At a Glance

Using generative AI tools to enhance your teaching requires a strong commitment to data privacy. Here are some essential guidelines for protecting your and students’ privacy when using publicly available generative AI for teaching and learning.

Use Approved AI Tools

We’ve approved these tools for use at MIT Sloan on an ongoing or experimental basis. Working with these tools rather than publicly accessible AI tools can keep your and your students’ data secure.

  • Microsoft Copilot provides the MIT Sloan community with data-protected access to AI tools GPT-4 and DALLE-3. Chat data is not shared with Microsoft or used to train their AI models. Access Microsoft Copilot by logging in with your MIT Kerberos account at https://copilot.microsoft.com/. To learn more, see What is Microsoft Copilot (AI Chat)?
  • Stack AI is a no-code platform that allows you to create your own AI-powered applications. You can open a Stack AI account through STS for experimental use. In Stack AI, make sure to select approved LLMs OpenAI and Azure LLM. To learn more, see Tool Overview: StackAI.

Avoid Sharing Sensitive Data

Many publicly-available generative AI platforms learn from what you enter and retain the input (Eliot, 2023), whether it’s a few simple words, a certain amount of text that you copied from your essay, your students’ paper, partial research data, a draft of personal email, or contracts you’re preparing. AI can learn a great deal about you as a person and as a professional by processing the data you submit.

Make sure to treat unsecured AI systems like public platforms. As a general rule, and in accordance with MIT’s Written Information Security Policy, you should never enter any data or input that is confidential or sensitive into publicly accessible generative AI tools. This includes (but is not limited to) individual names, physical or email addresses, identification numbers, and specific medical, HR, financial records, as well as proprietary company details and any research or organizational data that are not publicly available. If in doubt, please consult with MIT Sloan Technology Services Office of Information Security.

Note that some of this data is also governed by FERPA (Family Educational Rights and Privacy Act), the federal law in the United States that mandates the protection of students’ educational records (U.S. Department of Education), as well as various international privacy regulations including the European GDPR and Chinese PIPL.

Treat AI Inputs Carefully

Remember that many publicly accessible AI systems may retain and learn from what you submit. This means that the data you provide can influence or even appear in the system’s future outputs.

Beyond never sharing sensitive data with publicly available AI systems, we recommend that you remove or change any details that can identify you or someone else in any documents or text that you upload or provide as input. If there’s something you wouldn’t want others to know or see, it’s best to keep it out of the AI system altogether (Nield, 2023). This is not just about personal details, but also proprietary information (including ideas, algorithms or code), unpublished research, or sensitive communications.

It’s also essential to recognize that once data is entered into most AI systems, it’s challenging—if not impossible—to remove it (Heikkilä, 2023). Always exercise caution and make sure any information you provide aligns with your comfort level and understanding of its potential long-term presence in the AI system, as well as with MIT’s privacy and security requirements.

Customize Settings in AI Platforms

Another good practice, especially when regularly using generative AI tools, is to take a proactive approach to your data privacy settings. You might start by regularly clearing chat histories to ensure past interactions aren’t stored indefinitely. You may be able to adjust data sharing options. Anthropic and OpenAI, for example, offer settings that prevent chat entries from being used to train their respective models. Some generative AI platforms also offer features like time-based auto-deletion, which automatically removes your personal data after a set period (Nield, 2023). This can be useful if you’re concerned about long-term storage of your interactions.

Conclusion

While generative AI holds great potential for enhancing teaching and learning, it’s critical that educators approach these tools thoughtfully. By taking an intentional and cautious approach to publicly available AI tools, you can harness the benefits of AI while upholding our community’s shared commitment to data privacy.

References

Eliot, L. (2023, January 27). Generative AI ChatGPT can disturbingly gobble up your private and confidential data, forewarns AI ethics and AI law. Forbes. https://www.forbes.com/sites/lanceeliot/2023/01/27/generative-ai-chatgpt-can-disturbingly-gobble-up-your-private-and-confidential-data-forewarns-ai-ethics-and-ai-law/?sh=3cac963d7fdb

Heikkilä, M. (2023, April 19). OpenAI’s hunger for data is coming back to bite it. MIT Technology Review. https://www.technologyreview.com/2023/04/19/1071789/openais-hunger-for-data-is-coming-back-to-bite-it

Nield, D. (2023, July 16). How to use generative AI tools while still protecting your privacy. Wired. https://www.wired.com/story/how-to-use-ai-tools-protect-privacy

OpenAI. (2023, June 23). Privacy policy. https://openai.com/policies/privacy-policy

Schade, M. (n.d.). Data usage for consumer services FAQ. OpenAI. https://help.openai.com/en/articles/7039943-data-usage-for-consumer-services-faq

U.S. Department of Education. (2021, August 25). Family Educational Rights and Privacy Act (FERPA). https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html