AI is revolutionizing the way business gets done. But with every new use case comes a potential compliance concern.
As organizations look to harness the power of emerging technologies, they also need to recognize and respond to compliance challenges raised along the way.
Taking a look at fast-evolving issues, analyzing regulator responses, and outlining AI compliance best practices, our partners at Mac Murray & Shuster (M&S) recently hosted a highly informative webinar, “Striking the Balance: AI’s Impact on Consumer Data Privacy.”
During their discussion, M&S Partners Michele Shuster and Josh Stevens covered three key areas of focus under regulators’ microscopes: privacy, consumer protection, and telemarketing.
To help you stay up-to-date and bolster your business’s compliance stance, we’ve compiled the need-to-know highlights below. And if you’d like, you can also watch the video in full on the M&S YouTube channel to hear their complete discussion.
Key Considerations when Working with an AI Solution
AI is steadily powering a complete paradigm shift in how businesses market and sell their products and services. The AI revolution, however, raises key questions about the use of consumer data and privacy rights. And just as new AI solutions are rolling out, many states are enacting their own robust privacy protection laws.
For this reason, any business that’s considering working with an AI service provider will want to thoroughly vet potential vendors and understand their risk exposure. M&S’s Josh Stevens provided three key questions to ask to understand how vendors are approaching privacy and consumer protection:
1. What was the system trained on?
It’s crucial to understand how AI systems are trained and what data is used in the process. Data may include potentially sensitive personal or financial information. Ask whether your vendor has the right to use collected data to train their system in the manner that they do.
To support your own compliance, It’s important to first make sure you’re using a system that was built in a compliant manner itself—one that respects the privacy rights of individuals whose data may be in use.
2. What happens to the data users put into the system?
Understand what a vendor plans to do with user data. Does it become part of the training set? What happens next? How is it stored?
To underscore the importance of this issue, Stevens pointed to the example of ChatGPT, which does not allow users to opt out of Open AI using their data to enhance the product. This raises concerns about the potential sale of that data. It also raises concerns about the program’s output based on this data.
These issues are particularly important when it comes to vetting generative AI solutions. ChatGPT and other tools have made headlines with their so-called “hallucinations,” which can generate false information or expose confidential data. Likewise, these tools have recently come under fire (and been sued) for using thousands of authors’ texts to train data without their consent or any compensation.
3. How is a system secured?
Lastly, because we have seen that generative AI systems have been manipulated into providing sensitive information with the right prompts, it’s crucial to know how the system is secured against these threats, just as it is important to know how well-situated vendors are to prevent and cope with cyber threats.
AI and Telemarketing Compliance
During the webinar, Michele Shuster dug into how AI is specifically shaking up compliance matters in the telemarketing and sales industry.
One thing she made clear is that, while AI may be new, many of the primary concerns around contact center compliance remain the same.
Is My AI Solution an ATDS?
When using an AI-powered solution for telemarketing, outbound calling teams should be wondering, can this qualify as an automatic telephone dialing system?
Under the TCPA, restrictions are imposed against systems, including AI-based systems, that randomly or sequentially generate numbers rather than dialing from a human-curated list. Systems that randomly or sequentially dial numbers are defined as an automatic telephone dialing system, or ATDS. Supporting ATDS compliance has only become more important as individual states have implemented their own stricter requirements on what an automatic dialing system is under the law.
The answer to whether an AI solution is an ATDS under the law will vary from solution to solution. Even then, the answers may be up in the air until these matters come before courts in greater numbers. Organizations should work with their counsel to establish a proactive compliance strategy and defensible position.
Complying with Prerecorded Voice Rules
Meanwhile, it’s also difficult to know how AI will be treated beneath the TCPA’s prerecorded voice messages rules. For now, Shuster says organizations should take a conservative approach and assume that calls using artificial voice technologies will be treated as prerecorded voice messages.
“That means that if we’re going to be making marketing calls to a wireless phone, then we’re required to have prior express written consent,” says Shuster. The same goes for marketing calls made to landlines, while informational calls to cell phones need only prior express consent.
Relying on AI to Support Compliance
Contact center automation tools often derive many of their benefits by helping to eliminate potential human error. This makes certain AI solutions attractive for use in support compliance. However, as Shuster covered during the discussion, if you’re going to use AI to help improve call compliance, you’ll need to work through a compliance check that includes the following items:
- Disclosures: Can your AI system consistently deliver the proper disclosures mandated by federal and state law? Not to mention industry-specific requirements such as in Medicare marketing.
- Call time restrictions: Can your system be calibrated to call only within allowable times? Beyond the federally mandated calling hours of 8:00 AM to 9:00 PM, a complex patchwork of state calling restrictions has emerged.
- Registration requirements: Some states may require registration for the use of automatic dialing and announcing systems, which Shuster says may include AI-enabled systems.
- Unlisted numbers: Many states prohibit calls to unlisted phone numbers. Do you have a means of scrubbing those numbers from your lists?
- Disconnect requirements: Is your system able to disconnect in time after a call is terminated and meet requirements?
- Caller ID types: What type of caller IDs does the system use?
“When you’re working with a vendor, make sure that you understand the answer to these questions,” says Shuster. “Make sure that, if you are delegating your compliance obligations to a system, that system is accurate. You really want to have a firm understanding of that.”
In the rapidly evolving AI landscape, businesses will face new compliance challenges alongside innovative possibilities. Staying informed about emerging legal issues, understanding vendor practices, and working proactively with counsel is essential for harnessing AI’s potential without compromising your security.
Get a recap of the latest contact center compliance news delivered monthly to your inbox. Subscribe here >
DISCLAIMER: The information on this page, and related links, is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel