Exploring AI Policies for State and City Governments in Colorado and Illinois

In a previous blog, we explored the policies that are in place for state government usage of AI, highlighting guidelines from Pennsylvania and New Jersey. AI usage guidelines, or an AI policy, is a set of rules used to ensure the responsible and ethical use of AI within an organization. Basically, it outlines what the guidelines are for using AI, which typically applies to all members, including leadership and staff.

As the use of AI continues to grow, having usage guidelines becomes an essential part of the workplace. However, only about 60% of organizations have these guidelines in place to govern the responsible use of this advanced technology. Within state governments, where AI could potentially be used around large amounts of citizen data and information, an AI policy should become foundational. 

Let’s take a look at a few steps to creating an AI policy and explore those in place within Colorado and Illinois. 

How to Make an AI Policy

Creating AI usage guidelines for an organization requires careful planning and consideration, especially when it comes to the risks associated with irresponsible or ungoverned use of AI. Here are a few steps that go into developing a strong AI policy:

1. Collaborate With Key Players

Planning and engaging with others to discuss the possible benefits and risks of implementing AI is an important part of creating a policy. These could include legal teams, IT professionals, and even other AI experts outside of the company. This helps build a set of guidelines that address the specific needs of the organization so that they are clear but thorough.

2. Remain Aware of Compliance Changes

Always make sure that those involved in the development of AI usage guidelines are up-to-date on any AI-related regulations, whether it be on the federal or state level. It can be beneficial to include these in an AI policy to ensure that all members of a team or across different organizations are aware and do not unintentionally violate compliance mandates.

3. Outline Key Principles of Responsible AI

Consider organizational values that guide the work being done and services provided. Some of these might include transparency, security, privacy, inclusion, and more that define the way members of an organization will utilize AI technologies. These should be listed within the guidelines and adhered to by everyone involved.

Colorado’s AI Policy

The state of Colorado has a statewide GenAI policy in place which governs the development and deployment of generative AI systems in state agencies. This policy is in addition to its already existing rules for technology, which we will highlight as a part of the AI policy. 

• Required Risk Assessment: State agencies must submit all consolidated efforts involving the development or deployment of GenAI systems, or technologies with related GenAI components, for an intake and risk assessment by the Governor’s Office of Information Technology (OIT). This allows additional evaluation of potential risks associated with a GenAI project and potential further mitigation efforts put into place. Sizable AI projects and implementations should always have multiple expert analyses before they are put into place.

• Data Protection: This emphasizes the importance of never using personally identifiable information within public networks or AI tools. The policy also requires yearly cybersecurity training, which is great to keep these users up-to-date on the latest trends and information to be aware of. State agencies are handling large amounts of personal data, for both themselves and the public that relies on their services. It is always essential to highlight data protection in any AI policy as a responsible factor that will keep public trust in existence. 

• Prohibited Uses & Disciplinary Action: The policy lists several prohibited uses of AI and other technology, including the commercial use or personal financial gain through state data or IT resources, and technological resources belonging to the state being used in a way that compromises their confidentiality, integrity, or availability. It is beneficial to keep a strict usage of AI tools, especially within government. Failure to comply with this policy can result in loss of access to AI or IT resources, termination of employment, or even a referral to law enforcement depending on the severity of the situation. 

Chicago, Illinois’ AI Policy

While the state of Illinois does not currently have a statewide AI policy, the city of Chicago lists several guidelines for their organizations. This policy guides the city’s values when it comes to purchasing, configuring, developing, operating, or maintaining AI systems.

• Inclusive & Equitable: Bias has proven to be a potential risk when it comes to implementing AI systems. This policy emphasizes the point of mitigating this risk and putting their strongest efforts into preventing harm to any populations. All stakeholders will be provided the opportunity to thrive and be involved in all of the services available that incorporate AI. User empowerment is key to AI adoption, achieved through education, training, and collaborations that foster participation and opportunity. This is a great part of any AI policy, as it addresses the risk of bias and the priority to ensure it is prevented as much as possible.

• Accountability: This policy lists accountability as a guideline when it comes to AI usage, highlighting the fact that human oversight and intervention are essential for the deployment and maintenance of AI systems. It ensures adherence to relevant laws and regulations through clearly defined roles and responsibilities. This is key when it comes to using AI responsibly in any organization, as remaining accountable will result in less organizational and legal issues down the road.

• Data Privacy: Similarly to Colorado’s policy, Chicago lists the preservation of privacy as a key factor in the use of AI. Personally identifiable information will not be used in any public AI tools that might put it at risk for unauthorized access and disclosure. State government agencies must always be aware of any potential risk or threat to public data, and with the use of AI, this is more crucial than ever. This is a very essential part of AI usage guidelines.

A clear set of AI usage guidelines is an important part of any AI implementation, no matter how big or small. AI is a powerful tool, and its usage should be governed in a way that emphasizes responsibility and safety. Want to learn more? Contact one of our experts and we will be happy to assist you.

“The companies that do the best job on managing a user’s privacy will be the companies that ultimately are the most successful.”

– Fred Wilson, Businessman & Venture Capitalist

Sources:

https://www.itgovernance.co.uk/blog/creating-an-ai-policy-a-guide-for-smes

https://drive.google.com/file/d/1qDAQM0Bf5cmLgvJ5vLNS3g1AsChOdkmt/view

https://servicehub.colorado.gov/ts?id=tech_standard&sysparm_article=KB0012606

https://www.chicago.gov/city/en/sites/chitech/home/roadmap-for-AI/ai-principles.html