Last month, Kevin Ordonez and I presented at .orgCommunity’s Solutions Day in Schaumburg, IL. Our session was focused on the AI journeys of associations. We asked attendees—mostly association CEOs, CIOs, and COOs—a series of questions about how their organizations are approaching AI.
One statistic really stuck out: only 57% of respondents said their organization has an AI policy.
Only 57%! That means that, for more than half of all associations in the room, it’s the wild west when it comes to staff usage of AI tools.
And, believe me, your staff are using AI. Whether it’s ChatGPT, Microsoft Copilot, Grammarly, Canva, or one of a hundred other tools, your team is tapping into artificial intelligence to write, summarize, code, design, and more, whether or not you have an AI policy in place.
So, Why Is an AI Policy Critical?
1. Your Staff Are Already Using AI
AI use is already happening in your organization, with or without your knowledge. Without a policy, that usage is likely unmonitored and inconsistent. Worse, it’s happening without any constraints or ethical guardrails.
2. A Policy Sets Guardrails for Responsible Use
At Matrix Group, we have a clear rule: confidential data must not be used with AI tools unless explicitly approved. This includes staff, member, and client data.
An AI policy outlines which tools can be used, how they should be used, and what’s off-limits, especially when it comes to security, confidentiality, and compliance.
3. It Reinforces Accountability
AI tools are just that—tools. They can assist, accelerate, and even inspire, but at the end of the day we are still responsible for the final outputs. Whether it’s a blog post, a report, a financial analysis, or even code, the person using the tool must own the final result, and an AI policy can help keep your staff accountable.
4. It Encourages a Healthy Culture of Innovation
When staff know that leadership supports smart AI adoption, and has established boundaries for how to use it, they’re more likely to experiment in meaningful, responsible ways. A policy encourages discussion and learning, instead of shadow use of AI.
What Should Be in a Basic AI Policy?
An AI policy doesn’t have to be long, or perfect, to be effective. Even having a simple, one-page policy can make a big difference for your association. If you don’t have one, make one FAST that at least states:
- No confidential data to be used in AI tools, unless specifically authorized.
- Staff must take responsibility for the accuracy, legality, and appropriateness of all AI-generated content.
Once you have a basic AI policy approved and in place, you can work on expanding it. Here are a few areas to consider:
- Responsible Use: What can AI be used for? What can’t it be used for?
- Approved Tools: Which AI platforms are sanctioned by your organization, and why?
- Confidential Data Protocols: How should employees request permission to use AI tools with sensitive data?
- Storage and Retention: Where will AI-generated outputs be stored? Are records policies for AI work the same as human-generated work? Or are they different?
- Meeting Use: Is it okay to use AI notetakers in staff or board meetings? What about client meetings?
- Ethical Standards: What does “ethical AI use” look like in your profession or industry?
Don’t wait for a crisis or data leak to spark this conversation in your organization.
Instead, start simple. Invite your team to discuss the tools they’re using, learn from their experiments, and then use that knowledge to build an AI policy that protects your organization and supports innovation.
Does your organization have an AI policy? If so, what does it cover? If not, what’s holding you back?