Data Privacy and Security Guidelines for Generative AI Tools

3 mins read
Data Privacy

Generative Artificial Intelligence (AI) tools, like OpenAI’s ChatGPT, have the potential to pose risks to data privacy and security. While our institution supports the responsible use of such tools, it is crucial to address these concerns.

Data Classification Framework

Our university follows a data risk classification matrix to categorize data. Data labeled as “High” risk should not be used with any generative AI tool. Currently, Bing Chat Enterprise is the sole approved tool for “Moderate” tier data.

Data Suitable for Generative AI Tools

  • Publicly available information lawfully published or content approved for public access by the university. This includes:
    • University Community Email Announcements
    • University publications
    • Publicly accessible University website information (without Chapman ID authentication)
    • Content on University’s public social media accounts
    • Job postings
    • Publicly available maps

Data Inappropriate for Generative AI Tools

  • Personal, confidential, proprietary, or sensitive data should not be used with any generative AI tool, excluding Bing Chat Enterprise. This data includes but is not limited to:
    • Student records protected by FERPA
    • Admissions records
    • Social security numbers
    • Credit or debit card information
    • Driver’s license numbers
    • Medical or patient-related data
    • Health insurance information
    • Research participant data without public use consent
    • Bank account information
    • University budget and business records
    • Employee personal records
    • Legal analysis or advice
    • University telephone directories
    • Information covered by Nondisclosure Agreements or contract nondisclosure terms
    • Intellectual property not explicitly allowed by third-party licenses
    • Donor information
    • Passport and Visa numbers
    • Copyrighted material, unless authored by the user and exempt from publisher permissions

Exercise Caution with Certain Data

  • Content that may contain personal, confidential, proprietary, or sensitive information should only be used after thorough verification. Examples include:
    • Course content materials
    • Unpublished academic research
    • Meeting and presentation notes
    • Research data
    • Emails
    • Proprietary or unpublished research data
    • Any information that might jeopardize future patent or copyright claims

Basis for These Guidelines

The university currently holds a data privacy and security agreement solely with Microsoft for Bing Chat Enterprise usage.

Please be aware that both Microsoft and OpenAI explicitly prohibit the use of ChatGPT and their other products for specific activities, including fraudulent and illegal actions. Refer to their usage policy document for a comprehensive list.

Personal Accountability for ChatGPT Use

ChatGPT operates under a click-through agreement, constituting a legally binding contract. Individuals who accept such agreements without delegated signature authority may bear personal consequences, including compliance responsibility. To mitigate this risk, we recommend the use of Bing Chat Enterprise.

1 Comment

Leave a Reply

Your email address will not be published.