For April 2025, we have asked the employment team at Tughans LLP to provide practical answers to unusual, sensitive or complex work-related queries. We call this feature “How do I handle it?”

The articles are aimed at HR professionals and other managers who may need to deal, from time to time, with the less commonplace disputes at work; issues that may, if handled incorrectly, lead to claims for discrimination, constructive dismissal or some other serious difficulty. 
 

ChatGPT is one of several AI chatbots which have exploded into mainstream use in the last few years. These tools are a form of “generative AI” called “large language models”. LLMs are trained on huge sets of existing information, which use algorithms to learn and identify patterns. These are then used to generate new content in response to user prompts. 
It is no surprise that these tools are already being used. A 2023 study of employees who use AI for work reported that 68% do not tell their managers. A more recent 2024 study by Deloitte reported that 48% of these employees use free online tools (like ChatGPT) and 31% use tools which they pay for themselves. 

The potential benefits are many – these AI tools can answer complicated questions, write code, prepare presentations, create audiovisual content, often delivering results within seconds. As more businesses and employees become familiar with its capabilities, issues around permitted and responsible usage will naturally become more and more prevalent. 
There are several key areas to think about when using ChatGPT in the workplace:

• Confidential information: ChatGPT can be used for free. However, its terms of use state that information inputted by users can be used to help develop its service. This means that your company’s confidential or proprietary information could be stored and accessed by OpenAI or its subcontractors. This may result in disclosure of confidential information and may breach your obligations to third parties – for example under specific contracts or NDAs.
   
• Bias: It’s important to remember that these chatbots are not search engines. They are generating content using the existing data they have trained on. This data can be inaccurate and may include other biases. This can result in the chatbot generating new content which reproduces these biases. This creates a risk of discrimination issues if the generated content is used by employees.
   
• Hallucination: The primary purpose of these chatbots is to generate a plausible response using the data it has trained on. They do not verify whether their training data, or the content they generate, is actually true. Even if the training data is completely accurate, the chatbot could still generate new content which is inaccurate, because it has combined accurate information in an unexpected pattern. This is known as “hallucination” and can have embarrassing results – like a US lawyer who was fined for citing cases which didn’t exist.
   
• Data protection: If employees input personal data into ChatGPT, such as personal data relating to customers, colleagues or service users, this is a form of “processing” for UK GDPR purposes. This should be captured in your privacy notices and like any form of processing, you will need to establish the purpose and lawful bases for processing. There are higher protections for sensitive “special category” personal data. Employees inputting personal data into Chat GPT could compromise its confidentiality, resulting in a data breach.   

There are, of course, wider implications posed by the development and accessibility of AI tools in the workplace, around employee training and development, reskilling and changing job roles. Ultimately, this may result in efficiencies being made which in turn lead to redundancies. 

However, the most immediate consideration is whether to permit the use of ChatGPT and other LLMs at all. If the answer is no, this should be clearly communicated, with the prohibition included as a standalone policy or within your existing policies on IT and systems use. 

If you will permit employees to use these tools, you should consider implementing a generative AI usage policy. This policy would set standards for responsible use. For example, the policy would prohibit employees from inputting confidential or proprietary information, or any personal data. It would also remind employees that they are responsible for verifying the accuracy and suitability of any AI generated content they use. This is especially important given that LLMs are “black box” systems – meaning that users only see what they put in, and what comes out. Your policy can reinforce that employees are expected to check and understand the content they generate. 

Many policies also require employees to record the prompts they have used, the content generated and the changes they have made. This creates an audit trail, which can be important given the difficulties in monitoring how individual AI tools have been used. Depending on the expected volume, you could require employees to log their usage in an internal database.  

Having this policy in place should help set expectations within your workplace and allow employees to access the benefits of AI tools while mitigating risk. The right balance will depend on your individual circumstances. Many businesses are now implementing paid for and business specific AI tools – and even paying bonuses to employees for using them. 

If you do roll out AI use across your workforce, this will naturally involve training and upskilling alongside setting these policy requirements. You should consider where any employees are placed at a particular disadvantage during this process due to protected characteristics such as disability or age. With the latter, studies suggest that AI uptake is lowest in older workers, with negative assumptions made about their suitability for AI related roles. 

Breaching any specific prohibitions on using AI tools can be dealt with under your usual disciplinary procedure. Using these tools for permitted uses but failing to carry out proper checks will likely be either a conduct or performance issue. If you find that employees are using AI tools to create content which they cannot properly explain to internal or external stakeholders, this can be managed as a performance issue. 

Overall, these AI tools can have significant benefits for your business, but like anything, they should be used responsibly with a sensible policy in place to mitigate risk. In the words of ChatGPT itself: “using me for work is a great idea in many cases, especially for tasks that require efficiency, creativity, or research. But as with any tool, it’s important to understand the boundaries and apply human judgment when needed.”

This article was provided by Jack Balmer, a Director in the employment team at Tughans LLP. Jack works exclusively in employment law. You can contact him at: 

Phone: 028 9055 3300
Email: jack.balmer@tughans.com
Website: www.tughans.com