Part of the People Ops AI Brain — ← Back to Hub
┌─────────────────────────────────────────────────────────────────────────────────┐
│ AI GOVERNANCE MENTAL MODEL │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ THE GOVERNANCE FRAMEWORK (6 PILLARS) │
│ ───────────────────────────────────────────────────────────────────────────── │
│ │
│ 1. DATA CLASSIFICATION → What data can be used, and how? │
│ 2. TOOL APPROVAL → Which tools approved for which uses? │
│ 3. USE CASE GUIDELINES → What can AI do? What needs approval? │
│ 4. HUMAN OVERSIGHT → Where is human review required? │
│ 5. ACCOUNTABILITY → Who is responsible when AI is involved? │
│ 6. INCIDENT RESPONSE → What happens when something goes wrong? │
│ │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ THE TRAFFIC LIGHT SYSTEM │
│ ───────────────────────────────────────────────────────────────────────────── │
│ │
│ 🟢 GREEN: GO AHEAD │
│ ├── Your own drafts and work product │
│ ├── Published policies and procedures │
│ ├── Public job descriptions, generic templates │
│ └── Aggregated, anonymised data │
│ │
│ 🟡 YELLOW: PROCEED WITH CAUTION (Enterprise tools only) │
│ ├── Individual names + non-sensitive context │
│ ├── Candidate information (names, experience) │
│ └── Meeting notes (non-sensitive) │
│ │
│ 🔴 RED: DO NOT USE (No exceptions without legal approval) │
│ ├── Compensation data, performance ratings with names │
│ ├── Investigation/disciplinary records │
│ ├── Medical, disability, accommodation info │
│ └── Legal communications, background checks │
│ │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ USE CASE TRAFFIC LIGHTS │
│ ───────────────────────────────────────────────────────────────────────────── │
│ │
│ ✅ GREEN LIGHT (No approval needed) │
│ │ Drafting JDs, policies, training materials, personal productivity │
│ │ │
│ ▼ │
│ ⚠️ YELLOW LIGHT (Proceed with judgement) │
│ │ Candidate screening support, draft comms, feedback themes │
│ │ → Human reviews all outputs, AI doesn't decide │
│ │ │
│ ▼ │
│ 🛑 RED LIGHT (Prohibited) │
│ Automated hiring/termination/promotion decisions │
│ Performance ratings, disciplinary actions, accommodations │
│ │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ THE ACCOUNTABILITY PRINCIPLE │
│ ───────────────────────────────────────────────────────────────────────────── │
│ │
│ "AI doesn't make you less responsible. It makes you MORE responsible." │
│ │
│ If you use AI to create something → You're accountable as if YOU wrote it │
│ "The AI did it" → NEVER an acceptable explanation │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
<aside> ⏱️
TL;DR | 20 min read | Delegate to: whoever owns compliance/risk or your AI Champion
Traffic light data classification (green/yellow/red), approved tools matrix, use case guidelines, human oversight requirements. Get guardrails in place so your team can move fast safely.
Your decision: Who owns AI governance for People? Your action: Share the traffic light model with your team this week.
</aside>
<aside> 🛡️
Governance isn't about saying no. It's about saying yes safely.
People teams handle some of the most sensitive data in any organisation. Good governance lets you move fast on AI adoption while protecting employees, the company, and yourself.
</aside>
People teams aren't like other functions:
| Data Type | Risk Level | Why It Matters |
|---|---|---|
| Compensation data | 🔴 Critical | Pay equity issues, legal exposure, employee trust |
| Performance reviews | 🔴 Critical | Career impact, bias concerns, legal discovery |
| Investigation records | 🔴 Critical | Legal privilege, privacy, defamation risk |
| Medical/disability info | 🔴 Critical | ADA/GDPR compliance, privacy laws |
| Employee personal data | 🟠 High | GDPR, privacy expectations, trust |
| Candidate information | 🟠 High | Hiring bias, privacy, reputation |
| Org structure/plans | 🟡 Medium | Business sensitivity, insider info |
| Policy documents | 🟢 Lower | Generally fine, check for draft vs final |