What is your privacy policy regarding AI services?

Privacy by Design and Privacy by Default are embedded in the processes around the design, set up and update of our products and services — from development to release and improvement. Our standard baseline for compliance with privacy and data protection is the EU General Data Protection Regulation (GDPR) and related legislative pieces, which are foundational for our privacy program.

In addition to that, our risk management framework incorporates AI model actions, including privacy as a pillar. Our corporate and product privacy teams are knowledgeable of other AI risk frameworks incorporating privacy to the assessment of AI products, such as the NIST AI Risk Management Framework, ISO/IEC 23894:2023, and additional resources such as the Assessment List for Trustworthy AI developed by the High-Level Expert Group on AI set up by the European Commission. This provides a robust framework designed to protect fundamental rights from the design phase of AI models.

Here are additional details about the Genesys position on privacy and compliance:

• Building large-scale systems that apply AI to optimize customer experience often requires very large datasets that can contain data on many individuals coming from a variety of sources. Genesys is committed to core principles of privacy by design, limiting the data collected about individuals as the default.
• Beyond enforcing privacy by design principles across systems, Genesys uses rigorous processes to monitor compliance of our AI products with regulations such as GDPR and any other applicable legislation globally.
• While Genesys has technical and administrative controls in place to limit the access to customer data, we have established additional safeguards designed to ensure that all data used for the development of new products is anonymized and governed by a set of processes detailed in the Genesys data anonymization framework.