Risks of Artificial Intelligence
What is AI Transcription Software
An AI transcription tool or assistant is software powered by artificial intelligence designed to convert spoken language into text. These tools use advanced speech recognition technology to provide accurate, real-time transcriptions of audio or video content.
The Risks of Using Third-Party AI Transcription Tools
AI transcription tools can enhance efficiency but pose significant risks to state government. By processing sensitive data on external servers, these tools expose agencies to security, privacy, and compliance vulnerabilities. State regulations like HIPAA, GDPR, and public records laws (e.g., FOIA) could be compromised if tools don’t meet strict standards. Additionally, data breaches or unauthorized access can have legal and reputational consequences
Examples of Third-Party Tools with Potential Risks:
Otter.ai and Trint: Known for cloud-based storage, which could be vulnerable to unauthorized access.
Rev.ai: Shares concerns over data retention policies.
Sonix and Descript: May integrate with other platforms, increasing data exposure risks.
Read.ai: While offering encryption and compliance features, Read.ai transcriptions can become FOIA-able records, risking exposure of sensitive data. Additionally, AI errors and the inability to capture vocal nuances may misrepresent tone or intent, leading to potential legal or reputational issues
Current Rules for AI Use: Meeting Transcription Only
At this time, the only formal guidelines we have established regarding AI usage are related to meeting transcription. No other policies have been implemented yet. We understand AI is evolving rapidly, and our current focus is on ensuring meeting transcription tools are used responsibly. We are continually evaluating AI usage and may develop additional guidelines in the future. Stay tuned for updates.
Privacy Concerns
Data Exposure: AI transcription tools often store data on external servers, raising the risk of unauthorized access or exposure of sensitive information
Data Ownership: Users may unknowingly relinquish control over the data processed by third-party tools, violating privacy rights or organizational policies
FOIA Implications: Transcribed meeting records could become public records, subject to Freedom of Information Act (FOIA) requests, potentially exposing confidential conversations
Security Risks
Data Breaches: The storage and processing of sensitive information on third-party platforms increase the risk of data breaches, especially if security protocols are compromised
Inadequate Encryption: Even with encryption, vulnerabilities in AI tools or providers can expose meeting data to hackers or unauthorized parties
Unintentional Sharing: Misconfigured permissions or lack of user awareness could lead to unauthorized access to meeting transcriptions
Interpretation Concerns
Loss of Context: AI tools cannot capture vocal tone or intent, leading to potential misinterpretations of what was said during meetings
Errors in Transcription: AI systems are prone to inaccuracies, which may result in incorrect or misleading records of important conversations
Legal Implications: Misrepresentation of context or tone due to AI errors could lead to misunderstandings, legal disputes, or reputational damage
Best Practices
Use Approved Tools: Only use AI assistants and other digital tools that have been approved by the WVOT. These tools have been vetted for compliance with privacy and security standards.
User Awareness Training: Educate staff on the risks and compliance requirements associated with AI transcription tools to avoid unauthorized or improper use
Opt Out for Attendees: Before using any third-party tools, all attendees should unanimously agree to the use of any third-party assistants. If you attend an external meeting and see a bot is being used, convey your concerns to the host.
Agency-Specific Policies: Different state agencies may have varying information security policies, with some enforcing stricter standards than others. To ensure compliance, review your agency's information security policy to determine which tools and practices are allowed or prohibited.