July 7, 2020
By Diana J. P. McKenzie and Nicole L. Pope, published in the Savannah Morning News
The COVID-19 pandemic brings with it increased focus on Artificial Intelligence (“AI”) as developers rush to create software, such as contact tracing software, that can help businesses reduce the risks for employees returning to work. Before businesses acquire AI technology, owners and human resources professionals must consider how to balance being proactive with protecting employee privacy. There are numerous provisions they should incorporate into their contracts with their software developers. Some of these provisions include:
When contracting for AI, the customer should be particularly focused on documenting the level of testing to be provided. Generally, the more robust the description of the testing, the better. At a minimum, this description should include: the number of rounds of testing, the process for testing, what the minimum sample size will be for each round of testing, and who is involved in creating the test environment. In addition, the customer should ask the vendor to contractually commit to describing the remedies if the testing does not result in adequate work product. The parties need to define exactly what constitutes acceptance, and whether ongoing testing is necessary or appropriate, particularly as the AI adapts and learns from itself.
Security is currently one of the fastest evolving areas of information technology law. When contracting for AI, it is important to have standards that can adapt to this ever-changing environment. In order to do this, it is helpful to incorporate a requirement that the vendor comply with industry security standards such as ISO-27001 and OWASP-Top 10 (for web applications). Businesses should also state any specific technical requirements related to security necessary to protect the customer’s IT environment, as well the whereabouts and other data associated with its employees and the locations of its customers. Finally, requiring adequate cyber-insurance that meets the risk level of the environment is also prudent.
Customers should be wary that AI may transform data that was once anonymous into data that is decipherable. Also, there is a complex set of data privacy laws in effect in the United States and even more so globally. All vendors should contractually agree to comply with any such applicable laws. Customers should also consider putting limitations on how vendors can use data, particularly outside of providing the services to the contracting customer.
Most vendors require a cap on consequential damages, but in AI contracts this provides additional challenges as much of the risk to the customer lies with items commonly considered to be consequential damages. There are several ways to address this problem. One way is to redefine what constitutes direct damages. A second way is to negotiate exceptions to caps for specified items such as: breaches of privacy/data security, failure to comply with threshold requirements, and allegations of bias due to algorithm data use.
This article is meant to share a few ideas for contracting for AI. As with any contract, you should contact a lawyer understanding the nuances of the subject matter particular to your situation prior to signing it.
For more information, please contact Diana J. P. McKenzie, partner & chair, Information Technology & Outsourcing Practice Group at HunterMaclean, firstname.lastname@example.org or Nicole Pope, attorney at HunterMaclean, email@example.com.
Is it a Boat Slip, a Dock, or a Condo? Wait, it’s a Dockominium!
May 10, 2023
By Francesca Macchiaverna, as published by Legal Newswire The term “dockominium” is not defined in the Georgia Condominium Act or Georgia case law. Dockominiums as an interest in land are…
Corporate Transparency Act: Will You Need to Register Your Business After January 1, 2024?
January 10, 2023
By Louann Bronstein, as published by Legal Newswire The Corporate Transparency Act (CTA) will become effective January 1, 2024. The CTA was enacted on January 1, 2021, as part of…
Recent Developments in Admiralty and Maritime Law
May 31, 2022
Co-authored by attorney Justin Guthrie, this article was published in the Spring 2022 Survey Issue of the American Bar Association’s Tort Trial & Insurance Practice Law Journal. This article discusses noteworthy admiralty…
Biology is Not Destiny: Biological Fathers’ Rights to their Newborn Children Born Out of Wedlock in Georgia
December 31, 2021
Comment by Emory Larkin, published in 72 Mercer L. Rev. 879 (2021).
CMS and OIG Signal Course Correction in New Stark, AKS and CMP Final Rules
December 1, 2021
By T. Mills Fleming, published in the Winter 2021 issue of the State Bar of Georgia’s Health Law Section newsletter.