Artificial Intelligence (AI) is being adopted at a rapid pace across industries – and for good reasons. AI-driven tools increase efficiency, reduce administrative burdens, and enhance data-driven decision-making. In the employment context, businesses commonly use AI for applicant screening, hiring and promotion decisions, productivity monitoring, and other personnel actions.
AI integration has significantly increased during the hiring process. Employers use AI tools to analyze resumes, identify qualified candidates, research publicly available background information, and even evaluate video interviews. Some systems purport to assess personality traits or “culture fit” based on facial expressions, word choice, and vocal patterns. While these technologies offer many benefits, they also introduce substantial legal risks in an era where many people are uncomfortable with AI and the government is raising regulatory and other hurdles to its usage.
Bias Auditing and Algorithmic Discrimination
As AI tools increasingly augment human decision-making, employers must be mindful of potential bias embedded within automated systems. Algorithmic discrimination – whether intentional or inadvertent – can expose employers to liability under federal and state anti-discrimination laws.
California has been particularly active in this space. The California Civil Rights Department (CRD) issued regulations addressing the use of Automated Decision Systems (ADS), signaling future scrutiny of AI tools that impact employment decisions. Given this evolving regulatory landscape, employers should strongly consider conducting bias audits of AI systems used in hiring, promotion, or discipline in conjunction with their legal counsel.
A well-documented bias audit can serve several purposes: identifying disparate impact risks, correcting deficiencies before claims are made, and demonstrating good-faith compliance efforts. In the event of an discrimination lawsuit based on AI assisted decision-making, evidence of regular auditing, remediation and compliance with regulations become a critical component of the employer’s defense.
CCPA/CPRA Risk Assessment Requirements
In addition to anti-discrimination concerns, employers must consider emerging privacy laws. Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), employers may be required to conduct a risk assessment when using Automated Decision-Making Technology (ADMT) to make – or substantially contribute to – “significant decisions” affecting employees.
AI-powered tools used to screen, rank, or hire applicants will likely qualify as contributing to “significant” personnel decisions. A risk assessment should consider:
- A clear understanding of how the AI tool functions
- Identification of privacy and other related risks
- An evaluation of the proportionality between risks and benefits
- Testing, monitoring, and documentation to ensure ongoing legal compliance
- Human oversight
Failure to conduct appropriate assessments may expose employers to regulatory enforcement and private claims.
Practical Steps for Employers
While AI can be a powerful business tool, proactive compliance is essential. Employers should consider the following steps:
- Review and update internal AI governance policies and procedures to educate employees, promote consistent implementation, and ensure compliance with applicable laws and regulations
- Evaluate all AI tools used in employment-related decisions to assess privacy implications and potential sources of bias
- Conduct bias audits
- Perform required risk assessments under applicable privacy laws
- Review vendor contracts to understand indemnification and responsibilities for claims based on usage of their products
- Limit access to sensitive AI tools to designated personnel and provide targeted training
Employers that take a deliberate, documented, and informed approach to AI implementation will be better positioned to leverage technological innovation while minimizing exposure to discrimination and privacy-related claims.
Contact Dan M. Forman or Linda Wang, Partners & Co-Chairs of CDF’s Privacy Practice Group, with questions regarding this blog or to inquire about a consultation on your organization's AI policies and procedures.
