News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | Are organizations safeguarding against the risks posed by AI? Related reading: IAPP launches page on AI

rss_feed

""

Artificial intelligence is advancing at a fast pace. Although it is a useful tool for organizations seeking to increase productivity, it can also create privacy risks. A global study revealed that more than 70% of consumers harbor some sort of fear toward AI. So, are organizations taking the proper steps to consider and mitigate the risks of using AI?

The IAPP-EY Governance Report of 2019 revealed that, by and large, organizations are using already-existing tools to meet the new risks posed by AI. Forty-one percent of respondents said their organization assesses and mitigates these AI-specific risks using their standard privacy risk analysis. On the other hand, only 6% of participating organizations have AI-specific privacy safeguards and guidelines in place. Meanwhile, 16% of respondents answered that their organizations are currently in the process of planning safeguards and guidelines specifically targeted toward AI risks and threats. Conversely, 36% of respondents stated their organizations do not view AI as a unique risk factor at all.

The goal of asking respondents about safeguarding against AI was to determine if it has inspired organizations to adopt specialized risk analysis over the years. AI is something that organizations have been facing for quite some time. A 2017 public debate organized by the French data protection authority, the CNIL, highlighted the unique risks AI could pose to organizations due to the vast amounts of data processed, the potential for bias and discrimination, and the hybridization between humans and machines in which the two work together toward a common yet potentially malicious goal. These unique risks may not be properly assessed using a standard privacy risk analysis, and many privacy experts believe that responsible use of AI means having specific safeguards that extend beyond a standard privacy risk analysis.

AI often requires specific safeguards due to the attacks that stem from the way AI algorithms work internally. These types of attacks make AI susceptible to adversarial machine learning — attackers gaining control and inputting incorrect data to make the AI mechanism take malicious actions. Attackers may make changes in the algorithm that are so minuscule that even human workers miss them, thus, rendering their AI mechanism unreliable, unbeknownst to the organization. One example of this occurred when Microsoft created a Twitter bot that was programmed by internet users to tweet offensive and derogatory statements. These risks may be enough for organizations to limit their use of AI, which may explain why many privacy pros do not perceive AI as a threat to their organization at all.

The question remains: What types of safeguards and guidelines can organizations adopt to analyze the risks of AI? Part six of in the series "Security & Privacy considerations in Artificial Intelligence & Machine Learning" provides useful ways in which organizations can reduce the risk of threats from using AI. In addition to using their standard privacy risk analysis, organizations should focus on incorporating privacy into the AI mechanism. Differential privacy in one approach provides a mathematical framework that limits how much data the AI mechanism can "remember." This helps limit the retention of sensitive data that could potentially reveal the identities of the individuals included in a dataset. Another way to build privacy into AI is to use the Private Aggregation of Teacher Ensembles Framework. This framework applies differential privacy by dividing the private data into subsets and training different models on each of the subsets. The framework then combines the outcomes of the individual models, adding noise to result in "noisy aggregation" of the models’ predictions. For more in-depth information about the PATE Framework, check out this article written by the creators, "Privacy and machine learning: two unexpected allies?"

Federated learning is another approach an organization may be able to take to preserve privacy in its AI mechanisms. Using this approach allows organizations to collect data and learn from subsets of that data before aggregating the results from each subset. This takes away the need to bring large amounts of data together, which reduces the risk of identifying subjects within the data set. Another technique organizations can use to prevent possible threats is called homomorphic encryption, which allows the AI mechanism to perform meaningful computations of encrypted data without ever giving it access to the plain-text data or even an encryption key.

As AI continues to grow at a fast rate and attackers find new ways to infiltrate AI mechanisms, organizations that use AI should start thinking about implementing specific safeguards and guidelines to protect against the unique threats posed by AI. It will be interesting to see how organizations choose to safeguard against AI in the future as the risks of this technology are ever-growing. Perhaps next year there will be an increase in organizations that have specific safeguards in place or are planning safeguards, or maybe AI risks will continue to multiply, leaving organizations unprepared to properly mitigate them. Only time will tell.

Photo by Bernard Hermant on Unsplash


Approved
CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT
Credits: 1

Submit for CPEs

Author
Headshot Chelsea Marcous Nonmember Contributor
Tags
Privacy Opinion
Westin Research Center
Comments

If you want to comment on this post, you need to login.

Related Stories
IAPP launches page on AI
The IAPP is tracking the latest developments around artificial intelligence in its Resource Center. The page contains articles, resources and white papers that cover the ethical considerations when AI is used, regulation to tackle the technology and where it intersects with privacy. It also highligh...
Read More queue Save This
Related Stories
Tags
Privacy Opinion
Westin Research Center
Recent Comments