820 Artificial Intelligence Security

RATIONALE:  As an academic, research, and clinical institution, the University supports responsible, measured experimentation with and use of new technologies, including Artificial Intelligence (AI). However, the University requires Users to follow all applicable regulations, policies, and standards, including, but not limited to, Acceptable Use, protection of Confidential and Internal data, and intellectual property. As AI capabilities rapidly evolve, appropriate safeguards must be in place to ensure the protection of University data and mitigate potential risks associated with the use of these technologies.  

POLICY:  

Risk Management and Protection: AI, both standalone and as an application feature, are subject to the University’s policies and processes associated with obtaining Software, Applications, and Hosted Solutions/Services. Data used and generated by AI systems must be handled according to the University’s Data Classification Standard, along with applicable external legal/regulatory frameworks or other contractual obligations (including Federal, State, and other grant requirements).  Confidential and Internal data must be safeguarded from unauthorized access, upload, and misuse.  Entering Confidential or Internal Data into an unauthorized AI system constitutes a public disclosure and must be addressed through the Oakland University Incident Response Program.

Acceptable Use: AI must be used ethically, responsibly, and in alignment with Oakland University's values and legal obligations, and must comply with the University’s Acceptable Use Policy #890. Any use of AI tools and technologies must conform to the following criteria:

• AI is used in alignment with applicable University and department policies and procedures, federal and state laws, rules, and regulations, and academic integrity policies.
• Oakland University Confidential or Internal Data, intellectual property (belonging to the University, faculty, staff, or students), clinical, research materials, confidential human resource data, and student data are not entered into unapproved systems.
  • All IT solutions and services used to process University Data must be reviewed and approved through the Technology Review process.

SCOPE AND APPLICABILITY:  This policy applies to all employees (faculty, staff, and student employees), contractors, and affiliates/guests who access, use, or control Information Resources at the University, including those who may use AI in their official capacity.

Students must comply with the University’s Student Code of Conduct and applicable rules and regulations established by the University, department, program, and faculty regarding the appropriate use, if any, of AI in their coursework. Students are responsible for reviewing the Student Code of Conduct and consulting with their department, program, and faculty regarding such use. 

DEFINITIONS: Capitalized terms used herein without definition are defined in the UTS Standard: IT Terminology document.

PROCEDURE:  In order to maintain pace with the rapid evolution of AI capabilities, the campus community should adhere to the information provided in the Artificial Intelligence Usage Guidelines.

RELATED POLICIES AND FORMS:

OU AP&P #890 Acceptable Use

Data Classification Standard

Artificial Intelligence Usage Guidelines

UTS Standard: IT Terminology

Student Code of Conduct

Technology Review Process