1. Purpose of The Policy

1.1. The purpose of this policy is to establish guidelines and best practices for the responsible and secure use of artificial intelligence (AI) and generative artificial intelligence within TBT Marketing. Generative AI refers to technology that can generate human-like text, images, video, code, or other content using AI algorithms via Large Language Models (LLMs), both proprietary and open source.

1.2. This policy clearly describes the roles and responsibilities of individuals or teams entrusted with AI use, governance and accountability within TBT Marketing, as well as the compliance of systems and licenses to deliver on the intended objectives with the use of generative AI. 

2. Scope of The Policy

2.1. This policy applies to all employees, contractors, and third-party individuals who have access to generative AI technologies or are involved in using generative AI tools or platforms on behalf of TBT Marketing. All employees, contractors, and third-party individuals are expected to comply with this policy.

2.2. The following (section 3 onwards) is not exhaustive and is intended to be an iterative document subject to updates and revisions. This policy will be reviewed periodically and updated as necessary to address emerging risks, technological advancements, and regulatory changes in the AI space.

3. Acceptable Use Policy

3.1. Authorised use: Generative AI tools and platforms may only be used for business purposes approved by TBT Marketing’s HR & Operations department. Such purposes may include content generation for marketing, product development, research, data analysis, code generation, or other legitimate activities.

3.2. Compliance with Laws and Regulations: All users of generative AI tools must comply with applicable laws, regulations, and ethical guidelines governing intellectual property, privacy, data protection, and other relevant areas.

3.3. Intellectual Property Rights: Users must respect and protect intellectual property rights, both internally and externally. Unauthorised use of copyrighted material or creation of content that infringes on the intellectual property of others is strictly prohibited.

3.4. Responsible AI Usage: Users are responsible for ensuring that the generated content produced using generative AI aligns with TBT Marketing’s and its clients’ values, ethics, and quality standards. Generated content must not be used if it is potentially misleading, misrepresentative, harmful, offensive, or discriminatory in nature.

3.5. Quality Assurance: TBT Marketing will implement robust quality assurance processes to review and refine content generated by generative AI tools. This ensures that the final output aligns with TBT Marketing’s standards for creativity, messaging, and brand representation for its clients.

4. Access and Security

4.1. Authorised Access: Access to generative AI tools, platforms, or related systems should be restricted to authorised personnel only. Users must not share their access credentials or allow unauthorised individuals to use the generative AI tools on their behalf.

4.2. Secure Configuration: Generative AI tools and platforms must be configured securely, following industry best practices and vendor recommendations. This includes ensuring the latest updates, patches, and security fixes are applied in a timely manner.

4.3. User Authentication: Strong authentication mechanisms, such as multi-factor authentication (MFA), should be implemented (where possible) for accessing generative AI tools and platforms. Passwords used for access should be unique, complex, and changed regularly.

4.4. Data Protection: Users must handle any personal, sensitive, or confidential data generated or used by generative AI tools in accordance with TBT Marketing’s data protection policies and applicable laws. Encryption and secure transmission should be employed whenever necessary. Inputting sensitive, or confidential (NDA) client data into an online AI prompt is strictly prohibited. As a minimum requirement we ensure tools used for any client work do not allow for data to be fed back into their training models (ie) we use ChatGPT Teams (GPT-4) over the free version for this reason.

5. Mitigation, Monitoring and Incident Response

5.1. Logging and Auditing: Appropriate logging and auditing mechanisms should be implemented to capture activities related to generative AI usage. These logs will be regularly reviewed to detect and respond to any suspicious or unauthorised activities.

5.2. Incident Reporting: Any suspected or confirmed incidents related to potential generative AI misuse should be reported promptly to the HR and Operations department at TBT Marketing.

5.3. Vulnerability Management: Regular vulnerability assessments and security testing are conducted on generative AI tools and platforms intended to be used to identify and address any security weaknesses or vulnerabilities before implementation across the business.

6. Training and Awareness

6.1. Education and Training: Employees and relevant personnel should receive training on the responsible and secure use of generative AI. This training should cover topics such as ethical considerations, potential risks, security best practices, and compliance requirements.

6.2. Awareness Campaigns: Regular awareness campaigns and communications are conducted within TBT Marketing to reinforce the importance of cybersecurity, responsible AI usage, and adherence to this policy. An internal AI working group is set up for this reason.

6.3. Review of Requirements: AI tools, changing requirements and practices, will be subject to regular review to ensure continued compliance with this policy.

7. Non-compliance

7.1. Non-compliance with this policy may result in disciplinary action or removal of suppliers from TBT Marketing’s authorised list of partners.