Generative AI IT Security Guidelines

Generative AI is a type of artificial intelligence (AI) that uses machine learning algorithms to produce or remix content. Depending on the AI used the content output can be text, imagery, audio, code and many other formats.

Generative AI tools provide new ways to create content, explore ideas or to synthesise information, and have the potential to support many areas of study, research and business administration.

It is important to consider security and privacy factors to ensure the safe and responsible use of generative AI.

Security and privacy considerations when using generative AI

When using generative AI such as ChatGPT, it is important to consider security and privacy factors to protect sensitive information and avoid potential data breaches.

The following guidelines should be followed:

  1. Do NOT enter Class 2, 3, or 4 data into generative AI such as ChatGPT (refer to the CSF Information Classification and Protection Standard for definitions of these classes).
  2. In particular, never enter the following
    • personally identifiable data such as home address, TFN (Tax file number), passport number and driver’s license number
    • personal health and medical information
    • passwords and other secrets
    • commercially sensitive data and intellectual properties
  3. Avoid using your UofA email to sign up to generative AI services, since the University has not formally endorsed the use of generative AI tools as part of enterprise IT.
  4. If you are using ChatGPT, consider turning off “Chat History & Training” to prevent prompts from being logged and used for training the GPT model. Refer to this page on how to do this.