KPA webinar provides AI implementation and SOP guidance
A recent KPA webinar provides some broad-stroke tips for AI implementation and use in the repair shop industry, from regulatory considerations to examples of standards of practice (SOPs).
Cameron Shilling, McLane Middleton litigation department director and cybersecurity/privacy chair, shared that the first step is for businesses to figure out how AI may already be impacting their operations, perhaps embedded in applications that are already in use. Those could include dealership management systems, customer relationship management applications, human resources applications, or IT help desks.
“Then there are a number of other applications that some or many or all of you may use for things like the front end of your service department or the backside of your service department with respect to vehicle analytics or repair analytics, or maintenance analytics,” Shilling said.
Adam Crowell, KPA’s legal and compliance vice president, added it’s important to involve the whole team in AI implementation plans so that everyone understands the process, since there are legal obligations. He said those include selecting providers that are capable of maintaining the appropriate data integrity safeguards as required by the Federal Trade Commission’s Safeguards Rule.
“AI and some of these tools are inevitably going to be used across the organization,” Crowell said. “There should be a set strategy [for] the entire team — the general managers, variable ops, fixed ops, marketing, accounting, and information technology teams,” he said. “Everyone’s got to be involved in this process and be on board with what that process is.
“This isn’t too dissimilar from some other programs that you might have when it comes to things like regulatory compliance. It really is a team effort, and it happens from the top down… You need to have buy-in from everyone, especially from the top management.”
Next, decide where AI use is right for your business, and then license it so that the input and output data, as well as the prompts, are owned and controlled by the business, Shilling said.
After that, recruit prototypers and testers using non-real data in a controlled testing environment to test the AI, he said.
“A lot of these applications will give you the ability to disable AI for employees, even though it may come with your subscription,” Shilling said. “If you can do that, you should do that until you go through this process of testing and prototyping and guaranteeing reliability… You may have to instruct people that they’re not allowed to use it until it’s tested and vetted.”
Shilling also noted that more AI regulations are in the works, so businesses that build a system with AI integrated into it should anticipate them and build them in from the start.
Another important step is to develop an AI use policy that describes the process — AI governance, ownership control testing, prototyping, plus “the rules of the road,” according to Shilling.
“It needs to talk about the fact that employees are only allowed to use the AI that we give them,” he said. “It needs to talk about what they’re allowed to use AI for, which employees can use AI and which cannot, what restricted uses of AI are, and what prohibited uses of AI are.”
He added that AI use provisions should also include consumer consent, as consumer transparency is a key component of AI regulation, and vendor agreements to protect consumer and business data.
Shilling said legally-prohibited AI uses include:
-
- Manipulative attempts to influence behavior or decision-making
- Categorization/discrimination via biometrics, characteristics, or activities (social, community, family, etc.)
- Identification of physical or mental health issues
The KPA webinar, which provides AI-related insurance claim information and coverage examples from AssuredPartners, is available here.
Images
Featured image credit: tadamichi/iStock