Search

Sample AI Use Policy

Article author
Betty Fleming
  • Updated

Below you will find ideas and possible language for using in your campaign’s AI use policy. This is NOT intended as a template to cut and paste and hand out to your team. No two organizations or campaigns are the same and this is intended to illustrate an example that can be tailored to your team’s needs. 

Our Organization’s AI Use Policy

As of [Date]

Questions? Contact [Campaign’s AI Lead]

  1. Principles, Purpose, Values, and Scope

Our candidate believes that using AI can benefit our effort to get him/her elected. However, we expect AI to be used in ways that represent the values of our campaign, which include diligence by humans to review all AI output for accuracy, transparency within the campaign and the community, and protecting the privacy of our supporters’ personal data with which we have been entrusted.

Our campaign fully understands that using AI does not come without risks. This policy articulates the risks and the benefits to the campaign. The policy is designed to clarify the actions we expect staff to enact to reduce our risks and maximize the benefit of AI and technology. 

The scope and purpose of this AI policy for the ______campaign is to provide guidance to team members on the ways AI can be implemented during the campaign. The outcome of implementing this policy is the ethical and responsible use of this powerful technology. This policy will guide all of us to achieve that goal.

  1. Who is subject to this policy

This policy applies to all staff of the campaign. Our vendors, where appropriate, should be aware of this policy and our values, as we expect them to use AI in a manner that meets the spirit of this policy.

  1. Risks and Benefits
  • Risks: AI can provide many benefits to this campaign. However, as with any technology, using AI comes with some risks, including:
    • Hallucinations (AI can produce confident-sounding but false, nonsensical, or fabricated information, like made-up facts);
    • Data leakage or loss; 
    • Reputational harm (if AI generated content that is incorrect, discriminatory, or of low quality is released by or associated with the campaign).
  • Benefits: Our campaign has determined the benefits of using AI on the campaign for various purposes including _________, _________, and to help our whole team be more productive. This policy outlines the way AI will be used to mitigate those risks and maximize these benefits.
  1.  Human Oversight and Accountability

AI does not replace or minimize the role of people when it comes to the operations of this campaign. People play a pivotal role ensuring AI is used correctly. Therefore, it is expected that team members:

  • Exercise Human Judgment: AI should help guide decision making NOT replace human decision making. It can be effective as a tool such as analyzing data or making suggestions. It cannot replace the human component of our campaign.
  • Acknowledge the Limitations of AI: This technology is still in its early stages of development and is rapidly changing. We need to be aware of and recognize the inherent limitations of AI tools, including potential for erroneous results, bias, or incompleteness.
  • Assume Responsibility: Anyone that uses AI for any purpose in the campaign assumes responsibility and accountability for the output of AI tools used in your work. All AI-generated content must be reviewed thoroughly by a human prior to publication or dissemination to ensure its accuracy and appropriateness.
  • Inform When AI used:  Everyone is expected to be transparent and inform colleagues and stakeholders when content has been generated or modified using AI tools. This can be done by noting what content is generated by AI or indicating how AI was used when creating the content.
  • Seek Prior Approval: Only the [Insert Campaign AI Lead or Campaign Manager] can approve AI generated content for external use.
  1.  Data Privacy and Security
  • Data Privacy: Protecting the data entrusted to the campaign is an important priority. Data is also what AI uses to produce meaningful results. When handling data:
  • Do not input any confidential, proprietary, or sensitive campaign information into third-party or public generative AI tools. Inputting sensitive information risks its exposure and/or breaches confidentiality. Examples of data that should not be used as inputs include: personally identifying information (names, addresses, phone numbers), or confidential campaign information (internal polling, draft policy statements, or opposition research). If you have any doubt or questions about the confidentiality of information in question, check with [Insert Campaign AI Lead or Campaign Manager] before exposing it to AI.
  • Data Security
  • Use strong security when using AI Tools: Team members are expected to secure all accounts that have access to or are used for AI. The campaign runs on _______( Microsoft or Google) and those accounts should be protected with multifactor authentication. (Specify the authentication for the platform you use like passkeys on accounts and add links to instructions). You are also expected to use the strongest form of authentication available for any third party accounts used on behalf of the campaign. If you have questions about how to secure accounts or security in general, contact ______________ for help.
  1. Permitted and Prohibited Uses

Below are the permitted and prohibited use of AI on the campaign:

  • Permitted Use Cases:
  • Research: Using AI tools for general research purposes, such as economic or demographic data, and/or developing messaging is permitted as long as no confidential or personal information is input.
  • Drafting and Summarizing: Using AI to create first drafts of standard written products, such as press releases, fundraising letters, reports, social media posts is permitted, as is using AI to summarize public documents and data.  Team members must indicate to whomever they submit AI-aided documents to for review, that AI has been used and to what extent.
  • Fact checking: When using public sources to research and/or draft documents, it is the responsibility of the person developing the document to double check sources and facts to be sure that sources are reliable  and the data are accurate. 
  • Data visualization: Using AI to help gain deeper insights into data for purposes such as charts, decks, and other graphics is permitted. (see below for nonpermitted image creation)
  • Permitted Tools: Only the following tools are authorized for use. To set up an account or receive a license, please contact ______ .
    • [Insert AI Tool] 
  • Not Permitted Use Cases: 
    • Creating deepfakes images and videos: The campaign defines a deepfake as [insert organization's definition]. If using AI in the creation of images, videos, or audio, ensure that it does not meet this criteria. Reminder that any external release of media generated by AI for the campaign is subject to internal approval.  
    • Unauthorized Tools: Campaign leadership has provided a list of AI tools (see above) that are permitted for use and ONLY AI tools on that list are to be used. If you discover a new tool that you think can be used effectively, please submit a request to update the permitted tool list to _______.
    • Illegal use of copyrighted material:  Only use materials in AI content that are legally allowable. Copyrighted materials may not be used unless they are allowable with proper attribution or permission is granted by the copyright holder. 
    • Illegal or Inappropriate use: Do not use AI systems or campaign technology infrastructure to generate content that violates the law and/or violates that tool’s terms of service (such as obscene, degrading, or abusive content, or content that promotes hate speech or discrimination).
    • Unauthorized Integrations: Do not integrate AI tools with internal campaign software or systems without express permission from _________.
  1. Incident Reporting, Monitoring and Enforcement 

Immediately report any actual or suspected security incidents to ___________.  Speed is critical. The longer an incident goes unaddressed, the more serious the potential ramifications. Do not delay even if you made a mistake that caused the incident. Our approach is focused on remediation of the problem, not casting blame. Examples of reportable incidents include:

  • Any incident that might lead to a loss of data or other compromise, such as clicking on a suspicious link, the accidental forwarding or personal information out of the campaign, or uploading of sensitive data to an AI system. 
  • Any actual or possible violation of this policy.
  • Any abnormal AI system failure.
  • A circumstance where an AI tool is generating output that is erroneous, misleading, offensive, harassing, or discriminatory.

Any User who violates this Policy may face disciplinary action up to and including termination.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.