Embracing Digital Transformation: Building a GenAI Policy
Episode Release Date: August 12, 2025
Host: Dr. Darren Pulsipher, Chief Solution Architect for Public Sector at Intel
Guest: Jeremy Harris, Data Privacy and Gen AI Lawyer
Introduction
In this insightful episode of Embracing Digital Transformation, Dr. Darren Pulsipher delves into the intricacies of establishing a Generative AI (GenAI) policy within organizations. Joined by returning guest Jeremy Harris, an expert in data privacy and generative AI law, the discussion navigates the challenges and strategies essential for integrating GenAI responsibly, particularly within the highly regulated healthcare sector.
The Necessity of a Separate GenAI Policy
Darren Pulsipher kicks off the conversation by addressing a fundamental question: "Do organizations need a separate GenAI policy, or can they rely solely on existing data policies?"
Jeremy Harris firmly asserts the necessity of a distinct GenAI policy:
“I think the prevailing idea right now is you actually do need a separate Gen AI policy... It’s complementing what you already have.”
[01:51]
He elaborates that while data policies provide a foundation, GenAI introduces unique dynamics in data handling that existing policies may not fully address.
Unique Challenges of GenAI in Data Management
Harris highlights how GenAI processes data differently, leading to rapid data loss and diminished control:
“...once you start with the generative AI, you lose control of data faster than ever before.”
[02:28]
Using a healthcare example, he explains the risks of unauthorized data sharing through platforms like ChatGPT, where sensitive information can inadvertently be exposed.
Monitoring and Understanding GenAI Usage
A critical step in policy development is understanding how GenAI is currently being utilized within an organization. Harris shares strategies for large organizations:
“We have to try our best to figure out what systems are people using, what servers, or what services are being used.”
[13:18]
He discusses methods like real-time monitoring of network activity to identify GenAI usage, emphasizing the difficulty but importance of tracking usage across thousands of employees.
Strategic Approach to Policy Development
Darren underscores the importance of a strategic approach:
“Establishing this policy does not need to be restrictive of the usage AI, it’s more of we’re monitoring it, we’re watching it...”
[21:43]
Harris agrees, advocating for a balanced strategy that allows innovation while implementing necessary guardrails:
“We have to have some guardrails that really haven't changed.”
[22:00]
He emphasizes the need for continuous monitoring and iterative policy development to keep pace with the rapidly evolving GenAI landscape.
Risk Management in GenAI Implementation
The conversation delves into various risks associated with GenAI, particularly in healthcare:
- Data Compliance and Privacy: Risks of data leakage, re-identification, and compliance with regulations like GDPR and CCPA.
- Operational Risks: Challenges in maintaining data integrity and preventing unauthorized access.
- Legal and Reputational Risks: Potential liabilities arising from AI-generated errors and the importance of demonstrating responsible AI usage to regulators.
Harris introduces the concept of "AI blind spots," referring to inherent biases in GenAI models that are often opaque:
“AI has an inherent bias and no one can identify what that looks like on the back end...”
[32:59]
Augmented Intelligence vs. Artificial Intelligence
A significant portion of the discussion contrasts "augmented intelligence" with "artificial intelligence." Harris advocates for AI as a tool to enhance human capabilities rather than replace them:
“We want augmented. We want to be able to be better.”
[36:15]
Darren echoes this sentiment, envisioning a future where GenAI assists professionals without taking over decision-making processes.
Governance and Continuous Improvement
Effective GenAI policy requires robust governance structures that facilitate swift decision-making and policy iteration:
“Legal compliance, they, they all need to be lockstep in the AI world...”
[37:32]
Harris stresses the importance of cross-functional collaboration among legal, IT, and strategy teams to evaluate and approve GenAI use cases promptly.
Conclusion and Future Outlook
As the episode concludes, both Darren and Jeremy emphasize the dynamic nature of GenAI policies. They advocate for policies that are adaptable, transparent, and focused on responsible innovation. The conversation wraps up with practical advice for organizations seeking to implement GenAI responsibly, highlighting the importance of monitoring, education, and strategic governance.
Notable Final Thoughts:
“That’s exactly what the policy side of the strategy side should do for you... how are we using this to augment what we do in a responsible way to mitigate some of these risks?”
[37:32]
Key Takeaways
- Separate GenAI Policies: Organizations, especially in regulated sectors like healthcare, need dedicated GenAI policies alongside existing data policies.
- Monitor Usage: Implement real-time monitoring to understand how GenAI tools are being used across the organization.
- Balanced Strategy: Develop policies that allow for innovation while establishing necessary safeguards to manage risks.
- Risk Management: Address data privacy, operational, legal, and reputational risks specific to GenAI.
- Augmented Intelligence: Focus on using AI to enhance human decision-making rather than replacing it.
- Robust Governance: Establish cross-functional teams to oversee GenAI implementation and policy adherence.
- Continuous Adaptation: GenAI policies should be flexible and regularly updated to keep pace with technological advancements and emerging threats.
Contact Information
For further discussions or consultations on building GenAI policies, reach out to Jeremy Harris:
- Email: JeremyJ.Harris@privlaw.com
- LinkedIn: Jay Harris Privlaw
Thank you for listening to Embracing Digital Transformation. Stay tuned for more episodes that navigate the complexities of the digital revolution.