By now, you may have heard the story of the lawyers who filed a legal brief using work product generated by artificial intelligence (AI). The problem for the lawyers, of course, was that the AI software had completely made up the legal precedent cited within the brief—that is, it engaged in “AI hallucination.” When the opposing party’s lawyers could not locate the precedent using traditional legal databases (because it was completely made up), this caused quite a ruckus in the legal community.
That’s the bad news.
The good news is, with reliable input, proper supervision and quality control measures, AI can handle large volumes of data and repetitive tasks across an organization so that employees can focus on creative solutions, complex problem-solving and impactful work. When used properly, it can increase efficiencies, streamline workflows and make life a lot easier.
Not surprisingly, AI raises many legal issues in the workplace—some more obvious than others. This article outlines some potential legal pitfalls particular to the labor and employment context and suggests some ways to avoid them.
First, AI can be a great tool for finding the right candidate to join your team. It can create job descriptions, screen resumes for relevant skills and experience, administer pre-employment assessments such as skills tests and personality tests, and even analyze facial expressions and other nonverbal cues during a video interview to assess a candidate’s suitability for the position.
Because the content produced by generative AI is determined by the underlying training data (which is produced by humans), the output is susceptible to biases and flaws. According to recent guidance from the U.S. Equal Employment Opportunity Commission (EEOC), employers are responsible under Title VII of the Civil Rights Act of 1964 (Title VII) for use of
“algorithmic decision-making tools even if the tools are designed or administered by another entity, such as a software vendor[.]”
For example, even if AI software is used to select the candidate pool, the employer may still be liable for disparate impact discrimination if the result is that persons in protected groups (e.g., race, sex or age) are hired at disproportionately lower rates compared to non-protected groups. Employers should consider instituting regular internal audits of the candidate pools
chosen by AI. If interviewees’ demographics begin to change, it should be investigated.
Next, there is the issue of data privacy, which can be complex.
There are numerous data privacy laws that may be implicated by the use of generative AI in the workplace, including the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), the Uniform Trade Secrets Act and the Defend Trade Secrets Act, New York State’s SHIELD Act, the California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR), as well as biometric laws, among others.
Most privacy laws require notice be given before disclosing data, while others require affirmative consent before collecting, processing or sharing data. They may also confer various rights to candidates or employees, such as the “right-to-delete” or “opt-out” of collection, processing or sharing data. For example, the GDPR gives data subjects the “right not to be subject to a decision based solely on automated processing, including profiling.” In New York City, Local Law 144 makes it unlawful for an employer to use AI for making certain employment decisions unless notice has been provided to “each such employee or candidate who resides in the city.”
Employers should account for these laws in their compliance programs. Consider instituting an AI policy to safeguard personal, confidential, or proprietary data and protect against data leaks. Employers may want to limit employee access to the AI platforms so that protections over this data are not lost, the data is not inadvertently shared with unauthorized parties, and the integrity of employee work product is maintained.
To summarize, AI can be a useful tool in the workplace, and the technology is certainly exciting to witness. But its use can leave your business exposed to myriad legal issues, including employment, privacy, intellectual property, and others.
Richard J. Marinaccio is a partner at Phillips Lytle LLP and a leader of the firm’s Technology Industry Team and member of the Technology and Internet Law Practice Team. He can be reached at email@example.com or (716) 504-5760.
Anna Mercado Clark, CIPP/E, CIPP/US, CIPM, FIP, is a partner at Phillips Lytle LLP and leader of the firm’s Data Privacy and Cybersecurity Industry Team. She can be reached at firstname.lastname@example.org or (716) 847-8400 ext. 6466.
James R. O’Connor is an attorney at Phillips Lytle LLP and a member of the firm’s Labor and Employment Law and Business Litigation Practice Teams. He can be reached at jo’email@example.com or (716) 504-5723.