Billings, Mont., Implements Its First AI Security Policy
(TNS) — In a progressive move towards modern governance, Billings has taken significant steps to refine its approach to technology, particularly concerning artificial intelligence (AI). During a recent city council meeting, council member Andrew Lindley proposed the establishment of a Technology Advisory Commission. This commission would comprise industry experts providing critical guidance on various technological issues, notably cybersecurity policies, citizen interaction technologies, and AI governance within the city administration.
In a proactive response, city officials have already implemented their first AI security policy, overseen by City Administrator Chris Kukulski and IT Director Jeff Sprock. This policy, part of an IT handbook update, recognizes the increasing significance of AI in municipal operations and addresses essential topics such as privacy, transparency, and ethical usage.
Everyday Usage and Data Security
According to city officials, staff members are permitted to use AI for routine tasks, including web searches and email drafting. Kukulski noted the utilization of tools like Claude and ChatGPT among staff, likening their use to standard search engines.
While acknowledging the benefits of AI, Kukulski emphasizes the necessity of double-checking AI-generated content. He states, “You have to read and reread and double-check anything that comes out of it because sometimes it hallucinates and brings in inaccuracies.”
Importantly, the security policy strictly prohibits the uploading of sensitive personal information—such as Personally Identifiable Information (PII) and Criminal Justice Information System (CJIS) data—into any AI models. Sprock remarked, “We’ve been very vocal in saying you can’t put PII into AI.”
Furthermore, the city monitors the types of AI models utilized by staff, ensuring that they comply with industry-standard data security principles and undergo appropriate risk management assessments prior to implementation. Kukulski highlighted concerns regarding data storage locations, stating, “The big concern with AI is you don’t know where the data necessarily is being stored.”
Maintaining Public Trust Through Transparency
Transparency regarding AI usage is a significant public concern, especially for institutions wielding substantial influence over public life. The city’s policy commits to openly disclosing AI usage and instructs employees to explain AI decisions to the public, particularly when they affect critical areas like law enforcement and resource allocation.
To further enhance transparency, a reporting system for AI misuse has been established, with penalties ranging from suspension of IT privileges to termination for severe violations. This ensures accountability in the application of AI technologies.
An Ongoing Process
The rapidly evolving nature of the AI industry poses continuous challenges for regulation. Despite this, Sprock and his team remain dedicated to staying ahead of the technological curve, already considering updates to the city’s AI security policy, even though it was implemented less than a year ago. “As quickly as it’s moving, you could have adopted something 90 days ago, and new information could already be out,” he noted.
A comprehensive copy of the city’s AI Security Policy is accessible within its IT Policy Handbook on the city’s official website, reflecting Billings’ commitment to responsible and secure AI integration in public administration.
