AI technology usage guidelines

The University of Nevada, Reno recognizes the transformative potential of emerging generative Artificial Intelligence (AI) tools (ChatGPT, OpenAI, Microsoft Copilot, etc.) which have demonstrated a significant advancement in revolutionizing daily tasks across personal, educational, and professional domains. As AI tools continue to experience a rapid surge in adoption, the full extent of its impacts remains uncertain. Considering this, we advocate for fostering curiosity and responsible usage of AI tools within the University community. These guidelines are designed to align seamlessly with existing University guidelines and UAM policies, ensuring a steadfast commitment to maintaining safety, security, and academic integrity across the institution.

Purpose

The goal of these guidelines is to establish clean guidelines and requirements for the usage of AI tools within the University. Applicable to all students, employees, contractors, and third parties utilizing AI platforms on behalf of the University, these guidelines aim to provide a framework that ensures responsible and ethical AI usage across the institution to be cautious around information security, data privacy, copyright, and academic integrity.

Key considerations for AI usage:

  • Absence of Formal Campus Vendor: The University currently does not maintain any explicit contracts or internal agreements with individual AI vendors. Consequently, any utilization of AI software is undertaken at the discretion and risk of the user. While the University allows access to certain AI tools or resources, it does not endorse or guarantee the performance, reliability, or outcomes of these tools. If an AI resource is needed, the campus is currently recommending the use of Microsoft CoPilot.
  • Data Protection Imperatives: As with any third-party software or tools not directly supplied by the University, it is imperative to adhere to all recommended data protection protocols. This includes ensuring compliance with relevant privacy laws, safeguarding sensitive information, employing encryption or other security measures to mitigate risks associated with data breaches or unauthorized access. For questions about the University’s data classifications and current policies and procedures, please contact IT Compliance at itcompliance@unr.edu.
  • Potential for Inaccuracy and Bias: It is crucial to acknowledge that AI tools can produce responses that may be incomplete, erroneous, or influenced by biases present in the underlying data or algorithms. Therefore, it is incumbent upon users to exercise diligence and critical judgement when interpreting AI-generated outputs. Human oversight and review are indispensable for identifying and rectifying any inaccuracies or biases that may arise.

Scope

These guidelines are applicable to all users engaging with AI tools on computing resources owned or managed by the University. Encompassing a diverse user base, which includes but is not limited to employees, students, contractors, vendors, third parties, and guests accessing services through UNR’s resources, this policy establishes guidelines specific to the responsible and ethical utilization of AI technologies at the University of Nevada, Reno.

Policy

  1. Confidential Data Protection: Safeguarding both the University's data and individual user information is paramount. It is strongly advised not to share Sensitive, Confidential, or Regulated data on AI tools, as the confidentiality of data may be compromised based on the tool’s data-sharing practices. Refer to Section 3 in Information Security Policies and Procedures (NetID authentication required) for the University of Nevada, Reno's data policy.
  2. Responsibility in Content Generation: Users are required to meticulously review AI-generated content to ensure accuracy and prevent the dissemination of misleading, inaccurate, biased, or copyrighted material. A good review process of generated content is essential to uphold content quality standards.
  3. Risk Assessment Protocol: Before integrating an AI tool into daily tasks, users should initiate a vendor risk management assessment through the Office of Information Technology’s (OIT) Compliance team. This step ensures an evaluation of potential risks associated with the AI tool in review.
  4. Academic Integrity/Standards Compliance: Adherence to academic standards policies (UAM 6,502) is crucial. Users are encouraged to familiarize themselves with relevant policies and disclose the use of AI in academic settings as appropriate.
  5. Security Awareness: Exercise caution when utilizing AI tools, particularly with personal information. Be vigilant against potential phishing schemes that may exploit passwords, emails, and other sensitive information. Maintain a heightened awareness of security risks.
  6. Authentic Recommendations: When choosing an AI tool, opt for reputable and well-established AI tool providers to mitigate potential risks. Third-party access to AI tools, especially those widely used online (i.e. Discord community servers), may pose increased data security threats. Exercise discretion in choosing providers to safeguard data integrity and security.

Responsibilities

  • Users are responsible for adhering to these guidlines and for conducting themselves ethically and responsibly when utilizing AI tools on the University's computing resources.
  • Department heads and supervisors are responsible for ensuring that their respective teams are aware of and compliant with this policy. They should also facilitate access to training and educational resources as needed.
  • OIT oversees the implementation and enforcement of this policy. OIT will provide guidance, support, and resources to assist users in understanding and complying with requirements.

Security

Users with access to data contained on the University's systems that is classified as Confidential or Regulated must take all necessary precautions to prevent unauthorized access to this information. Examples of Confidential or Regulated Data include but are not limited to Family Educational Rights and Privacy Act (FERPA), Graham Leach Bliley Act (GLBA), proprietary, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), and confidential research data.

Employees must use extreme caution when opening email attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code and/or may be considered “phishing”.

Privacy

While the University desires to provide a reasonable level of privacy and does not generally monitor or limit content of information transmitted on the campus network, it reserves the right to access and review such information under certain conditions. These include investigating performance deviations and system problems (with reasonable cause) and determining if an individual is in violation of this policy, as may be authorized by other University or NSHE policy or as may be necessary to ensure that the University is not subject to claims of institutional misconduct.

  1. For security and network maintenance purposes, authorized individuals within the University may monitor equipment, systems, and network traffic at any time. The University reserves the right to audit networks and systems on a periodic basis to ensure compliance with this
  2. In the event of a legal proceeding or as otherwise authorized by the President of the University (or designee), under the advisement of the Office of General Counsel, Information Security reserves the right to access and inspect stored information without the consent of the user when the information is stored within the University of Nevada, Reno computing
  3. As a public agency, the University is subject to Public Records requests (Nevada Revised Statutes chapter 239). Users that have University records contained in their personal email accounts or on personal devices are responsible for furnishing such information when requested under these laws.

Review and revision

These guidelines will be periodically reviewed and revised by the appropriate governing bodies within the University to ensure its effectiveness and relevance in the rapidly evolving landscape of Artificial Intelligence technology. Feedback from stakeholders, advancements in AI research, changes in regulatory requirements, and emerging best practices will inform the review process. Any proposed revisions to these guidelines will undergo thorough evaluation and approval before implementation.