Update the existing privacy policy as needed to cover the use of AI within the selection process. The updated policy should specify what data are collected, the methods of data collection, storage, analysis, protection, and the protocols for eventual deletion when appropriate. Ensure that only the data essential for fulfilling selection goals are collected, limiting the potential risk of data exposure.
From principle to practice:
- Formulate a detailed AI privacy policy. Create and display an AI-based data privacy policy on the institution website. This policy should comprehensively cover how data used in the selection process is collected, stored, analyzed, protected, and appropriately deleted. Ensure that it complies with all relevant privacy regulations and meets the unique needs of the selection process.
- Provide contact information for inquiries. Ensure that contact information is easy to find on the website so applicants can ask questions or raise concerns about how their data is being handled. Include provisions for the "right to be forgotten," allowing individuals to request the removal of their data from the organization’s systems and models.
- Limit data risk. Collect only the data that is necessary to achieve the goals of the selection process. Adhere strictly to the principle of data minimization, restricting the collection of personal data to what is essential for the evaluation process.
- Ensure secure use of AI tools. Ensure applicant data is only used in settings with enterprise-grade security (e.g., Anthropic; ChatGPT Enterprise; Llama 3). Avoid sharing data while using personal versions of web-based AI tools. Consult with technology and legal experts to ensure that third-party vendors are contractually required to protect all data in accordance with institutional policies.