Keep private university data private when using AI

From drafting emails and lesson plans to creating presentation outlines or writing HTML, the capabilities of generative artificial intelligence (AI) in higher education are extensive.

Generative AI has the power to create content, including text, images, music and code, that is strikingly similar to content created by humans. That’s all thanks to the way generative AI models learn. Tools like ChatGPT, which has around 100 million active weekly users, take the content users input and use it to further train their models. That means anything you say to a generative AI-powered chatbot can appear in its future responses to other users.

In the Cisco 2024 Data Privacy Benchmark Study, 62% of respondents said they have entered information about internal processes and 48% have entered non-public information about their company into generative AI tools.

For the Wolfpack community, disclosing this type of data could put the university at serious risk. Here are some things to keep in mind when interacting with AI:

Only Input Non-Sensitive Data

Following NC State’s Data Management Framework, only green data is currently allowed to be entered into AI tools. Green data refers to university data that is not sensitive.

Even when your chatbot prompts seem innocent enough, it’s important to be mindful of the data you provide in those prompts. A researcher, for instance, might be tempted to use AI to summarize research data. But if any of that data is considered sensitive — or classified higher than green — it is not permitted at this time.

See the Data Classification Levels section of the Data Management Framework to determine how your data is classified.

Be Careful With Data Control Settings

Some generative AI tools have added data control settings, such as allowing you to turn off chat history or limit how your data is used. While they may provide you some sense of control, these settings are not foolproof and do not supersede NC State’s Data Management Framework. You should always take care when using university data with AI systems regardless of your data control settings.

Reviews Required for All AI-Related IT Purchases

All IT purchases with an AI component, including software, web-based applications and cloud hosting services, are required to go through an IT Purchase Compliance (ITPC) review by the Office of Information Technology. To learn more about the ITPC process, see About IT Purchase Compliance.

For more information about AI use on campus, take a look at the following resources:

If you have questions or need assistance, contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357).