For the use of Generative AI, do you have a list of Do's and Don't that your organization is following? We are refining our list and welcome ideas from other companies.

We have a training course that you must take before being given access to the full CoPilot license and you must complete a form stating you understand the guidelines such as not sharing the output without proofreading it.  Information we submit to CoPilot does not get added to the model.

Also, all other genAI services have a warning web page put over them that you must click through.  The page warn you that it isn't a sanctioned service, and no company information should be submitted.  The DLP program will see if any information is submitted so the user can be educated and an impact analysis performed. 

The first and foremost activity is understanding the type of data to be used for the Generative AI application. For data that cannot be shared outside our company, we prioritize using LLMs with strong security controls, such as Azure OpenAI, over open-source variants.

We also emphasize setting realistic expectations with key business stakeholders, ensuring they understand that Generative AI outcomes may not always be 100% accurate due to potential hallucinations.

Finally, we avoid recommending Generative AI for use cases where accuracy and precision are critical to the outcome.

in general its recommended to  lay down a policy for GEN AI usage , a typical applicaiton usage policy can apply for this too , however special emphasis must be laid on ethical busienss practices such as avoiding plagiarism, data protection and data snesitively guidelines. 

there is already a report ing artner for gen ai usage policy that you can leverage

We do provide some examples of Do's and Don't, but make it clear it isn't a comprehensive list.  Here's some of the content (also, some of the don't list have an exception for a specific team like Marketing that I'm not including below):

You can use IT-approved GenAI tools and apps for
the following:

• Enhance your understanding of general-knowledge questions.
• Conduct background research into a topic.
• Summarize research or generate an outline of research content.
• Write or check code.
• Initiate drafts for projects, such as:
  - Initial drafts of emails, letters or other written work product;
  - Formulas for Excel spreadsheets;
  - Lay out of PowerPoint presentations;
  - Copy edit your work; and
  - Translate business content or a text from a publicly available source. 

You are always responsible for verifying the accuracy
of content generated with the use of GenAI.

Never use GenAI in a manner that violates public trust in
the our organization. Do not create realistic-seeming images,
video or audio that fabricate representations of the organization, including all of the following:
• Never alter organization photos or video.
• Never create an image with organization trademarks or imagery.
• Never create images purporting to represent real people.

Do not use GenAI tools, apps or sites for work
unless they are IT approved. This includes using GenAI
on personal devices to produce work.

Do not expose organization content by entering it into
publicly available GenAI tools, apps or sites. This includes
but is not limited to:
• Creating a public GenAI account using your organization email address, credentials or phone number;
• Entering sensitive organization information into public GenAI, including personally identifiable information, confidential, proprietary or internal use only information;
• Copying computer code from public GenAI tools to our IT systems; and
• Installing non-approved Application Programming Interfaces (APIs), plug-ins, connectors, or software related to GenAI systems.

Do not use GenAI in a manner that infringes on others’ intellectual property.
• Do not prompt GenAI to generate outputs in a specific style for work product, such as “generate a program overview written in the style of John Grisham” or “generate background music like Alicia Keys.”

We do have some Do's and Don't that we have outlined for our organization:
 Examples of Acceptable Use:
• Researching general-knowledge questions meant to enhance your understanding on a work-related topic.
• Brainstorm ideas related to projects you are working on.
• Assist in generating code and formulas for reporting tools, Excel spreadsheets or similar programs.
• Draft an email, letter and other written content.
• Summarize online research or to create outlines for content projects to assist in full coverage of a topic.
• Summarize the results of surveys to determine sentiment or general understanding of survey results. Data input should not be identifiable or attributable to company, it’s patients, customers or partners.
• Conduct data analysis where attributable information is not part of the data.

Examples of Unacceptable Use:
• Using any unverified (unreviewed) output created by an AI tool in final work products of any kind. All output must be reviewed and verified.
• Copying and pasting, typing, or in any way submitting company, employee, patient, or partner identifiable content or data of any kind into the AI tool. (Example: no employee or patient names. No reference at all to company, partners, patients or employees)
• For legal guidance related to business decisions, or to draft legal documents.

All AI generated content should be reviewed for accuracy and for alignment YVFWC standards and principles of equity, ethics, and appropriateness.