» Guidelines Relating to Data Privacy and Security When Using Generative Artificial Intelligence Tools

Generative Artificial Intelligence (AI) tools, such as OpenAI’s ChatGPT, may create a risk of compromising private, confidential, proprietary, and sensitive data. The University supports the responsible use of Generative AI tools, but it is important to consider data privacy and security when using these tools.

The University has a data risk classification matrix that it uses to classify data. Data considered “High” risk should not be entered into any generative artificial intelligence tool at this time. Bing Chat Enterprise is the only tool currently approved for “Moderate” tier data.

University information that may be input into Generative AI tools:

Publicly available information that is lawfully published or internal information that is approved to be provided to the public by the University

Examples include:

  • University Community Email Announcements
  • University publications
  • Information on the University’s public facing website without Chapman ID authentication (note all information accessible to community members are not available to the public)
  • Content on University Social Media accounts
  • Job Postings
  • Publicly available maps

Information that may NOT be input into Generative AI tools:

Personal, confidential, proprietary, or sensitive information should not be published or uploaded into a Generative AI tool other than Bing Chat Enterprise.

Examples include but are not limited to:

  • Student records subject to FERPA
  • Admissions records
  • Social security numbers
  • Credit or Debit card information
  • Driver license numbers or State Identification Card number
  • Medical or Patient-related data, including medical history, diagnosis, mental or physical condition, or treatment
  • Health Insurance information, including policy number, subscriber number, application information, claims history, and appeals records
  • Research participant data unless there is a consent to use it publicly
  • Bank account numbers or information
  • University budget and business records
  • Employee personal records, including recruitment and search records, Employee evaluation, and disciplinary records
  • Legal analysis or advice
  • University Telephone directories
  • Any information within the scope of a Nondisclosure Agreement or nondisclosure terms of contracts
  • Intellectual property owned by or licensed from a third party without express written permission
  • Donor information
  • Passport and Visa numbers
  • Copyrighted material unless you are the author and it does not require permission from your publisher

Information where caution should be used before input into Generative AI tools (other than Bing Chat Enterprise):

Content that may contain personal, confidential, proprietary or sensitive information should only be uploaded after verification that it does not include information that may not be uploaded.

Examples include:

  • Course content materials
  • Unpublished academic research or discoveries
  • Meeting notes
  • Presentation notes
  • Research data
  • Email
  • Proprietary or Unpublished Research data or writing or uploading information on discoveries may compromise your ability to seek a patent or copyright in the future

Rationale for the Above Guidelines:

The University only has an agreement with Microsoft for the usage of Bing Chat Enterprise that covers data privacy and security.

Please also note that Microsoft and OpenAI explicitly forbid the use of ChatGPT and their other products for certain categories of activity, including fraud and illegal activities. This list of items can be found in their usage policy document.

Personal liability for publication on ChatGPT: ChatGPT uses a click-through agreement. Click-through agreements, including OpenAI and ChatGPT terms of use, are contracts. Individuals who accept click-through agreements without delegated signature authority may face personal consequences, including responsibility for compliance with terms and conditions. We recommend the use of Bing Chat Enterprise to minimize this risk.

For questions regarding data privacy, contact infosec@chapman.edu.