Using AI Securely

As the UR community continues to engage and expand our use of AI tools please keep in mind there are AI-security related risks associated with AI tools.

If someone sends you a prompt to paste into AI, treat it the same way you would a link you weren’t expecting. Don’t copy and paste it into an AI. Problem averted!

A few simple guidelines:

• Stick with prompts you create yourself or come from trusted internal sources
• Be cautious of anything promising “free features” or quick fixes
• Avoid entering sensitive or internal information into public AI tools

Link to Real-World Example

UR’s data security and privacy regulatory standards includes, but is not limited to:

• Data Security Policy
  • Includes the following UR AI policy
    • IRM-4004.6 Use of Generative Artificial Intelligence with University Data
      
      • This section defines data security requirements for the use of GenAI by University faculty, staff, and students. These requirements are in addition to all other requirements defined in this policy.
• External Data Transfer Policy
  • This policy applies to the data transfer of Confidential or Restricted data to an external party performed on a manual, ad-hoc, or one-off basis.
• Family Educational Rights and Privacy Act of 1974 (“FERPA”)
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Payment Card Industry Data Security Standard (PCI DSS)

At this time various states and federal agencies have their own respective guidance and standards related to the use of artificial intelligence. Below are resources you can review.

• Virginia Commonwealth Executive Order 30 (2024)
• CISA
• DHS