Data security concerns with AI services like ChatGPT
Tara Stone,
CCIT Communications
May 19, 2023
The rise in capabilities and ease of access of ChatGPT and other AI services provides exciting potential as a tool for research, programming, data processing and other applications. However, when using these AI services, as with any technology, we are obligated to protect and preserve the data we use at Clemson every day.
Clemson is committed to protecting the privacy of its students, alumni, faculty, and staff, as well as protecting the confidentiality, integrity, and availability of information. A recent disclosure of sensitive data and information by engineers at a large technology company into ChatGPT sheds light on the potential for the disclosure of sensitive information at institutions like Clemson to an AI developer.
AI services like ChatGPT retain user input data to further train itself, leading to possibly sensitive data in the hands of these companies. Therefore, putting data into ChatGPT or similar services is equivalent to disclosing that data to the public. There are currently no legal agreements providing assurance of data confidentiality between Clemson University and any AI developers. Any sensitive data disclosed to the public could be considered a breach under FERPA, HIPAA, PCI, GLBA or other Federal or State Statute. Examples include, but are not limited to:
- Social Security Numbers
- Credit Card Numbers
- Personally identifiable medical information
- Financial Aid information
- Student education records
Additionally, great caution is suggested with the following information:
- Research data
- Intellectual Property
- Source code
- Proprietary data
- Internal meeting notes
- Hardware related information
- Presentation notes
- Emails
For more information on commonly used data types at Clemson and which security controls are required for related systems and applications, please refer to Clemson’s data classification policy.
While AI may prove to be a valuable tool, its use at Clemson is limited by our control over how sensitive data is stored and accessed. Please be cognizant of our data stewardship responsibilities as you explore these new technologies and their capabilities.
Notices
Forced Windows update on August 16, 2024
Outage of Multiple Clemson Applications, June 26, 2024
Changes To Clemson Email Quarantine
FCC/FEMA Emergency Alert System Test on October 4, 2023
Check the status of university systems on Status Hub
Security upgrades to impact email spam retrieval beginning July 12, 2023
Campus network and TikTok — July 10, 2023
Kronos to require log-in through Duo mobile application on July 21, 2023
PeopleSoft and Banner Outage on June 11, 2023
Upcoming changes to Google Workspace
Temporary restrictions to iROAR access – Nov. 30, 2022
Welcome Back: Important IT Updates for Faculty and Staff
Welcome Back: Important IT Updates for Students
Eduroam Update – July 15, 2022
New Student Laptop Models Available for 2024-2025