Security and Privacy Statement on Artificial Intelligence
Artificial Intelligence (AI) technology is rapidly evolving, and the university is currently exploring how AI can be utilized in our educational, research and innovation, and health care endeavors. This guidance will be updated as new tools and vendors are brought into the university’s technical environment.
The use of generative AI tools, like ChatGPT, Gemini, Copilot and others, has increased rapidly over the past year and will continue to grow. While the university has already begun incorporating AI tools into our educational spaces, the Office of Technology and Digital Innovation’s (OTDI) Digital Security and Trust (DST) team is working to better understand how these systems protect the security and privacy of information they collect, especially as it pertains to institutional data.
Institutional Data and AI Use
Ohio State’s institutional data is information created, collected, maintained, transmitted or recorded by or for the university to conduct university operations. The Institutional Data Policy (IDP) establishes the need to protect institutional data and requires that all institutional data is assigned one of four security classification levels (S1 – S4). More information about the IDP, what types of information falls into each institutional data category and a calculator to view classification of different data combinations can be found on OTDI’s IDP webpage.
What AI tools may I use with institutional data?
DST is actively evaluating AI platforms and software augmented with AI tools. This list of approved tools will be updated as software is vetted.
What data may I use in approved AI tools?
While it is a best practice to only use S1 (public) or S2 (internal) institutional data in approved AI tools, S3 (private) and/or S4 (restricted) data can be included when necessary for your education, business or research use case. Keep in mind that all software carries a risk of data breaches, so only enter the data necessary to achieve your goal.
This guidance does not apply those with access to Microsoft 365 Copilot, as this tool accesses institutional data across Office 365 applications.
What if I want to use an AI tool not listed on the Approved AI Tools webpage?
University community members should not enter any institutional data that is categorized above the S1 (public) level into unvetted AI tools.
Have questions or need guidance on using AI tools with institutional data?
Contact DST at otdi-dst@osu.edu for assistance.
Privacy and Information Integrity
Those who wish to use the unprotected version of Copilot (meaning you are not logged in with your university username and password) or another, unvetted AI platform should think carefully about what happens to the information entered into these tools before engaging with them. Many AI companies state that that they have access to all information entered into the system, including account information and any inputs used to generate a response. This data could be breached and used by cybercriminals to create malware, phishing email campaigns or other cyber scams. Additionally, information entered in a prompt could be used to train the underlying large language model, meaning that whatever data is in the prompt could then be inadvertently exposed to another user.
When using any generative AI tools, including Copilot, be sure to cross-reference any information the tool gives you to make sure it’s accurate, as these systems have been known to make up, or “hallucinate”, data. You should also consider whether the information you received from an AI tool is copyrighted and thus subject to certain regulations regarding its use.
We are all responsible for keeping our institutional data secure, especially as AI becomes more widely available. If you ever have concerns about your university account being compromised, you can reach out to the IT Service Desk online or by calling at (614) 688-4357 (HELP).
Learn More
Faculty, staff and students can learn more about using AI for work, school or personal purposes by visiting:
- The special achievement focused on AI in Cybersecurity for You (C4U), the university’s cybersecurity awareness platform. The activities within this achievement will help you navigate everything from considerations to take before using AI for work or course assignments to the effectiveness of AI detectors.
- The Teaching and Learning Resource Center’s comprehensive resource to guide AI use in our academic environments.
- The “Learn to Use AI” webpage on the university’s AI website covers AI basics, common terms and the pros and cons of using these tools. There is also a list of free online courses by LinkedIn and other industry leaders to help you learn about using AI tools.
Questions about AI usage pertaining to information security and privacy considerations can be directed to the DST team at otdi-dst@osu.edu.
Updated: October 16, 2024