The video technology hub | Pexip

3 steps to AI compliance

Written by Ian Mortimer, CTO at Pexip | May 15, 2024 7:56:40 AM

Data is the fuel that feeds AI to complete wondrous tasks, helping us all work smarter and more efficiently. But this data comes from someplace and must be stored somewhere, and therein lies the tricky issue. How do you tap into all this AI potential while remaining compliant with data privacy and protection requirements and regulation? 

 

 

AI privacy concerns in video conferencing 

 

In the video conferencing world, we use AI to enhance the overall user experience in a meeting. This could include a sentiment analysis to help the host interpret the mood or level of understanding among participants. It could be used for live speech to speech translation, erasing the language barrier from the meeting. It could transcribe the meeting, produce summaries, and even give you input on follow-up tasks.  

 

AI is essentially the ideal, know-all assistant you’ve always needed…but an assistant that generates (and requires) a whole lot of data. In taking advantage of all that AI has to offer, we see three key things you should consider as you introduce new and useful AI tools to your organization.   

 

Learn more: Why is private and secure AI so important for video conferencing?

 

 

Step 1: Address AI privacy concerns through data governance and risk management 

 

Data governance is all about the management of the data used in an organization – from its availability to how it’s used to how it’s secured. In the age of AI, it’s important that any organization establishes strict data governance practices that prioritize privacy and compliance. This may include identifying and classifying all data used by AI systems, knowing where it resides, who has access, and how it’s used.  

 

It’s also important to have a clear understanding of all the risks involved with the increased use of AI in your organization and take steps to manage those risks.  

 

TIP! Consider using the NIST AI Risk Management Framework as a tool for you to manage risks related to Generative AI. This framework helps organizations both identify risks as well as suggests risk management actions. In addition, the ISO/IEC 42001 standard (2023) offers specific requirements for managing artificial intelligence systems in organizations today.  
 

Step 2: Know and understand the AI regulations to which you are subject

 

Today, AI compliance is critical in terms of avoiding any legal or regulatory repercussions and maintaining trust with your stakeholders. This requires knowledge of the regulations to which you are subject and how they impact your organization. It can be wise to conduct regular impact assessments to identify and mitigate any compliance risks when introducing AI powered tools in your organization.  

 

TIP! For organizations in (or doing business in) the EU, start with the EU AI Act, which is the world’s first comprehensive AI law. For those of you doing business in or with the US, take a look at the blueprint for an AI Bill of Rights, currently in progress.  
 

Step 3: Conduct due diligence for all your vendors delivering AI solutions  

 

Everyone is promising to harness the power of AI these days, but it’s important that you look beyond magic to view the risks and mitigation measures too. For anyone delivering you a video conferencing system replete with AI enhancements, it’s essential to evaluate that vendor’s data handling practices, level of control it gives you, and compliance capabilities – so that you can be confident it meets both your internal expectations as well as external regulatory requirements.  

 

 

 

The Pexip approach to AI privacy and risk management  

 

At Pexip, we are working with some of the world’s most highly regulated organizations, the types of companies and agencies that expect unparalleled security and operate at impact levels at which risk must be very carefully managed. This has given us experience in understanding their expectations when it comes to protecting AI data, ensuring that it always remains private and under the control of the organization. That means that as a vendor, we do not see, read, train, or share any of our customers’ AI models. It’s yours and yours alone. 

 

Learn more about how Pexip is securely enabling AI-powered video conferencing.