Generative AI IT Security Guidelines
Generative AI is a type of artificial intelligence (AI) that uses machine learning algorithms to produce or remix content. Depending on the AI used the content output can be text, imagery, audio, code and many other formats.
Generative AI tools provide new ways to create content, explore ideas or to synthesise information, and have the potential to support many areas of study, research and business administration.
It is important to consider security and privacy factors to ensure the safe and responsible use of generative AI.
Security and privacy considerations when using generative AI
When using generative AI such as ChatGPT, it is important to consider security and privacy factors to protect sensitive information and avoid potential data breaches.
The following guidelines should be followed:
- Do NOT enter Class 2, 3, or 4 data into generative AI such as ChatGPT (refer to the CSF Information Classification and Protection Standard for definitions of these classes).
- Unless an approved Software Assessment has been completed to use the service for University purposes, do NOT use your UofA email to sign up to generative AI services. The University has not formally endorsed the use of generative AI tools as part of enterprise IT. If you have signed up using your UofA email, please follow the steps on this page to delete your ChatGPT account. Different steps will apply to different platforms. We suggest you refer to the user guide for that specific service to delete your account.
- In particular, never enter the following
- personally identifiable data such as home address, TFN (Tax file number), passport number and driver’s license number
- personal health and medical information
- passwords, passcodes, and other confidential information
- commercially sensitive data and intellectual property
- If you are using ChatGPT, consider turning off “Chat History & Training” to prevent prompts from being logged and used for training the GPT model. Refer to this page on how to do this.