Make sure to treat unsecured AI systems like public platforms. As a general rule, and in accordance with MIT’s Written Information Security Policy, you should never enter any data or input that is confidential or sensitive into publicly accessible generative AI tools. This includes (but is not limited to) individual names, physical or email addresses, identification numbers, and specific medical, HR, financial records, as well as proprietary company details and any research or organizational data that are not publicly available. If in doubt, please consult with MIT Sloan Technology Services Office of Information Security.
Note that some of this data is also governed by FERPA (Family Educational Rights and Privacy Act), the federal law in the United States that mandates the protection of students’ educational records (U.S. Department of Education), as well as various international privacy regulations including the European GDPR and Chinese PIPL.
