DIA issues its guidance on how to use generative AI in the public sector

As infographics go, it won't win any design awards, but many public servants will welcome some official advice on how to test the waters with the new wave of generative AI tools and platforms.

The Department of Internal Affairs yesterday published "system leaders guidance" on use of generative AI with a 10-point list of recommended actions when it comes to using the technology.

It also made some strong general recommendations - that generative AI isn't used for any data classified as SENSITIVE or above, and that personal data isn't put into GenAI tools "if they are external to your environment".

DIA also recommends blocking use of generative AI tools until the conditions in its guidance are met by government departments and agencies.

It's a fairly sensible guide based on best practice principles that many public sector organisations will already have in place and which are applied to the implementation of any new technology. However, some of the guidelines may need to be updated over time as the technology progresses.

Not for business-critical data - yet?

For instance, the recommendation to "avoid using GenAI for business-critical information, systems, or public-facing channels" won't age well as the benefits of applying the technology to those uses become more apparent.

Soon, AI-powered tools like Copilot for Microsoft 365 will allow many public servants to summarise policy documents and generate reports while taking advantage of the data security and privacy features that already exist in the Microsoft suite, which is ubiquitous across government.

But the guide also urges public service leaders to consider the benefits of using the technology, in terms of efficiency, improved policy, innovation in public services, and even better cybersecurity monitoring.

The Government has yet to introduce any dedicated legislation specifically covering the use of generative AI however the Privacy Commissioner recently warned public and private sector organisations that the Privacy Act equally applies to the new technologies and that reported infringements will be investigated.