Using AI Securely
The University of Richmond is exploring and implementing the potential of AI in education and research. Our faculty hub has been offering workshops and seminars demonstrating the capabilities and benefits of integrating AI into the classrooms.
It is important for the UR community to understand using ChatGPT and other Generative AI tools requires responsible usage, awareness of potential biases, balance with human interactions, privacy and security considerations and continuous learning.
-
Data & Security Compliance
-
When providing information to ChatGPT and other Generative AI tools, it is important to understand UR’s data and privacy regulatory standards.
Service Is the service consumer or enterprise focused? Where is the information stored or processed? Does the service have a current UR Contract? What kinds of information is appropriate for the service? Adobe Firefly Enterprise Third Party Cloud Yes (Part of Creative Cloud) Public, non-identifiable information ChatGPT 3.5 Consumer Third Party Cloud No Public, non-identifiable information ChatGPT 4.0 Consumer Third Party Cloud No Public, non-identifiable information Dall-E Consumer Third Party Cloud No Public, non-identifiable information Google Bard (Personal Google Accounts) Consumer focused Third Party Cloud No Public, non-identifiable information Google Bard (UR) Consumer focused Third Party Cloud No, not enabled Public, non-identifiable information Microsoft Bing Chat (Consumer) Consumer Third Party Cloud No Public, non-identifiable information Midjourney Consumer Third Party Cloud No Public, non-identifiable information
-
-
Guidance
- When providing information to ChatGPT and other Generative AI tools, it is important to understand UR’s privacy and consent guidelines.
- AI data usage should include limitation and purpose specification requirements
- Anonymize the AI data where possible
- Minimize the amount, granularity and storage duration of personal information when engaging with AI systems
- Maintain privacy notices
- Provide a copy of user’s data upon request, giving notice when major changes in personal data processing occurs
- Consent may be used or required in specific circumstances
- Ensure consent to provide AI data usage is properly obtained, recorded and proper actions are taken if it is withdrawn
- Reference: https://owasp.org/www-project-ai-security-and-privacy-guide/
- When providing information to ChatGPT and other Generative AI tools, it is important to understand UR’s privacy and consent guidelines.
-
Regulation
- At this time ChatGPT and other Generative AI tools are not currently regulated by the US government but institutions within the US have implemented their own organizational regulations in utilizing the technology in a safe manner.UR’s data security and privacy regulatory standards includes, but is not limited to:
- Data Security Policy
- External Data Transfer Policy
- This policy applies to the data transfer of Confidential or Restricted data to an external party performed on a manual, ad-hoc, or one-off basis.
- Family Educational Rights and Privacy Act of 1974 (“FERPA”)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- At this time ChatGPT and other Generative AI tools are not currently regulated by the US government but institutions within the US have implemented their own organizational regulations in utilizing the technology in a safe manner.UR’s data security and privacy regulatory standards includes, but is not limited to: