Canada: CCCS releases guidance on generative AI
The Canadian Centre for Cyber Security (CCCS) released, on July 14, 2023, guidance on the use of generative artificial intelligence (AI). The CCCS detailed risks associated with the use of generative AI including data privacy concerns, biased content, as well as misinformation, and disinformation. To this end, the CCCS highlighted the following security measures to help generate quality and trusted content while mitigating privacy concerns:
- establishing generative AI usage policies;
- selecting training datasets carefully;
- choosing tools from security-focused vendors; and
- being careful what information is provided.
Specifically on policies, the CCCS provided that the same should include the types of content that can be generated and how to use the technology to avoid compromises to sensitive data. In addition, according to the CCCS, policies should include the oversight and review processes required to ensure the technology is used appropriately, implemented quickly, and communicated to staff.
Furthermore, in regard to data sets, the CCCS suggested implementing a robust process for validating and verifying the datasets, whether they're externally acquired or developed internally, and using diverse and representative data to avoid inaccurate and biased content. Moreover, the CCCS continued, organizations should establish a process for outputs to be reviewed by a diverse team from across the organization to look for inherent biases within the system, and continuously fine-tune or retrain the AI system with appropriate external feedback to improve the quality of outputs.
You can read the guidance here.