Select Board adopts IT resource-use, generative-AI and written information security policies

The Select Board on Aug. 19 unanimously approved three policies governing municipal information technology and data security: a revised Information Technology Resource Use (ITR) policy, a new Generative Artificial Intelligence (AI) Use policy, and a Written Information Security Policy (WISP) that sets an overarching risk-management framework and references operational guidelines.

Fung (Feng) Yang, the towns chief information officer, explained the changes and said the information-security guidelines are intentionally separated from the high-level WISP so that technical procedures can be updated as technology evolves. The WISP organizes governance around confidentiality, integrity and availability of municipal data and catalogs a set of supporting procedures.

The Generative AI policy is aimed at governing ad hoc and unsanctioned use of public-facing AI tools and to reduce organizational risk while allowing staff to adopt tools in a controlled way. Mr. Yang thanked Select Board Member Michael Rubinstein for detailed language suggestions that clarified definitions and user responsibilities.

Board members asked for a practical implementation path. HR Director Anne Braga said discrimination or privacy concerns would be addressed through fact-specific investigations and that departments should consult HR and IT before using sensitive material in training or public-facing content. Town Administrator Chaz Cary added the policies had been vetted by counsel and the IT advisory committee.

The Select Board voted 5-0 to adopt the three policies and directed staff to maintain the operational guidelines and return as needed with updates.

Ending: The policies give Brookline a governance framework for data handling, digital security and the use of generative-AI tools; the WISP and linked operational guidelines will be maintained by the IT department and updated as technologies and risks evolve.