Body
Purpose
This article provides guidance for faculty and staff on the responsible use of artificial intelligence (AI) tools, including large language models (LLMs), in institutional work. It outlines key risks, compliance considerations, and approved usage to help protect sensitive data and ensure accurate, appropriate outcomes.
This guidance applies to all faculty, staff, and affiliates using AI tools in the course of institutional work, including teaching, research, administration, and operations.
Key Principles
When using AI tools, the following principles must guide all use:
- Always protect sensitive and regulated data
- Use only institutionally approved tools and accounts
- Verify all AI-generated outputs before use or distribution
- Maintain human oversight and accountability for all decisions
Understanding the Risks
Data Privacy & Regulatory Compliance
AI tools may process and retain user inputs. Entering sensitive or regulated data into unapproved systems may result in unauthorized disclosure or non compliance.
This includes, but is not limited to:
- FERPA-protected data (e.g., student records, grades, identifiable student information)
- Research data (especially unpublished, proprietary, export-controlled, or sponsor-restricted data)
- Financial information (budget data, payroll, account numbers, or other confidential financial records)
- Personnel and HR records
Important: Even when using an approved tool, protections may only apply when using an institutionally managed account. Personal accounts may not provide the same safeguards.
Use of Unapproved Tools
AI tools that have not been reviewed and approved by the institution may pose significant risks:
- Unknown or inadequate data handling and retention practices
- Lack of contractual protections or regulatory compliance assurances
- No institutional oversight, auditing, or support
Using unapproved tools for institutional work—especially involving sensitive data—may expose both the individual and the institution to legal, financial, and reputational risk.
Accuracy & Hallucinations
AI systems can generate content that appears authoritative but may be:
- Incorrect or misleading
- Fabricated (e.g., non-existent citations or sources)
- Incomplete or outdated
These issues are particularly important in:
- Academic or instructional materials
- Research outputs
- Financial or operational decision-making
All AI-generated content must be reviewed and validated by a human before use.
Overreliance & Decision Risk
AI tools are designed to assist—not replace—human expertise.
Risks of overreliance include:
- Making decisions based solely on AI-generated outputs
- Skipping critical review or approval processes
- Misinterpreting AI-generated summaries or recommendations
Faculty and staff remain fully responsible for all work produced using AI tools.
Agentic AI & Autonomous Actions
Some AI tools are evolving beyond generating text or suggestions and can now take actions on a user’s behalf. These are often referred to as agentic AI systems.
Examples of agentic capabilities may include:
- Sending emails or messages
- Updating documents or records
- Interacting with other software systems (e.g., databases, LMS, financial systems)
- Performing multi-step tasks without continuous user input
Why This Increases Risk
Agentic AI introduces additional risks beyond standard AI use:
- Reduced human oversight: Actions may be taken automatically or with minimal review
- Propagation of errors: Incorrect outputs can trigger real-world actions (e.g., sending incorrect information, modifying records)
- Data exposure across systems: Integrations may move data between platforms in ways that are not visible to the user
- Permission misuse: AI tools operating with user-level access may perform actions the user did not intend
Compliance & Institutional Risk
The use of agentic AI can amplify existing compliance concerns:
- FERPA: Unauthorized modification or disclosure of student records
- Research compliance: Unintended sharing or processing of restricted or sponsored data
- Financial systems: Incorrect transactions, reporting errors, or exposure of sensitive financial data
Because these systems can act directly, errors may not be caught before impact occurs.
Guidelines for Use
- Do not enable or use agentic features (e.g., automation, integrations, plugins, or system access) unless they are explicitly approved by the institution
- Avoid connecting AI tools to institutional systems (email, storage, LMS, finance, research platforms) without review and approval
- Require human review before execution for any AI-suggested action
- Use least-privilege access when interacting with AI-enabled systems
Key Takeaway
AI tools that can take actions should be treated with the same level of caution as giving access to another person—or system—acting on your behalf. Doing so is against the Acceptable Usage Policy.
Until explicitly approved, agentic AI capabilities should be considered high risk and used with extreme caution, particularly when institutional or sensitive data is involved.
Approved AI Tools
The institution maintains a list of AI tools that meet security, privacy, and compliance requirements.
Currently approved tools include:
- ChatGPT (institutional account)
- Microsoft Copilot (enterprise version)
⚠️ This list may change over time as tools are evaluated.
Always refer to the official Approved Software List / IT Services page for the most current information.
Guidelines for Safe Use
✅ Appropriate Use
- Drafting general communications or content
- Brainstorming ideas or outlines
- Summarizing publicly available or non-sensitive information
- Generating code or documentation that does not include sensitive data
❌ Prohibited or High-Risk Use
- Entering FERPA-protected student information into unapproved tools
- Uploading unpublished or restricted research data
- Sharing confidential financial or personnel data
- Using personal AI accounts for institutional work involving sensitive information
- Relying on AI outputs without verification
- Using Agentic AI
Best Practices
- Minimize data exposure: Avoid entering sensitive data whenever possible
- De-identify information: Remove names, IDs, and other identifiers before use
- Verify outputs: Cross-check against trusted sources
- Use AI as a support tool: Not a final authority or decision-maker
- Follow existing policies: FERPA, research compliance, data governance, and IT security policies all apply
Examples
Appropriate
- Drafting a course syllabus outline using general prompts
- Summarizing a publicly available article
- Brainstorming research questions (without sharing sensitive data)
Not Appropriate
- Uploading student assignments with identifiable information into a personal AI account
- Entering unpublished research data into an unapproved tool
- Asking AI to analyze internal financial reports containing sensitive data
Compliance Reminder
Improper use of AI tools may result in:
- Violations of FERPA or other privacy regulations
- Breaches of research agreements or sponsor requirements
- Exposure of confidential financial or institutional data
Such violations may carry legal, financial, and disciplinary consequences.
Additional Resources
Summary
AI tools can provide significant benefits when used appropriately. However, they must be used with care—particularly when handling sensitive, regulated, or institutional data. By using approved tools, protecting data, and verifying outputs, faculty and staff can safely and effectively incorporate AI into their work.