The explosive growth of AI has transformative potential but also raises critical privacy concerns that must be addressed, writes Pat Moran The world of artificial intelligence (AI) took a massive leap forward with the emergence of ChatGPT in November 2022. Since then, there has been a surge in the design and implementation of AI use cases across industries such as healthcare, retail, financial services, manufacturing and others. While the emergence of AI is transformative, this powerful tool is not without its challenges, particularly the profound privacy concerns it raises. As organisations eagerly harness the potential of AI, it is vital to know the associated privacy risks, such as: Data collection and breaches – As AI models evolve, their training datasets will likely grow, increasing the risk of personal and special category data being included. These datasets must be stored and processed securely while training AI systems. Algorithmic bias and discrimination – Biased algorithms may inadvertently perpetuate biases and lead to decisions that could negatively impact certain groups of people without the organisation’s intention to discriminate. Data subject requests – Once the AI systems are trained and deployed, responding to certain data subject requests becomes increasingly difficult. Transparency – As AI systems become commonplace in organisations, users will increasingly unknowingly interact with these systems, including instances where users are affected by automated decision-making. Regulatory requirements and industry standards – Even though AI is considered a novel technology, there are existing and upcoming regulations and standards that define and guide its usage. Organisations must demonstrate compliance with these regulations and standards to maintain customer trust and meet procurement standards in the market. Misuse of personal data in AI-enabled cyberattacks – Malicious actors have begun leveraging personal data such as audio clips and deep-fake content for advanced phishing attempts and other scams. Inaccurate responses – It is common for generative AI programs to respond based on probabilities identified within the data sets used to train the AI instead of actual, accurate data points. This can result in inaccurate responses and may cause issues if users do not verify the authenticity of the system’s responses. Organisational changes for AI To successfully traverse the concerns listed above while developing and integrating AI systems, organisations should consider the following best practices: AI governance: The teams involved in developing AI governance should be interdisciplinary, including teams in AI development, legal, privacy, information security, customer success and others. Privacy by design: The foundation of responsible AI lies in the concept of ‘privacy by design’, which states that data protection and privacy considerations must be implemented throughout the development lifecycle for any AI system. This includes incorporating privacy-enhancing technologies, ensuring appropriate security, compliance with regulatory requirements and other privacy-specific principles. Some AI systems have a ‘black box’-like nature, which makes it harder to detect and fix ethical, privacy and regulatory issues once deployed, increasing the need for privacy by design. Further, there might be other processes that pose too high a risk to move towards automation through AI and will require controls such as “a human in the loop”. Transparency: Users must be provided with clear and transparent communication in the form of privacy notices and other means including: confirmation that AI systems are used to process their data (including details of automated decision-making, if present); how their data is collected and processed; how long it will be stored; an outline of their rights, etc. The information helps users provide informed consent and builds trust in AI systems as well as the organisation. Fairness: An important step is to perform regular audits of AI systems to test their performance and ensure no bias or discrimination against users. The review should include the automated decision-making algorithm, and the process by which the algorithm makes decisions should be transparent and explainable. Data management: Ensure data ingested by the AI system during training is lawfully obtained, high-quality, and rigorous vetting and anonymisation have been performed. Technologies such as pseudonymisation or data aggregation should be implemented to ensure compliance with data minimisation and retention privacy principles. Up-to-date records of processing activities should also be maintained to ensure data is managed effectively throughout its lifecycle. Remember, organisations cannot use publicly available data to train AI systems without a valid lawful basis. Risk management, compliance and information security: A risk-based approach, including a data protection impact assessment, should be implemented to assess the level of risk involved before AI systems are deployed. The organisation should also sign off on the risk levels, controls and mitigations. AI compliance monitoring should be incorporated into the organisational, regulatory compliance programme or privacy programme. The wider organisational information security programme should include AI systems and their underlying data to prevent data breaches and malicious attacks. Technical and organisational measures such as encryption, data masking, password management, access controls and network security should be implemented. Employee training: As AI is a new technology, employees must be trained periodically on responsible AI usage. Training should include the privacy impact of AI systems, compliance with data protection regulations while using AI, misuse of personal data in AI-enabled cyberattacks and how to guard against it, and data protection best practices. Conclusion The advent of AI may be compared to the invention of the combustion engine. While organisations can move faster, they will also require stronger brakes. These brakes may address these multifaceted concerns, which necessitates a holistic approach, combining technological innovation, ethical practices, user empowerment and regulatory adherence. Organisations’ responsibility will be to innovate and ensure that innovation aligns with the values of privacy, ethics and user trust. Pat Moran is the Leader of Cybersecurity Practice at PwC.

In the complex landscape of corporate decision-making, understanding the differences between ESG and sustainability is crucial, writes Dan Byrne Corporate decision-making today involves a lot of talk about the environment, social and governance (ESG) and sustainability – precisely, how your company will fit into both movements. No one wants to discover they don’t know the difference between the two in the middle of a board meeting. While the two ideas share a lot of overlapping principles, they are different. It is essential to understand these difference because, once you sit down with colleagues to oversee core strategic decisions, you must have robust knowledge about the relevant topics. The difference between ESG and sustainability Sustainability is a principle dictating that, while we must look after the needs of our current society, it cannot be to the detriment of future generations. The concept of sustainability is so broad that it inevitably means different things in different boardrooms. The common thread in most organisations is that sustainability principles guide stakeholder expectations and, as a result, company strategy. ESG isn’t a principle; it’s a framework for measuring specific impacts and risks. It is a tool that can help investors and stakeholders to understand where their money is going. Why the confusion? There is a lot of overlap between ESG and sustainability, so organisations often file them under the same heading. In practice, companies embracing ESG will often commit to not harming the planet (environment), its people (social) or themselves (governance). While this should always be approached with the understanding that ESG is an investment metric and tool for analysing risk, it can be easy to generalise to the point that ESG is instead viewed as a sustainability metric or simply another name for sustainability itself. This is particularly true when companies focus on the “E” part of ESG. It’s popular across multiple industries and wins the backing of key stakeholder groups. An organisation’s focus on the environment creates a natural overlap with sustainability activities. Avoiding confusion in the future If you are in a board meeting and find yourself hovering around both topics, be sure not to hint that they’re the same with these tips: Remember that ESG is a collection of metrics; sustainability is a principle; If you’re talking about ESG, you will likely end up talking about numbers, quantities, reporting and investment opportunities. If you’re talking about sustainability, it’s expected more in the context of organisational goals, culture and policies; and Sustainability, in many respects, is the end goal. ESG is a pathway and a framework that will allow you to get there. Dan Byrne is a writer with the Corporate Governance Institute

As artificial intelligence and hybrid working reshape roles, accountants must begin to embrace IT, analytics and real-time data. Mark Lam explains why Bean counters, excel spreadsheets, sums and calculators – just some of the stereotypes and imagery that are associated with accountants. In 1955, General Electric began to use computers to perform accounting functions, and in 1978, VisiCalc, the first spreadsheet software allowing financial modelling, was developed. Since then, technology has continued to evolve and become more complex and central to the role of the accountant. A worker is only as good as the tools they are given to complete the tasks at hand and accountants are no different. Spreadsheet software itself revolutionised the profession, turning a “20-hour per week bookkeeping chore into a few minutes of data entry”. We have been seeing a more recent new shift in the profession in the past decade and this has been exacerbated in the years since the COVID-19 pandemic with the rise of hybrid working and artificial intelligence (AI). Technology has clearly advanced since the introduction of that first spreadsheet, with developments in computer systems and software connecting each function of the business to a single Enterprise Resource Planning (ERP) system. Just like in the 1970s, accountants are going to need more IT skills in order to stay competitive in the current market. New roles for accountants have emerged, such as the project accountant, financial system accountant, system accountant or data accountant. All are technically the same role, requiring high levels of IT systems and process knowledge­ and functioning as the intermediary between the IT and financial functions of businesses.   Future skill requirements As digital transformation is becoming more of a hot topic, companies are seeking continued improvements in efficiency combined with the need for real-time data causing businesses to increase data collection and connectivity between business processes. ERP systems providing the solutions to these needs offer just one part of the answer. Business leaders increasingly want accurate real-time data and information to aid decision-making. Accountants are required, not only to understand how the systems work, but also produce meaningful reports for bosses. Employees who understand how these systems work can build processes around them and extract and present the relevant information to help management leverage ERP systems to best effect. To stay ahead of the curve, businesses need to consider the future skill requirements of their financial teams, just as accountancy bodies will have to consider the curriculum provided to trainees to meet those needs. Businesses that take on trainees may start to consider taking on those who come from an IT background instead of accountancy, for example. Accountancy firms should be able to train accountants but can’t train computer programmers, after all. It may be more important to have new skills at the organisation’s disposal rather than more traditional accountancy functions. Accountants have always been more than just bean counters, but now this stereotype is becoming a distant memory. Mark Lam is H&W Group Financial Reporting Manager at Vhi and Chartered Accountants Ireland Technology Committee Member The Chartered Accountants Ireland Technology Conference will aim to inform members about this change, to allow us to bravely step into the world of digital transformation having learned from our peers and industry experts. Industry leaders such as Microsoft and Sage will present on the best practice around digital transformation at the conference and there will be case studies from fellow accountants detailing their digital transformation journey and lessons learned. Sign up now.