about the data you hold and may want to process with AI. use with AI.
  6. Consider advisable notice, consent, testing, oversight, and recordkeeping obligations that might be required by a regulator or be potentially beneficial in a consumer or business litigation. With how much focus there is on AI at this point, it may be worth doing more than the bare minimum here.
  7. And last, prepare for change. This applies to both internal and external considerations.
    1. Externally, available technologies are developing quickly, and so is the legal landscape.
    2. Internally, AI is at its core a transformational process, not just some tool, which means that using AI can often necessitate more frequent refreshes of your policies and risk practices to reflect new business practices.
Presented By
Related Practices
Cybersecurity and Privacy
©2024 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.