Responsible Use of Generative Technologies Policy Effective: August 1st, 2023 By using BlueDot you accept the following BlueDot Policy: Responsible Use of Generative Technologies Policy PURPOSE Generative technologies (“GenTech”) can deliver significant benefits by enhancing idea generation and creativity, increasing productivity, uncovering patterns and insights, accessing data seamlessly and improving quality of work product. Simultaneously, GenTech carries significant risks, including factually untrue outputs, biased outputs, data security vulnerabilities, IP infringement, privacy risks, unacceptable license terms, and regulatory risks. At BlueDot, we adopt GenTech responsibly, and in alignment with our Core Values, Code of Conduct, Corporate Policies, and ongoing commitments to our clients, partners, suppliers, regulators, and investors. SCOPE This policy applies to all employees, contractors, and service providers of BlueDot. DEFINITIONS Generative technologies (“GenTech”) is a category of algorithms that are trained on data sets and can generate text, images, video, sound or other work product (output) in response to prompts (input). Examples include ChatGPT (text-to-text/image), GitHub CoPilot (text-to-code), Midjourney (text-to-image), and ModelScope (text-to-video). GenTech can also appear as a feature in another application, such as “Compose with Al” in Front. ROLES AND RESPONSIBILITIES Employees, contractors, and service providers of BlueDot are responsible for 1) complying with all aspects of this policy and related documents, and 2) notifying the Legal Team immediately if they identify any irregularities and/or policy updates that may be required. Leadership Team Leadership Team, in consultation with Legal and Security, is responsible for prior review and approval of some controlled use cases and new categories of use. See the Controlled Uses section of this policy for more information. Legal Team Legal Team is responsible for updating and maintaining this policy. Security Team is responsible for maintaining the list of approved GenTech tools on Confluence. See the Using GenTech section of this policy for more information. POLICY We will use GenTech responsibly at BlueDot. Responsible use includes consideration of the following key principles: (1) We must only use GenTech in alignment with our core values, code of conduct, and corporate policies. This policy was not generated using Al. (2) We must uphold our commitments to our clients, partners, suppliers, regulators, and investors. (3) We must be transparent in our use of GenTech. (4) When a third party is interacting with BlueDot, such as through a support chat, we will be clear about where the human ends and technology begins. (5) We must protect our client’s confidential information and not share it with third parties unless authorized under our Privacy Notice and have a legitimate business reason to do so. (6) We must protect BlueDot's confidential and proprietary information and intellectual property. (7) Finally, we must not be creepy. Approved GenTech Tools You may use approved GenTech tools for approved unrestricted and controlled uses (defined below) in your BlueDot work. Approved GenTech tools are tools that have been approved through the Vendor Onboarding Process. All new tools must go through the complete vendor review process (including Finance, Security, and Legal review) prior to first use at BlueDot. This includes free trials. Guidelines for Use of GenTech Tools There are three categories of use: unrestricted, controlled and prohibited. Unrestricted and controlled use cases must be approved prior to implementation by requesting approval through the Project Life Cycle Asana board. Unrestricted Uses The following use of GenTech is unrestricted (all conditions must be met): the input is not personally identifiable information (PII), nonpublic personal information (NPPI), or BlueDot Confidential Information (VC1), the input is de-identified or tokenized Pll, NPPI, or VCI, the output will be used only internally or externally after after a human stakeholder has performed user acceptance testing to confirm the Al or machine learning model performance is aligned with business goals and metrics for which we are optimizing, the output will not affect the rights or obligations of any person, the output will not be incorporated in company technology, and any unrestricted use must comply with applicable law, company policies and the terms and conditions for use of the GenTech. Controlled Uses These uses require special precautions: + We may use GenTech to write code only if: - The GenTech has an enabled safety feature to minimize the risk of copying or license infringement of known software. - The file header of each file contains the following notice: “This file was created in whole or in part by [NAME OF GENTECH TOOL].” - The code is scanned for vulnerabilities by a specialized tool prior to being committed. . Any use where the input is identifiable confidential or personal information (in whole or in part). - This requires the prior review and approval of the applicable LT leader in consultation with Legal and Security. Any use where the output is directly presented to third parties without human review. - If the tool or the output is going to be external-facing, we must disclose that the tool or output is not or was not generated by a real human. - We may also be required to present additional information to aid the recipient in evaluating the output, especially if the output contains advice. Any use where the goal is to auto-decision or auto-underwrite a client or prospect's application. - Such uses require human review prior to finalization of the underwriting decision. Any use where the goal is to create an image. - Image creation prompts must not intentionally or inadvertently infringe upon the intellectual property rights of others. - For example, - a prohibited prompt would be “create the Nike logo in BlueDot blue” +a permissible prompt would be “create a scenic image using BlueDot blue” Any use where the goal is to transcribe the contents of conversations or meetings - Proper consent must be collected and/or notice provided to participants in such conversations and meetings Any controlled use must comply with applicable law, company policies and the terms and conditions for use of the GenTech. Any new category of use that is neither prohibited nor unrestricted. + Each new category of use must be approved by the applicable LT leader in consultation with Legal and Security. Prohibited Uses We will not use GenTech: To create videos or sounds for company use to impersonate or create the impression that a client is interacting with a licensed person or where the goal is to obfuscate or bypass licensing requirements. - These tools may not act in the capacity of a licensed person, meaning it cannot sell, solicit, advise, or negotiate the terms and conditions of the software. Where the input is sensitive personal data or the output affects fundamental rights of individuals, such as the rights to be free from discrimination. Where the input or output is system access credentials (for our systems or those of any third party). Where the output is to reverse engineer or reproduce the intellectual property of a third party. Any use that violates any law, company policy or the technology’s terms and conditions for use.
Effective: August 1st, 2023 By using BlueDot you accept the following
BlueDot Policy: Responsible Use of Generative Technologies Policy PURPOSE Generative technologies (“GenTech”) can deliver significant benefits by enhancing idea generation and creativity, increasing productivity, uncovering patterns and insights, accessing data seamlessly and improving quality of work product. Simultaneously, GenTech carries significant risks, including factually untrue outputs, biased outputs, data security vulnerabilities, IP infringement, privacy risks, unacceptable license terms, and regulatory risks. At BlueDot, we adopt GenTech responsibly, and in alignment with our Core Values, Code of Conduct, Corporate Policies, and ongoing commitments to our clients, partners, suppliers, regulators, and investors. SCOPE This policy applies to all employees, contractors, and service providers of BlueDot. DEFINITIONS Generative technologies (“GenTech”) is a category of algorithms that are trained on data sets and can generate text, images, video, sound or other work product (output) in response to prompts (input). Examples include ChatGPT (text-to-text/image), GitHub CoPilot (text-to-code), Midjourney (text-to-image), and ModelScope (text-to-video). GenTech can also appear as a feature in another application, such as “Compose with Al” in Front. ROLES AND RESPONSIBILITIES Employees, contractors, and service providers of BlueDot are responsible for 1) complying with all aspects of this policy and related documents, and 2) notifying the Legal Team immediately if they identify any irregularities and/or policy updates that may be required. Leadership Team Leadership Team, in consultation with Legal and Security, is responsible for prior review and approval of some controlled use cases and new categories of use. See the Controlled Uses section of this policy for more information. Legal Team Legal Team is responsible for updating and maintaining this policy. Security Team is responsible for maintaining the list of approved GenTech tools on Confluence. See the Using GenTech section of this policy for more information. POLICY We will use GenTech responsibly at BlueDot. Responsible use includes consideration of the following key principles: (1) We must only use GenTech in alignment with our core values, code of conduct, and corporate policies. This policy was not generated using Al. (2) We must uphold our commitments to our clients, partners, suppliers, regulators, and investors. (3) We must be transparent in our use of GenTech. (4) When a third party is interacting with BlueDot, such as through a support chat, we will be clear about where the human ends and technology begins. (5) We must protect our client’s confidential information and not share it with third parties unless authorized under our Privacy Notice and have a legitimate business reason to do so. (6) We must protect BlueDot's confidential and proprietary information and intellectual property. (7) Finally, we must not be creepy. Approved GenTech Tools You may use approved GenTech tools for approved unrestricted and controlled uses (defined below) in your BlueDot work. Approved GenTech tools are tools that have been approved through the Vendor Onboarding Process. All new tools must go through the complete vendor review process (including Finance, Security, and Legal review) prior to first use at BlueDot. This includes free trials. Guidelines for Use of GenTech Tools There are three categories of use: unrestricted, controlled and prohibited. Unrestricted and controlled use cases must be approved prior to implementation by requesting approval through the Project Life Cycle Asana board. Unrestricted Uses The following use of GenTech is unrestricted (all conditions must be met): the input is not personally identifiable information (PII), nonpublic personal information (NPPI), or BlueDot Confidential Information (VC1), the input is de-identified or tokenized Pll, NPPI, or VCI, the output will be used only internally or externally after after a human stakeholder has performed user acceptance testing to confirm the Al or machine learning model performance is aligned with business goals and metrics for which we are optimizing, the output will not affect the rights or obligations of any person, the output will not be incorporated in company technology, and any unrestricted use must comply with applicable law, company policies and the terms and conditions for use of the GenTech. Controlled Uses These uses require special precautions: + We may use GenTech to write code only if: - The GenTech has an enabled safety feature to minimize the risk of copying or license infringement of known software. - The file header of each file contains the following notice: “This file was created in whole or in part by [NAME OF GENTECH TOOL].” - The code is scanned for vulnerabilities by a specialized tool prior to being committed. . Any use where the input is identifiable confidential or personal information (in whole or in part). - This requires the prior review and approval of the applicable LT leader in consultation with Legal and Security. Any use where the output is directly presented to third parties without human review. - If the tool or the output is going to be external-facing, we must disclose that the tool or output is not or was not generated by a real human. - We may also be required to present additional information to aid the recipient in evaluating the output, especially if the output contains advice. Any use where the goal is to auto-decision or auto-underwrite a client or prospect's application. - Such uses require human review prior to finalization of the underwriting decision. Any use where the goal is to create an image. - Image creation prompts must not intentionally or inadvertently infringe upon the intellectual property rights of others. - For example, - a prohibited prompt would be “create the Nike logo in BlueDot blue” +a permissible prompt would be “create a scenic image using BlueDot blue” Any use where the goal is to transcribe the contents of conversations or meetings - Proper consent must be collected and/or notice provided to participants in such conversations and meetings Any controlled use must comply with applicable law, company policies and the terms and conditions for use of the GenTech. Any new category of use that is neither prohibited nor unrestricted. + Each new category of use must be approved by the applicable LT leader in consultation with Legal and Security. Prohibited Uses We will not use GenTech: To create videos or sounds for company use to impersonate or create the impression that a client is interacting with a licensed person or where the goal is to obfuscate or bypass licensing requirements. - These tools may not act in the capacity of a licensed person, meaning it cannot sell, solicit, advise, or negotiate the terms and conditions of the software. Where the input is sensitive personal data or the output affects fundamental rights of individuals, such as the rights to be free from discrimination. Where the input or output is system access credentials (for our systems or those of any third party). Where the output is to reverse engineer or reproduce the intellectual property of a third party. Any use that violates any law, company policy or the technology’s terms and conditions for use.