Washington State University faculty, staff, and students — particularly those working with personal identifying information or research data — need to consider the data stewardship implications of using artificial intelligence (AI) tools like ChatGPT.
The nature of open-source AI tools means that entering non-public data or information poses privacy and security risks, according to new guidance issued by the Office of Compliance and Risk Management in conjunction with Information Technology Services.
“Because we’ve become aware of incidents at other institutions and companies where people were entering confidential data into AI tools, we felt it was appropriate to put out guidance to help our university community understand what their data security obligations are as these tools become more popular,” Tony Opheim, interim vice president and CIO, said.
The use of AI tools like ChatGPT has prompted significant discourse among higher education experts, particularly around the implications of their use by students for academic assignments. While the new policy is narrow in its scope, it represents a significant step by WSU to reorient itself within the emerging AI-influence landscape.
Under the leadership of the Office of the Provost, a systemwide working group has been established to develop AI strategy, guidance and academic policy recommendations.
Anyone looking to use non-public WSU institutional data with open-source AI tools as part of their work or research must request a security assessment by Information Technology Services as well as receive prior written authorization from the WSU System privacy officer.
The full guidance on AI tools and data stewardship is available below. ITS is also working with the Office of the Provost and Compliance and Risk Management to create a website dedicated to providing resources and guidance on open-source AI tools.
Guidance on WSU Data Stewardship and Artificial Intelligence
Users of ChatGPT and similar artificial intelligence (AI) technology or AI programs must avoid integrating, entering, or otherwise incorporating any non-public institutional (WSU) data or information, including but not limited to personal identifying information or research data. The use of institutional data with these services may result in unauthorized disclosure to the public and may expose the user and the University to legal liability and other consequences.
ChatGPT and similar AI technology/programs have rapidly become common tools to assist with work and productivity. WSU recognizes the opportunities these tools create, as well as the risks.
Currently, WSU does not have any authorized or approved contracts with AI providers and has not authorized or approved the use of open-source AI in University operations or activities involving use of institutional data. This means data and information integrated into AI may not be protected by the same privacy and security requirements applicable to WSU-contracted technology and software, and the data may not be within WSU’s protected IT environment. Once data or information is shared, it becomes potentially accessible by others and cannot be controlled or retrieved.
WSU’s Executive Policy 8 (WSU System Data Policies) and BPPM 87.01 (WSU Information Security Roles, Responsibilities, and Definitions) apply to all uses of technology, including AI. Only WSU data and information designated as “public” under EP 8 and BPPM 87.01 may be used with AI tools. In addition, all uses of WSU resources, including data, information, and technology resources, are subject to state Ethics in Public Service Act, RCW 42.52, and the University Ethics Policy (EP 45), as well as other University policies. Users of Open AI should also be aware of Open AI usage policies.
Recognizing both the challenges and the opportunities AI presents, the Office of the Provost is in the process of establishing a WSU AI Strategy and Policy Task Force charged with making strategy and policy recommendations for engaging with AI at WSU, including training recommendations for faculty and staff and policy guidance on academic integrity and related issues. The group is systemwide and co-chaired by Bill Davis and Karen Metzner.
Individual WSU employees and units are not authorized to enter into service agreements or otherwise use open-source AI technology for activities that use WSU non-public institutional data, absent an ITS Security Assessment and prior written authorization from the WSU System Privacy Officer.
All WSU personnel, including student employees and graduate students, are urged to use AI responsibly and to comply with this guidance and WSU policies. For questions regarding information privacy, please contact the WSU System Privacy Officer at firstname.lastname@example.org. For questions regarding information security, please contact the WSU System Chief Information Security Officer at email@example.com. For information on reporting a potential information security incident, please see BPPM 87.55.