Not all AI is created or designed equally. And as AI is quite a broad term, the in-scope systems that this policy relates to can (currently)be defined as:

• Systems where the data fed in by users can be used to train the system, perhaps becoming part of a learning set.
• Systems where the data fed in by users might be regurgitated in whole or part to other users of the system who might or might not be SSAFA users.
• Systems where SSAFA content needs to be uploaded for analysis and pushed through one or more AI models.
• Systems where SSAFA content is analysed either remotely through integration (API) or via a URL, like a Tweet or YouTube hosted video.

When it comes to AI systems with one or more AI models, it is SSAFA policy that:

1. We seek to understand and document in proportionate detail the data protection and privacy implications of the AI system:
   • The legal and regulatory requirements of the jurisdiction or jurisdictions in which the AI system, operates.
   • The AI provider's role in relation to relevant data under the applicable regime - controller or processor.
   • The type of data that might be involved in the AI system - whether the data is personal or anonymised (and there is low risk of re-identification).
   • The extent to which the AI system will accumulate and aggregate data - the system may be incentivised to increase the volume of data it processes, with the risk of violating privacy in the process.
2. A mandatory DPIA and PIA will take place before purchasing or subscribing to any AI system.
3. Those wishing to procure spend considerable time to document valid and non-valid use cases and scenarios of the system, thereby providing users with clear examples of how to use or interact with said system as well as what must be avoided, all before the system is made available.
4. Where personal data may be used in conjunction with the AI system, relevant privacy polices and consent documents will be reviewed and updated, ensuring a transparent and fair process.
5. All reasonable steps to protect confidential data and minimise the use of personal data, or the extent to which personal data can be attributed to particular persons.
6. Strategy is carefully defined and evaluated: Data flows visualised and sample questions users might ask are highlighted in order to surface the level of integration/connection to:
   • existing AI models
   • data that might sit outside the confines of the procured system

• Risk can be reduced if controls are available. For example, Chat GPT learns from interactions with users. A document uploaded by one person for summarising might be displayed to another user days, weeks or months later who is doing research on the same subject and is wishing a detailed response. A control method in this case might be the ability to administer your own cohort of users and specify that uploads and aspects of conversations cannot be reused, thus reducing the risk.
• Risk can be mitigated if the system or the manner in which it is implemented permits the creation of rules on data access, generation, retention, and destruction.
• Risk can be reduced by privacy policy. Perhaps few or no controls exist for a cohort of users but the system's privacy policy explains in detail that the AI model is not consumption based.
• Risk is reduced when the AI model's servers and technology stack is UK or EU based and compliant with GDPR.
• Risk is considered as "managed" if the AI processing occurs within the Microsoft 365 and/or Microsoft Azure cloud. Processing ring-fenced to the EU or UK is preferred.

• If a system is found to be non-compliant, it may be taken offline or access prohibited "in writing" with little to no notice.
• If a system is purchased, subscribed to or otherwise made live without proper process and due diligence being followed, access to the system may be revoked and relevant HR or disciplinary process started.