If you’re just thinking about implementing artificial intelligence solutions at your public sector institution, Constantine Karbaliotis has news for you.
“You’re already doing it,” says privacy and AI compliance lawyer Karbaliotis, explaining that it’s likely many employees have gone ahead with their exploration of AI tools, without waiting for official approval.
Ever since AI tools like ChatGPT and Claude went mainstream, there has been a corresponding explosion in this kind of “shadow” AI use, he adds.
“It’s a serious challenge for both public and private sector organizations,” Karbaliotis says. “It’s very easy for someone to use their personal account for work, but it’s not confidential, there’s no contract and the settings haven’t been adjusted to protect the uploaded data.”
As a result, institutions are often left to play catch up when they eventually get around to putting together a policy or framework governing AI use.
“Unfortunately, this is a rock-lifting exercise and you will find some ugly things crawling out. Once you’ve established where AI is already being used, you can start to establish some governance and set some rules and guardrails,” Karbaliotis says.
Shadow AI is just one of the topics that will be up for discussion at Osgoode Professional Development’s program Public Sector AI Compliance: Laws, Risks and Governance, which Karbaliotis will chair.
The one-day conference runs live virtually on May 11, with a replay set for June 15, bringing together leading experts to offer practical guidance to the public sector, its advisors and vendors on the latest issues in AI compliance, regulation, governance, risk management, security and ethics.
Across four decades in the legal industry, Karbaliotis has always stood out from his peers for his interest in cutting edge technology.
“Around the time I was called, most lawyers would have been happier using quill and ink, but I really was looking for ways to join the 20th Century,” he says.
He found a fit in the legal department of an automated software company that developed an automated form-filling service for users, before joining an IT consulting firm to advise lawyers and law firms on legal technology and automation.
In the last 20 years, Karbaliotis has developed a niche in privacy and data protection law, helping to establish the privacy programs at a series of major consultancy firms.
At Toronto law firm nNovation LLP, where he advises Canadian and international organizations on privacy, cybersecurity and cross-border data obligations, Karbaliotis says that AI issues have emerged as an organic outgrowth from his existing practice.
“It’s hard to touch a privacy issue today without AI being involved, but AI has got broader reach than simply that. It goes to copyright, to competition, to sovereignty, to public safety and much more,” he says.
After speaking and volunteering at several OsgoodePD conferences over the last few years, Karbaliotis was a natural choice to chair the AI compliance program. The conference is particularly timely, he says, following the recent passage of Bill 194 in Ontario, which created new obligations for public sector institutions regarding cybersecurity, privacy and their use of AI systems.
“What it does is to force on all public sector agencies to really take accountability for implementing AI,” Karbaliotis says. “To a great extent that means leveraging third-party technology, so part of it is about figuring out how to get the information necessary to be able to do your due diligence under the law.”
While Ontario is leading the way legislatively, Karbaliotis says that the program should be attractive to lawyers and other professionals who work inside – or in partnership with – public sector institutions countrywide.
In keeping with Osgoode’s reputation as a pioneer in applied learning, the expert-led sessions will be complemented by a hands-on workshop on the conduct of AI assessments, providing attendees with actionable strategies, templates and insights to bring with them back to their workplaces.
In addition to developing governance frameworks around the use of AI, Karboliotis says public sector institutions should also be focusing on improving the digital literacy of their employees.
“They need to understand how to use these tools appropriately, when they should be used and when they should not be used,” he says. “There is no question that AI is transformative, but the question that must be asked is whether it is actually serving the organization’s needs.”
Want to learn more about our Public Sector AI Compliance: Laws, Risks and Governance program?