Use of artificial intelligence (AI) in the workplace is developing rapidly. The number of AI products available is increasing significantly, bringing both opportunity and risk to law firms. In their Guide to Generative AI (opens a new window), the Law Society of Scotland has recognised this, and included a wealth of advice, such as the need for good governance when using AI.
We believe that it is important to implement a robust internal AI policy to mitigate the risks of AI misuse. Such a policy should clearly set out:
how AI can be used within your firm
the risks associated with using AI at work, and
the expectations of your staff when using AI.
With this in mind, we have prepared a template AI Usage Policy, which can be downloaded for completion and use within your organisation.
Why do you need an AI Usage Policy?
Use of AI carries various regulatory and legal risks. These include the risk of accidently releasing confidential information belonging to your firm or your clients. The outcomes can also have wider financial and reputational repercussions.
It is therefore important to govern and mitigate such risks effectively, and for staff to be aware of how to use AI safely.
Who should complete your policy?
As with all your other firm policies, you should consider appointing a specific individual or team to be responsible for reviewing and updating your AI usage policy. These nominated persons should have a good understanding of the AI tools that can be used within the organisation, and the risks associated with them.
Depending on the size of your firm, different departments may need to be involved in the completion of the policy contents (for example, the IT, Security, Legal and Compliance departments). However, we would suggest having one point of contact with ultimate responsibility for overseeing the policy and responding to queries from staff.
How often should you review your policy?
We would suggest reviewing your AI Usage Policy on a regular basis, including at times where there are significant changes to the use of AI within your organisation. This could include changes to the types of AI used within your organisation or systems, how the tool is integrated in your company systems changes, and/or how people use AI within the firm.
Download our AI Usage Policy template
Our template is for information purposes only. It is intended as a starting point for firms to adapt as they wish and should be tailored so that it’s specific to your organisation and to align with your organisations’ other policies and procedures.
It has been prepared with a view to being used by any professional services organisation. Some of the terms used should therefore be amended to those used in legal practice. For example, you may wish to amend ‘customer’ to ‘client’.
It is recommended that the finalised policy is communicated to all staff within the firm and incorporated into all of the firm’s training sessions on AI. The policy and any associated training should also be incorporated as part of the onboarding process for new starters.
Download the template here (opens a new window).
For further tips on managing the use of AI within your firm, see AI: Embrace the change and manage the risk (opens a new window).
For detailed consideration of AI usage in legal practice, and more information to use to build on our template, see the Law Society of Scotland’s Guide to Generative AI (opens a new window).
For more information on our AI template policy or for a discussion about law firm risk management, reach out to a member of the Master Policy team at masterpolicyteam@uk.lockton.com, or call 0131 345 5599.