Southpac Certifications | 24 September 2024
Recently certified to ISO 27001:2022, Cristiano Pires from Empire Technologies emphasises the risks associated with the use of AI, particularly regarding data privacy and ethical considerations.
It is already widely argued that companies not using AI are at a significant disadvantage. The gap between AI and non-AI users is similar to the gap between manual and digital workflows. Not adopting AI will leave businesses lagging behind, just as companies that resisted digital transformation found themselves outpaced by competitors.
One of AI’s most significant advantages is automation. Pires points out that AI can now handle tasks previously requiring human intervention. For example, AI tools can generate app code based on contextual instructions, bypassing the need for lower-level coding tasks. While this reduces the demand for basic coding skills, it enhances the role of experienced engineers. These professionals can use AI-generated code as a foundation, refining and optimising it to produce better results. In Pires' view, AI "will replace the lower-level tasks," but skilled engineers remain invaluable for achieving superior outcomes.
Pires stresses that businesses must act now to integrate AI into their processes. Companies delaying AI adoption risk becoming obsolete. Many organisations are already conducting "co-pilot assessments" to identify how AI can support their workforce. Employees are increasingly requesting access to AI tools like ChatGPT or Meta, indicating that the demand for AI-driven solutions is growing. Companies that fail to adapt will find it increasingly difficult to catch up.
Despite AI's potential, Pires warns of significant risks, particularly related to data privacy and ethical concerns. AI systems require large amounts of data to function effectively, and improper use can lead to the exposure of sensitive information.
Pires illustrates the risks through a real-world example. A client unknowingly shared sensitive business information with an AI tool, which was later discovered by a partner. This highlights the danger of inputting confidential data into AI systems without understanding the potential for exposure. Once data is entered, it may become accessible beyond the company’s control, creating risks of data leaks or unauthorised use. Pires urges businesses to establish strict frameworks governing what information can be shared with AI systems.
As AI becomes integrated into customer-facing interactions, ethical concerns arise. Pires mentions that AI tools are being used to analyse customer phone calls and suggest improvements. However, this raises questions about transparency and consent. Customers may not be aware that their conversations are being analysed by AI, potentially leading to discomfort or mistrust.
Moreover, AI’s reliance on large language models (LLMs) can lead to errors. Pires explains that these models, while capable of processing vast amounts of information, sometimes generate inaccurate or misleading responses—referred to as "AI hallucinations." This occurs when AI is unable to provide a precise answer and instead generates something nonsensical. Such errors could have serious consequences in customer service or decision-making processes.
AI offers significant advantages to businesses, particularly in terms of automation, efficiency, and enhanced productivity. Companies that adopt AI will be better positioned to stay competitive in a rapidly evolving market. However, with these benefits come risks, particularly regarding data privacy and ethical considerations.
Businesses must establish clear guidelines for using AI to mitigate these risks, ensuring sensitive information is handled appropriately and customer interactions are transparent. Adopting AI is essential, but it requires a responsible approach to avoid unintended consequences. Balancing the potential of AI with careful risk management will enable businesses to harness its full power while protecting themselves from its pitfalls.
Click the links to view Part 1 and Part 2 of the full interview.
From Clause 4 to Clause 10, including relevant security controls. Use it to prepare your ISMS for ISO 27001:2022 certification.