Governance, Guardrails, and Getting AI Right (with Shoshana Rosenberg)

Show Notes

If ever there was a time to take AI governance seriously, it is now. Luckily, our guest today has written a great book about it. This week on the Serious Privacy podcast, Paul Breitbarth, Ralph O'Brien and Dr. K Royal speak with Shoshana Rosenberg. She is Managing Director of Logical AI Governance, General Counsel at SafePorter and of course one of the founders of the Women in AI Governance network. 

Shoshana’s book, Practical AI Governance - Building a Program for Oversight and Strategy, is published by KoganPage and available now via your local bookstore or your preferred online store.

 

If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us!

From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Transcript

SPEAKER_01 0:04

You're listening to the award-winning Serious Privacy Podcast sponsored by Trust Arc. Please welcome your hosts, Paul Breitbart, Ralph O'Brien, and Dr. Kay Royal.

SPEAKER_04 0:17

If your colleagues are anything like mine, everybody has started to experiment with using a multitude of AI tools in recent years and has probably built their first agents in the past couple of weeks. And if ever there was a time to take AI governance seriously, it is now. Luckily, our guest today has written a great book about it. Shoshanna Rosenberg is managing director of logical AI Governance, general counsel at Sage Porter, and of course one of the founders of the Women in AI Governance Network. And she does a ton of other things. She studied at multiple prominent law schools, both in the US and in Europe. And if that wasn't enough, she is also a former member of the JEC Corps of the US Navy. So now she has written Practical AI Governance, Building a Program for Oversight and Strategy, which is published by Kogan Page and available to order now at your preferred local or online bookstore. My name is Paul Breitbart.

SPEAKER_05 1:12

My name is Ralph O'Brien, and I get to say this week, welcome to Serious Privacy.

SPEAKER_04 1:17

Yes, Kay has a novel bookie, so she may join us a bit later. She may not join at all. She she hopes to make it. But Shoshanna, welcome to the show. We've been trying to get you for ages, but you've been so busy.

SPEAKER_03 1:29

Thank you so much for having me, gentlemen. It's so good to see you both again.

SPEAKER_05 1:33

It's always good. Always good to see you, Shosana. We normally start with unexpected questions, so over to you, Paul, because Kay's not here.

SPEAKER_04 1:42

Yeah. So if you could be immortal, what age would you choose to stop aging at and why?

SPEAKER_03 1:49

My first reaction is that you have succeeded at your task of a very unexpected question. My second reaction is I cherish what I learn and the vantage point that I get. So I would have to say now, I couldn't give up a moment of any of the things that I carry with me because I've gotten to this age. But this would be a great time to freeze the clock. I will, I'll go with that.

SPEAKER_05 2:17

Ralph? Wow, the perfect age. I like that. They say that age brings you confidence and wisdom, but to me it just brought more to shave. They say that if you don't drink and you don't smoke and you live cleanly, you can live an extra 10, 15 years, but sadly it's at the wrong end, right? So to me, I'll always be 21 again, I think. Very nice.

SPEAKER_04 2:38

Well, I've been practicing with being 39 for a couple of years now, and I think I'll continue doing that.

SPEAKER_03 2:45

They say that the value of each day, ironically, Ralph, to your point, right? It's at the wrong end, but it's at the end where you cherish it the most.

SPEAKER_05 2:53

That's true. That is very true. Shoshana is never afraid to challenge me, and that's one of the things that I love about Shosana. Every time we speak, I feel like I learned something new. Yeah, you told me a wonderful phrase. Steel sharpen steel. And we've had some great debates over the years. I always value the fact that we've had those intellectual discourses, let's put it that way.

SPEAKER_03 3:15

I never mean to challenge you, only to keep learning.

SPEAKER_05 3:18

Indeed. Same here. Same here. It's amazing just the capabilities, the amount of times a day I just go onto the internet to look something up that I don't know. So we normally start off by saying, How'd you get into this crazy world? But Paul's done a wonderful job on your introduction already, that I didn't even know that you were in the Jag Corps. So how did you go from JAG Corps to this wonderful world of data, Shosada?

SPEAKER_03 3:40

The funny part is that I actually started as an engineer in the Navy. And I had this moment when I was a kid, there was this ad for Reese's pieces or something where it was like peanut butter, chocolate. That's the natural marriage there. And when I went into the Navy and I got out and I went to law school, I felt compelled to come back toward the Jack Corps. There's a little story in the middle where my father fell through a roof and I ended up having to take care of his kid, like the roof of the garage, and I ended up taking care of his kids. But if you flash forward, having taken engineering and been an engineer, right? And then also being, of course, an attorney and looking at what the what was happening with technology even then in the JI court, I became the translator across business, legal, technology, and security requirements for every company that I touched from then on. And I think it wasn't that I moved, it was that the world came to my briar patch.

SPEAKER_04 4:37

Oh, horrible. I guess it makes sense, obviously. But so your first job in data, your first experiences working with data and data protection, was that also in the army still, or was that after?

SPEAKER_03 4:52

No, so that's a probably it was the I had to make the leap from the Jag Corps. But what it really comes to is when I was in I grew up embedded in the international development world. So I spent two and a half years after graduating early. I spent two and a half years before college doing international development work. And I was traveling all over. In the book, it says I think I lived, it was in 10 countries, but I was like, how do you define lived? For me, I would say 18, right? So I lived and worked in all these countries. And when I went to law school, I was really focused on human rights law. But that was taking me to really gruesome places, right? So I wanted to focus on international law and human rights law. And yet at the same time, as a person who's, I would say, quite sensitive and attuned to things, I couldn't go the distance on the pieces that I would have thought I would have with human rights law. So when I was a corporate attorney working on international law matters for global organizations, as soon as I became aware of the requirements, of the requirements, certainly of the where the UK had actually already embedded the EU requirements for the UK, and now I'm forgetting I'm so old, the Privacy Act, right? Or the Data Act. That was when I latched on. And I had a wonderful general counsel who, when I said, can I run it this, actually said, you must. And that really pushed me further in. So international law, human rights law, that was where I got to take part of what I was doing. And I kept all my other pieces of my jobs, but and really focus in on privacy law and go the distance there.

SPEAKER_05 6:21

Aaron Powell So I will jump in there and say that yes, it's data protection law over here in the UK, of course. One of my pets.

SPEAKER_03 6:29

We are, yes, it has always been data protection there, but called serious privacy. I was trying to stay on point.

SPEAKER_05 6:36

Yeah. It's fascinating. I've that I've rebranded my company, serious privacy, when everywhere I go, I tend to tell people it's not privacy, it's data protection.

SPEAKER_03 6:44

But more and more, I would I'm gonna take us slightly off point here. I think AI has introduced something that will pull away from you being able to keep that definition because companies are realizing that personal data is not their most precious and dangerous possession in an age of semantic inference and access, right? So I'm not pulling away from the proper terminology so much as to say that the data that companies seek to protect now is something they're aware of as a broader spectrum of immediate risks.

SPEAKER_04 7:16

Yeah, I agree. And it's no longer just personal data, it's also a lot of impersonal data that that really is becoming at risk, whether it's financials or just all the operational things. Just a couple of weeks ago, I read the story about one of the AI agents just erasing the source code for a full app because it did not respect the boundaries it was given. So then is that that's your whole business model out of the door, especially if there are no proper backups. So yes, the issue is becoming a lot broader, and that's also something you you point out in your book, right? I mean why did you write the book? Why does anybody write a book?

SPEAKER_03 7:57

So I had actually, and I think I know that Ralph knows this, I think that you know this, Paul, but I had several years ago when I first had looked at some of what was being put out for privacy professionals to adopt that would ostensibly land them squarely and give them grounding to function in the profession of AI governance, I felt was wholly insufficient and aligning with much more with a compliance program. And so I started working really late 2022 already to try to build out what I saw, right? From an basically the systems thinking that I adopted from international development plus the organizational thinking and the ways that I see structures, I started building out logical AI governance and that methodology. And when Cogan Page, as you mentioned, called me a year and a half later or so and said, Do you know, do you possibly have a book that you want to write on AI governance? I did, right? I had so much material from teaching the course and the certification programs, both to organizations and to practitioners, and things that I had to dig much deeper into because of those cohort cohorts and the way that they worked, and also in my own work and for my clients at logical AI governance, that it had expanded beyond simply what I could pull into the cohorts. And I wanted to try to give people something that would make them feel truly grounded. I'll stop my big speech about it, but I will say this. I still meet people in the privacy universe who have imposter syndrome. And I think they have it in part because it is the most finite, it's the most finite realm of law. Doesn't mean it's easy. In by any means, does it mean the nuances aren't lost to most? But at the same time, I think this is a much more dangerous field to enter without the means to feel and be grounded and see the whole picture. So that was a big part of why.

SPEAKER_05 9:59

It's one of the reasons why I like going to privacy space, which Shasana, I know you've been to as well, because it almost turns into a group therapy session as much as it does a knowledge session, because there are individuals out there who have a tough time of it, who suffer from imposter syndrome, who may be very knowledgeable and very good at getting on stage, and they're very kiki in what they know and love. But yeah, sometimes it's more human characteristics, our personal characteristics, that that cause us to barriers. Let me just say something and then and then jump to a question. I really like what you were saying there, because the more and more I've worked in data protection, uh information security, the more intellectual property law, human rights law, the more I'm coming down bound to more when I go in and do an audit of an organization, I find it comes down to sometimes two things. Yeah, data governance. It's one thing, right? How you approach data across the wider organization, no matter if it's personal or not. But also I like that legally with AI, they've almost moved down a product safety route if you've got to release a product to make sure it doesn't hurt people. And so, and I will admit, I haven't read your book yet, Shizana, but it'll be on the list, trust me. But how do you reflect that way of thinking? Because with AI, especially, we want to get it out. We want to get it out there. Everybody is rushing to adoption. But critical thinking and safety features seem to be secondary on the agenda. How have you approached that?

SPEAKER_03 11:24

So I think one of the is a great question. I think one of the most critical things that we need to think about when we're pulling back to understand the many things we care about, right? The crown jewels in terms of data that we need to protect and both personal data and company secrets and all of these things and client information, anything that you're holding that you can access, all the way through to the bigger picture of where you aim to be from a strategy level, is that across all of this, whether you are considering yourself to be just a deployer or you are actually building with the tools, and we know that line is getting fuzzier day by day. It's really about acknowledging that the things that we care about manifest as liabilities. And to bake those, instead of having big conversations about ethics with companies that want to move fast, you need to figure out within the software development and deployment lifecycle, right? There's that break there. If you are taking on a vendor, you are in the deployment and after piece of it, but you are still in the software development lifecycle. And so you want to bake in those questions, those controls, those reassessment points from every moment from ideation, either it's we should do this project, we should build this thing, or we should take on this vendor all the way through to what happens when we retire it, what happens to the data there, and start to layer those data governance pieces, which you're completely right, is one of the discipline components that organizations tried to skate by in the universe of data protection compliance, but that they are finding is going to really catch them by the tail now. So I think it's about looking at that, baking it in. And also if you had to hit one high note within all of that, in terms of risk, in terms of what you're doing, I think it would be looking at dependencies and control. That would be the pieces that you really want to talk about because where something is baked in, we always have to have a contingency plan. If humans, organizations, or society are relying on it, and where we can't actually take control when we need to, such as the example that you expressed there, Paul Pryor. Those are two of the big red flags.

SPEAKER_04 13:35

Yeah. So in in the past, the idea in especially in the tech community was go fast and break things. And I think we are very quickly moving away actually from that, because with how fast we actually can go today, especially with the help of AI agents, companies are getting really scared of breaking things because they're not breaking things of others, but they're breaking things of themselves.

SPEAKER_03 14:00

So software engineering has historically been an iterative thing, right? Much as AI governance will be and always has will have to be an iterative thing. But really, the difference is if someone is doing something intentional with the code, whether using AI or not, where something is occurring, we have to get software engineers and DevOps teams to log things outside of the code in a way that is understandable and also tells us where we can revert and what we will lose. That is one of the most critical points that I think gets skipped past by organizations that are dipping their toes into building technology as opposed to being technology companies.

SPEAKER_05 14:37

Yeah, that's fascinating.

SPEAKER_04 14:39

I you you were kind enough to send me a copy of the book for review purposes while you were still finishing it. So I have been able to read it and I'm terribly excited that soon I will have a hard copy of it as well, not just the digital copy, because I loved it. It's it it is not without reason called practical AI governance because it is very practical. I'm in the phase where in in my organization I'm working on implementing AI governance. Going back and forth to the book is actually going to be uh helpful. What I really liked about it is that you have spilled it up in two parts, right? There is one part that is aimed at the practitioners, at the consultants, at the people who do the day-to-day work. But there's also a section of the book that is really aimed at the management, senior leadership at the board. Why I understand why it is relevant, but why did you make that distinction when writing? Because it's not something I've come across before in in similar books.

SPEAKER_03 15:41

I appreciate the question. It means so much to know that the book is of value to you. I'll take one step back, which is to say where you find it practical, that pleases me no end. But I had a number of people who helped me from keeping it be purely a logical proof. The back end, I'll call it in terms of my brain. I built the book originally as a logical proof. Each chapter had to accomplish something that layered on the other for each of the sections. So that means a lot to me. Hopefully it doesn't read like a logical proof.

SPEAKER_04 16:10

No, it does. It also gives lots of context and good examples, and it's fun to read.

SPEAKER_03 16:15

Oh, thank you. That was something that I did get feedback about. It all means the world to me, truly. But the reason part of the reason that I think we have to start with speaking to the boards and executives is because, of course, they're driving the decisions. And even if only practitioners buy the book, they need a way to explain it, right? They need to be able to put their audience to make the business case in that situation and to explain it to their clients or their board or their executive leadership team, or perhaps I was hoping, to hand them the book and say, listen, just read three chapters in. If after three chapters you haven't snapped on, we'll get you your money back or something. But I think that's the point is that this is part of what practitioners need to be equipped with. But also boards should be able to take on this in a way that is immediately accessible to them while being able to push a little deeper if they want to. And I think that was combining those two and not keeping them as separate pieces of work was very important to me because it is one universe of communication. And it's better to equip the practitioners, quite frankly, with everything they might need.

SPEAKER_05 17:29

I think that's fascinating to talk about target audiences because for a lot of us, we're just presented with the software we're given. The AI options are there, or if Microsoft rolls out Copilot or whoever else, there are people out there who say you're going to design a website, and all of a sudden your website thing says, hey, you press this button and we'll generate an AI website or whatever else. So a lot of consumers are just at the mercy of what's rolled out. I actually think one of the most data protection or privacy or impactful things that I saw is when I realized that Apple rolled out the whole do not track button. Do you want to not do not track in terms of cookies, but in terms of do you want this app to track you? And all of a sudden I said, all of the DPIAs I've done, all of the notices I've done, all of the contracts I've done, to have a large technology provider have a button you can press that stops that from happening, that's so much more impactful on the individuals than and so really I pivoted at that point from legal compliance to looking at operational design work. Yes. Right? So the fact that you're talking about targeting the software engineers, targeting the people who design these products, that's so much more going to be impactful than having a contract downstream, right?

SPEAKER_03 18:48

I think that's exactly right. Design thinking from any aspect of it is exactly the right way to go. And there are people who don't like what Apple has done because they feel like it's a competitive marketplace thing. And I hear it, but I can't help but love it as well, right? That leading with privacy is absolutely something that I think is they've proven can be a very powerful differentiator.

SPEAKER_05 19:10

A sales pitch, yeah. Yes.

SPEAKER_04 19:12

Yeah, and also Apple is not perfect. They also do things where we say this is not what we like, or this is kowtowing to certain governments implementing or not implementing certain safeguards, pushing back against regulation from the European Union. That's for all big tech companies.

SPEAKER_05 19:30

Other vendors are available.

SPEAKER_04 19:34

No, absolutely. But it's also good that every once in a while one of the vendors steps up and says, hey, it can be done. And I think that is also important when you look in the realm of AI. When Anthropics said, hey, but don't use our software to kill foreigners. That was a very logical, at least in my view, a very logical statement. I was a bit sad that it's actually only that they only care about killing US people and not about foreigners, but that all kinds of army use of their AI was perfectly fine, only automated decision-making for targeted strikes or non-targeted strikes, something like that would be ruled out of the AI. But hey, it's a start. And I think AI is amazing in speeding things up, in getting certain things done, but we haven't resolved all the issues yet. We haven't resolved the copyright for training issue yet. We haven't resolved the ethical issues, we haven't resolved the bias in in the training data and in the output yet. So we also need to continue to need to have humans in the loop. We have only to question the output. And that also means that we need to have that form relation.

SPEAKER_03 20:45

So I'm fascinated because there are a couple of things that you said that there's so much unpacking that we're doing as an industry, I'll say or as a profession, right? One of which is, of course, that this is as Ralph was saying, get the release and it is what it is. But the foundational models, we are ourselves as a society, as a universe, as a civilization, in what I call a fixed position. We aren't going to undo what was done for those seven years by major corporations in terms of ripping pages out of books. There's no way to carve back from that. And because we haven't yet arrived at what Jan Lacoon is going to build us in terms of an actual logic-based model, if that's true. What we can fix is due to gating and due to training and coaxing, I would say, the technology. So we're on a wobbly foundation from an IP ethical standpoint, no matter what. And we're just trying to build solid things on top of it, which is very much like the fact that no matter how powerful it is, still a predictive technology, which is itself a bit wobbly too, right? So everything is saying this is a great material that we can use, but there are compromises inherent in the way it came to be. And we have to figure out how to stabilize something, both From the points that you raised and of course also from an accuracy standpoint, which isn't necessarily coming so soon, it's an interesting moment, right?

SPEAKER_05 22:08

Yeah. And I think it's worth reminding people that the technologies, any technology itself has no ethics or morality to it, apart from that, would you give it? Because I always say the axe doesn't care if it's swinging at a tree or someone's head, right? So you the the technology has no morality. It can equally be used to do horrible deep fake pornography, or it can be used to diagnose cancer patients, right? There is the it you pointed at what it points it as and it does what it what it does. And we have to remember sometimes I see a lot of terminology out there, the AI thought, the AI hallucinated, the AI feels, or the AI does. Whereas actually people sometimes forget that even though it talks like a human being, it's just a probabilistic technology engine underneath. So do you think, Shosano, that we even end up by creating this sort of LLM that talks like a human, we can almost force people into these sort of false senses of cognizance or rationality, or people even forget what's actually on the other end.

SPEAKER_03 23:10

Well, that's kinda okay. Um that's that I'm so glad you could join. Uh that's one of the key things, right? Which is we have an obligation at the civilization level to put that information out there. Because the technology itself is not going to arrive at meaningful explainability. And what we were just touching on a moment ago, which is I really rail against the notion of responsible AI, right? I think that makes it very confusing for people when in fact it it's really about incentives and what's going on with the humans. But to come back to your point, I think we've done a great disservice in allowing this concept of artificial intelligence, which has a long history and precedes this, allowing that to become a brand that that holds far too many types of technologies under it, and also in not being very clear and forthright. I think I might have sent it to you actually, Ralph, but I I tried to do this thing, you know, when during the war, people will send you send anti-propaganda pamphlets, right? I tried to create like a 1950s pamphlet at some point on LinkedIn last year where I was putting out these pictures. It says, Math just wrote that essay for you, trying to unpack some of these things. So, yes, I think we've done a disservice, but I also think it's our profession that's going to educate not just the organizations and the people within them, which is where the carrot and the stick is, but also hopefully start putting out more materials that make this clear where we're touching governments and agencies that can help to educate people and insulate them against that predisposition to think that because it's communicating with fluency, that it's actually an it.

SPEAKER_05 24:51

So we're joined by Kay. Kay's in. Welcome, Kay.

SPEAKER_02 24:55

Are you saying that I shouldn't be telling my AI thank you and please and all that good stuff? Actually, I don't hate that.

SPEAKER_04 25:02

You turn me on when the robots take over, right?

SPEAKER_03 25:05

I think not losing who you are when you deal with technology is maybe not a bad thing.

SPEAKER_02 25:10

I love that. To be fair, I tell Siri and Google and all of them please and thank you too, except for Google turns on every time I call my grandchildren boo-boo and I have to tell it to shut up. I haven't gotten very polite with that part.

SPEAKER_05 25:23

I love that. I love that.

SPEAKER_02 25:26

And I was actually talking to someone the other day and even telling that story to him on his side, his turned on.

SPEAKER_04 25:33

That's it.

SPEAKER_02 25:34

I know that's not necessarily what you're talking about here, but there we go.

SPEAKER_04 25:37

Okay, while you are here, maybe you want to answer the unexpected question. The rest of us already did. If you could freeze in time and live forever, freeze in time your age. What age would you freeze on?

SPEAKER_02 25:51

50.

SPEAKER_04 25:53

Why is that?

SPEAKER_02 25:54

Because I feel like I finally became who I really am and comfortable in my own skin and started doing things that I really enjoyed. I knew enough about me, my life, my my family. They were grown. That that's figured into it. I was no longer raising children. So they were grown and off and having productive careers and everything. So 50. 50 is a good age. And I have this skit in mind of SNL with the lady in red going, and I'm with kicking everything. I'll have to So that's brilliant.

SPEAKER_05 26:30

That you want to freeze in 10 years' time, Kay. That's amazing.

SPEAKER_02 26:35

10 years, no. I I'm 83 and I look damn good for my age, Ralph, but thank you. There is something to be said of the insecurity of youth and your own problems and growing into your own person and being comfortable with yourself, that's really valuable. So women in AI governance, I think, is a big thing. So, Shoshana, why do you think that women in AI is a big thing? Is it because we're trying to get more women in AI, or is this a field that women resonate with?

SPEAKER_03 27:06

So a couple of things. So women in AI governance, right? As a and of course, women in AI and actually across every field that is tackling and building with the technologies, is an important thing in part because of the extent to which they are historically left out. When Emerald, this was Emerald's idea, fully, 100%. We were both getting inundated with messages and inquiries because we both had the chief AI governance title for large companies very early before that was really very common at all. And she said, should we start this? And we started as a group, and as it grew into an organization that is really pulling across the globe and very focused too on the global south. But I think having women be a part of these conversations is important. I think lifting the voices of women and connecting them with each other helps a great deal in terms of knowledge sharing, which she and I were both very focused early on, as I explained logical governance, AI governance was on trying to explain that AI governance itself is something that is going to occur within every discipline and every industry. And it's not going to be something that is done strictly by a particular group of professionals, right? We are all navigating the obstacles, opportunities, mitigations, and components that we need to have in place for ourselves, for our organizations, for society. And so that was an important thing to us was making sure that people could access one another for genuine knowledge sharing, that we were putting out an opportunity to create webinars, lifting the voices of those women who, whether or not they were the expert were passionate, curious, and came with a specific vantage point, which we all do, men and women alike. So I think it's very important. And I also think you saw Silicon Valley 25, 30 years ago now, was very focused on the extent to which women have a propensity for synchronic thinking, right? And so pulling more women across more industries into this conversation and field, I think that matters immensely, both the technology itself, which we don't pretend to do within women in AI governance, but also the conversation.

SPEAKER_05 29:11

And I'd just like to add something to that. It's not only the domain of women to support women in AI governance. I've always wanted to turn up data protection events, the IAPB. I've always gone to the women in uh in privacy events. And when Shoshana invited me to be a part of Women in AI Governance, I was absolutely honored and bowled over because it to raise up the voices of women, whether in AI governance or in any other industry, it takes a village. It takes people of all jungles and races, right?

SPEAKER_03 29:46

We could not do it without the allies. And Ralph, you're always an exceptional ally, both you and Paul. It's incredible to see the support that you give to women in multiple professions that you touch.

SPEAKER_04 29:58

We do our best.

SPEAKER_02 29:59

And so does Higgins.

SPEAKER_05 30:01

Yeah, yeah. Indeed. I was actually talking to someone with this on DPIAs the other day, and I said, Who am I to who am I to write a DPIA? And they said, What do you mean? You're a data protection expert. And I said, Yeah, but you're looking at risks to people's rights and freedoms. And I don't have the lived experience other people have got. There are friends I have who wouldn't walk home alone at night, whereas I would, right? So you have a different risk appetite and a different profile to other people because you don't have their lived experience. So who am I to do a DPIA that generates risks for sections of the community? I don't understand.

SPEAKER_03 30:34

So that is such an exceptional question. And I'm very excited, sort of positive you're positing the question both to them and in the big picture. But when we think about this with regard to AI, and I'm not trying to pull it everything back to AI, but with regard to things like fairness metrics, right? There's the notion of ethical engineers, right? There is the notion that we as AI governance professionals coming from data protection or human rights or whatever the aspect is, whatever background you come from, security, sometimes many, that to set fairness metrics is not simply a one and done thing. And the other component is you have to really look at that outside view that you're saying, Ralph, is what are the potential ways in which a thing could be unfair without being inherently discriminatory. I think I use the example in the book and I do in my classes of a chatbot that sort of ignores older people because they ask more questions and the chatbot is optimizing, right? No one's intending that. It just happens to be something that runs alongside. But for all the metrics and controls that we intend to put in place, we have to remember both that the people setting them have to have a broader vantage point than they often do, right? And that they have to be adapted and changed as we start to see a broader component. And I don't know if maybe the DEI professionals are going to start to pull alongside, or I guess it's EDI in Europe, but if they're gonna start to pull alongside evaluating fairness metrics or how we better inform that brick in the wrong.

SPEAKER_05 32:06

Totally agree. Yeah, lawful, fairness, and transparency. We we talk a lot about lawfulness and transparency. I don't think we talk nearly enough about fairness under the law.

SPEAKER_03 32:16

That fairness component comes back as a liability to those organizations. They don't have to think about the ethics of it. Yeah. They don't have to be focused on the pieces that we spend our time focused on necessarily, but those will come back as problems and liabilities.

SPEAKER_05 32:30

Talk about fairness. My 93-year-old grandmother still needs analog options, not just chatbots and websites.

SPEAKER_04 32:38

I think almost every consumer does. Yeah, because usually they don't do what you want them to do.

SPEAKER_02 32:46

Yeah, they're useless to ask questions to.

SPEAKER_04 32:49

Yeah, almost every company loves them because they are more easy to use for them. They save on human resources and everything is automatically documented. So you have tons of additional data.

SPEAKER_05 33:01

First question, what else to every chatbot is connect me to a human place?

SPEAKER_03 33:04

But you're pulling it back to design thinking, right? Even just a no-reply email that says you're gonna get a subscription will be renewed, and someone who's older or busy responds to it and says, no, thank you, cancel. But it's a no-reply email, and you've just taken that option off. And so maybe that's what we really need to be pushing forward is go through the experience of either the data or the human, right? And understand the process and what the hiccups are.

SPEAKER_04 33:30

Yeah, absolutely. I think that is a really good note to end on because we are running out of time. So this is the moment where you take out your credit card and order the latest Mastery book, Practical AI Governance, building a program for oversight and strategy. As said, it's published by Kogan Page. It's available to order at your preferred local or online bookstore. Shushanna, thank you very much for joining us. Until next week.

SPEAKER_03 33:56

Thank you all for having me. Cheers. Bye.

SPEAKER_01 34:00

Now that was serious privacy. Please subscribe on your favorite podcast app and leave us a review. You can find us on LinkedIn, Instagram, and Blue Sky at Sirius Privacy. Feel free to drop us a question or a comment. We'd love to hear from you.