In this podcast, we talk to mathieu gorge, CEO of VigitrustAbout the Compliance Risks Posed by Data during Artificial Intelligence (AI) ProcessingAnd training in particular. The key challenges here are that as datasets are trained, more data is created, and it can be Dificult to Ensure that data is also compliant, especially as it colleiferats.
Here, Gorge Talks about the need to know what's being fed into ai, what comes out, where it goes, who has access to it's stored, and how it is compulsive.
He also deals with the security and compliance frameworks that can be used and the need to build ai compliace into organizational security conduct.
What's the latest on ai and compliance, with reference to storage and backup, that a cio needs to know about?
We've also Seen Some frameworks adapting to aiFor instance nist that has an ai framework. We've seen some security associations pushing for their own standards. I can think of the cloud Security Alliance, but also Working Groups from ISSA, from isaca, all of them providing guidance.
I think that what we need to consider is that we are most likely going to see more ai-Regulation. Some of it will be national, some of it will be federal, some of it will be international, a little bit like what we will we get with private. And it's important to draw a comparison between the evolution of Cyber Security Standards and AI Standards, Governance Standards.
At the beginning, about 25 years ago, there was about 100 standards on network security, it security and data security. And nowadays we only dial back to about five or six, like hipaa, pci, nist, iso, cis and so on. My hope is that we're going to do the same with ai, but in a faster way, so that we can concentrate on managing ai deployments from a data classification, data privacy and storage perpeative.
If you look at the fundamentals, What is ai governance reallyAI Governance as registered in the us, the eu and other counts is really about about saying: “Well, we've got this new way of processing data. So, We Need To Undrstand Where the data is coming from. Authority to actually use that data and put it into an ai system to treat it for wheatever purpose we treat it? “
The data come in a particular form.
[Questions include:]
Does it come out [of AI processing] In a different kind of data form, data file or wheatver?
Is that putting us out of compliance?
Is that facilitating compliance?
Do we have safeguards Around who's accessing the data?
Do we have safeguards Around how we store that data?
How long do we need to keep it?
How long will we need to report on that data, depending on where we are based?
When we store that data, where is it supposed to be stored?
So, the issue with ai is that as we deploy more ai systems, we are essentially Multiply the data A lot more than we used to. And so, we're creating a lot more data than we used to and that data needs to be stored somehere.
And it needs to be stored in a way that does that does that does that does that do out put you out of compliance. So, you need to watch your ai ecoSystem and regulate how the data come in, how it goes out, who's got access to it and where you store it.
How should the cio approach the job of ensuring compliance for ai operations in their organization, giving the potential scope for complex?
I think the cio's role should be to Undrstand what kind of information goes into aiAt the end of the day, the Chief Information Officer is responsible for managing the information that cames into the system, that goes out, that can be accessed by third parties, how it can be accessed and So on. And so, I would be highly recommend that any cio works in connection with their cso or their security team and looks at global ai regulation and policy.
And I would highly recommend looking at the IAPP, The International Association of Privacy Professionals. Their website has an ai law and policy tracker that can allow you to understand the various frameworks and their requirements in terms of data of data classification, data deployment, storage and compulsive Requirements.
If you are pushing ai solutions and ai deployments, you need to push a culture of adoption for that systems, but you also need to push a culture of data management, information management and seconds with that. Otherwise, you will fall out of compliace
Mathieu Gorge, Vigitrust
The next thing to do is to make sure that when you do training for your staff, as they roll out more and more ai-bonded systems that allows to be more efficient and more production, they also and more and more and more and more.
The same way as we train them for email, for social networking, for other stuff, the cio should be pushing, at board level, the concept of integrating ai, not just just in the Busines Culture of the Organization, But ALSO In the security and information and data management culture of the system.
In other words, if you are pushing ai solutions and ai deployments, you need to push a culture of adoption for that systems, but you also need to push a culture of data management, Information Management and SECURITY WITH THE THE. Otherwise, you will fall out of compliance.
So Again, Look at your ecoSystem, how you intended to use ai for various business reasons across multiple systems, look at an ai policy tracker unit, and thry to apply to your policy so your policy so BCCOMES PART of the DNA of your Organization.
Because ai is going to continue to be deployed. There are going to be more and more ai-based solutions that will benefit the business.
The question is, will it benefit your data management? Will it make it more complete? Potentially, if you do't manage it Compliance.
