If you run a business in Maryland, here’s a question worth contemplating: Do you know which AI tools your employees used this week?
If you don’t know the answer, you’re not alone. But this uncertainty is a huge risk for your business. Saltzman Law can help manage that risk for you.
Consider the following: your confidential business information may be training someone else’s AI model. Most free AI tools have terms of service that grant the vendor broad rights to use your inputs to improve their models. When your employee pastes a client proposal or a sensitive business communication into one of these tools, that information may leave your control permanently, becoming part of a training dataset that can reappear to other users. Needless to say, your clients would not be happy to learn about this.
Your company may also be liable in more than one way if your employee used AI behind your back, ultimately causing an issue for your client. Imagine your employee used an AI tool to draft a client deliverable, the tool got something wrong, and the client suffered a real loss. Now imagine explaining that an unauthorized AI tool was part of your workflow and you didn’t know about it. Your business could be liable for anything from copyright infringement to breach of contract.
The instinct some business owners have when they hear about these risks is to prohibit AI tools entirely. That reaction is understandable but could be counterproductive.
The truth is that your employees are going to use AI. A blanket prohibition isn’t going to make the risk go away. You simply need to manage that risk. Your business needs to set the proper guardrails to reflect your legal obligations and business interests.
Technology businesses operating in Maryland should have an AI acceptable use policy and realistic agreements that address AI issues.
AI acceptable use policies are internal policies that describe for your business which AI tools are approved for which purposes, what information can or cannot be entered into those tools, set human oversight requirements, and help to ensure compliance with the law.
If your business uses AI as part of its business model, your agreements likely needs to disclose to your partners and clients how their data will be used. You should also evaluate whether you need to update your data protection plan, to address further risks of AI tools.
Jonathan Saltzman holds Artificial Intelligence Governance Professional (IAGP) and Certified Information Privacy Professional (CIPP/US) credentials with the International Association of Privacy Professionals (IAPP), which are unique credentials for attorneys in small law firms. If you run a business in Maryland and would like to consider implementing AI policies for your business, contact Saltzman Law for more information.
