Data security concerns with AI services like ChatGPT
The rise in capabilities and ease of access of ChatGPT and other AI services provides exciting potential as a tool for research, programming, data processing and other applications. However, when using these AI services, as with any technology, we are obligated to protect and preserve the data we use at Clemson every day.
Clemson is committed to protecting the privacy of its students, alumni, faculty, and staff, as well as protecting the confidentiality, integrity, and availability of information. A recent disclosure of sensitive data and information by engineers at a large technology company into ChatGPT sheds light on the potential for the disclosure of sensitive information at institutions like Clemson to an AI developer.
AI services like ChatGPT retain user input data to further train itself, leading to possibly sensitive data in the hands of these companies. Therefore, putting data into ChatGPT or similar services is equivalent to disclosing that data to the public. There are currently no legal agreements providing assurance of data confidentiality between Clemson University and any AI developers. Any sensitive data disclosed to the public could be considered a breach under FERPA, HIPAA, PCI, GLBA or other Federal or State Statute. Examples include, but are not limited to:
- Social Security Numbers
- Credit Card Numbers
- Personally identifiable medical information
- Financial Aid information
- Student education records
Additionally, great caution is suggested with the following information:
- Research data
- Intellectual Property
- Source code
- Proprietary data
- Internal meeting notes
- Hardware related information
- Presentation notes
For more information on commonly used data types at Clemson and which security controls are required for related systems and applications, please refer to Clemson’s data classification policy.
While AI may prove to be a valuable tool, its use at Clemson is limited by our control over how sensitive data is stored and accessed. Please be cognizant of our data stewardship responsibilities as you explore these new technologies and their capabilities.