AI and HR: Navigating Legal Challenges in Recruiting and Hiring | Troutman Pepper

Posted on Author AIJobNexus

This post was originally published on this site.

Troutman Pepper Artificial Intelligence Alert – Intelligent Insight by Real Lawyers

By Jim Koenig
, Laura Hamady
, Joel Lutz
, Tracey Diamond, Alison Grounds, Ron Raether,
Kim Phan, Peter Wakiyama, and Sadia Mirza

Using AI in HR – Hire or Hover? Hiring executives are asking if the compliance costs and discrimination risks outweigh the anticipated benefits of using artificial intelligence (AI) tools for hiring and employment-related
activities. Troutman Pepper has been monitoring this rapidly evolving issue, including current and anticipated legal requirements as well as the emerging best practices companies are implementing. This alert provides an overview
of the types of AI-specific considerations that are in play, highlighting the potentially wide-ranging compliance obligations attendant to using AI-related tools in employment-related processing.

  • Discrimination and Bias Considerations and Current US Laws. In the U.S., AI systems used in hiring can inadvertently cause organizations to violate existing anti-discrimination laws (such as Title VII of the Civil
    Rights Act) and may trigger obligations or lead to liability under emerging AI or AI-adjacent laws. Some of the emerging concerns around the use of AI in hiring are seen in the following laws or guidance:

    • The EEOC’s 2022 Guidance on AI in Hiring: This focuses on potential ADA violations when using AI tools that may screen out individuals with disabilities and recommends providing
      specific disclosures and accommodations in AI-driven hiring processes.
    • Colorado’s AI Act: This regulates high-risk AI systems and would require companies to conduct a data protection impact assessment (DPIA) before using AI in hiring, as well as
      requiring specific notices to be provided to job applicants when AI may be used in hiring decisions. A high-risk AI system is any AI system that, when deployed, makes or is a substantial factor in making a consequential decision
      (i.e., any decision that has a material, legal, or similarly significant effect on the provision or denial to any consumer of, or the costs or terms of, education, employment, financial or lending services, etc.).
    • The Illinois AI Video Interview Act: This requires employers to notify candidates about AI use in video interviews, obtain consent from candidates before using AI analysis, mandate
      reporting on the race and ethnicity of applicants who are and aren’t hired, limit sharing of video interviews, and delete them within 30 days if requested by an applicant.
    • New York City’s Law 144: This prohibits employers from using AI hiring tools unless they’ve undergone a bias audit within the past year, requires notification to candidates
      about AI use in the hiring process, and requires employers to publish summary results of their most recent bias audit.
    • The Utah AI Policy Act: Imposes transparency obligations on companies using Generative AI, including in the HR context. Companies that that use Gen AI to interact with an individual
      must disclose that the individual is interacting with Gen AI only if the individual asks. However, where Gen AI is used in the provision of regulated occupations (such a lawyers, engineers, accountants, educators, construction
      workers, personal care professionals and others), there are mandatory disclosure requirements, including verbal disclosures at the state of an oral exchange and through electronic messaging before a written exchange.
  • Discrimination and Bias Considerations and Current EU/UK Laws. In the EU/UK, the General Data Protection Regulation (GDPR) and AI Act have similar prohibitions against automated decision-making and impose stricter
    requirements aimed at preventing algorithmic bias.

    • The GDPR restricts solely automated hiring decisions, requires explainability of AI-driven hiring decisions, and mandates DPIAs for AI hiring tools.
    • The EU AI Act classifies AI hiring systems as “high-risk,” requiring human oversight in final hiring decisions; transparency to candidates about AI use; documentation of
      AI system development and testing; risk management systems to prevent bias, and assurance of high-quality training datasets to prevent discriminatory outcomes.

10 Steps to Take Now – Operational and Governance Enhancements Likely Required. Even if the AI tool being promoted by vendors promises to help avoid bias and skirt the concerns of regulators, most companies still need
to enhance existing privacy, security, and other disclosures and internal policies before moving forward. For example, seven increasingly common practices companies are taking to ensure compliance before implementing AI in hiring
processes include the following:

  1. Develop Data Maps and Inventories. Conduct interviews to gain an understanding of the AI uses and data involved as well as the jurisdictions involved to map and pinpoint legal obligations and required practices;
  2. Create and Complete AI/DPIAs. Complete DPIAs (or other impact assessments) before adopting and implementing any AI hiring tool;
  3. Form AI Governance Committee/Structure. Make AI uses a team sport by having AI/DPIAs considered and approved by legal, privacy, security, safety, business, human resources, marketing, manufacturing, supply chain,
    and other experts and company leaders, leveraging existing privacy, compliance, security, or other committees if and as appropriate;
  4. Update Candidate Notifications. Implement clear candidate notification processes about AI use in hiring (including JIT notices and a specific Applicant and Worker Privacy Notice);
  5. No Automated Decisions. Ensure human oversight in final hiring decisions;
  6. Provide Choice and Opt Outs. Provide options for candidates to opt out of AI-driven assessments and request explanations for AI-driven hiring decisions;
  7. Review Vendor Contracts. Review vendor contracts to limit or eliminate their independent rights to benchmark or train their algorithms with your data;
  8. Train, Train, Train. Regularly train HR staff on AI tool use and potential bias issues; and
  9. Conduct Bias Audits. Conduct and document regular bias audits of such AI hiring tool(s);
  10. Implement/Update Records Retention Policies and Practices. Develop clear data retention and deletion policies for candidate information for both candidates being considered by AI and/or traditional means.

Details Matter. The devil is in the details. Appropriate and responsible uses of AI, especially in the HR context, often depend on the size of the organization, business priorities, compliance capabilities/resources,
availability and sensitivity of the data involved, privacy and global data transfer maturity, and personal and IP information handling risks.

Closing. For any questions or assistance in responding to the items on this checklist, please contact
Jim Koenig at Troutman Pepper at 610.246.4426 or
jim.koenig@troutman.com,
Laura Hamady at 312.759.8880 or
laura.hamady@troutman.com or any member of the Troutman Pepper
Privacy + Cyber Practice,
Labor + Employment Practice, or
eDiscovery + Data Management team.