Protecting a company from potential threats that may arise makes it necessary to establish strategies to reduce or mitigate them. Artificial Intelligence has led to new concerns such as data security or Intellectual Property.
As an example, some of the points that must be evaluated and protected in a Company are those mentioned below.
- Data protection . To do this, security measures can be implemented to protect sensitive information and data used through Artificial Intelligence. Additionally, it is recommended to encrypt data and establish clear policies regarding data collection, storage and use, policies that must be complied with and for which it is recommended to have privacy regulations in this regard.
- The so-called governance of Artificial Intelligence . That is, the development of policies and procedures that establish the ethical and legal principles that govern the operation of Artificial Intelligence in the company. Some companies have decided to create an ethics committee in Artificial Intelligence that allows for the review and supervision of projects, so that the principles are fully complied with.
- Training and awareness . It is important that employees of a company that uses Artificial Intelligence are trained in the field and, in particular, in its risks and benefits. A cybersecurity culture should also be fostered so that employees are aware of the potential risks and threats of using Artificial Intelligence.
- Protection against cyberattacks . Companies must carry out continuous vulnerability assessments and penetration tests, for which it is important to develop efficient protection systems.
- Companies must be transparent about the AI models they use to enable appropriate decisions to be made and address any biases that may arise. An example of this would be proactive behaviour when identifying and managing AI-related risks.
- Appropriate regulations regarding Artificial Intelligence must be developed, as indicated in previous articles. To this end, an update of business policies and practices is recommended, since it is a subject in constant change.
The previous specifications have given rise to the so-called corporate security in the context of Artificial Intelligence, which, as we have seen, aims to detect and respond to threats in an efficient manner.
The Supreme Court already analyzed the so-called corporate security more than a decade ago, although not from the perspective of Artificial Intelligence. In this regard, the employer's duty of protection is unconditional and practically unlimited, and must adopt the necessary measures to guarantee the safety and health of workers, even in cases of non-reckless imprudence on their part (TS 26-5-09,1) . Additionally, it is important to highlight that the employer's responsibility in matters of corporate security includes the obligation to adopt the necessary protection measures to prevent workplace accidents , as well as the surveillance and control of the use by workers of the security measures made available to them (TSJ Aragón cont-adm 30-6-99,2).
Likewise, case law has reinforced the search for the real employer, preventing the legal-formal structure of the company from being used to hide its real economic structure (TS 26-2-90, 3) . The employer's responsibility in matters of occupational safety is a fundamental obligation that must be fulfilled unconditionally and with the adoption of all necessary measures to guarantee the protection of workers.
Corporate security in relation to artificial intelligence is an issue of growing importance , as the use of algorithms and artificial intelligence systems in the business environment can affect the fundamental rights of workers, including privacy, personal data protection, equality and non-discrimination, as well as occupational health and safety.
It is crucial that companies promote the use of ethical, trustworthy and fundamental rights-respecting artificial intelligence , following the recommendations of the European Union in this regard. In addition, the right of workers' representatives to be informed about the parameters, rules and instructions on which algorithms or artificial intelligence systems are based that affect decision-making that impacts working conditions and access to employment is recognized. Civil liability regulations in the European Union are also being reviewed to address damages arising from the use of artificial intelligence systems.
For all of the above, it is recommended to collaborate with specialists in the field , that is, with advisors and lawyers who are experts in cybersecurity and Artificial Intelligence, in addition to developing appropriate policies and practices.
Protecting a company in the field of Artificial Intelligence is an ongoing effort that involves a combination of training, technology and appropriate and changing regulations based on threats and risks.