ChatGPT Edu Data Guidelines Skip to main content
Generative Artificial Intelligence

ChatGPT Edu Data Guidelines

Because of the added data protection measures enabled through ChatGPT Edu and our specific contract, we can enter most data classified as Public, Internal, and Confidential into the platform when it is necessary to do so for a legitimate business purpose. However, the following types of data should not be entered unless explicitly approved by your institution’s AI Executive Committee:

  • Personally Identifiable Information (PII): Includes names, pictures of individuals, contact information, usernames, student or employee ID numbers (such as NetID or I-Numbers- depending on institution), and other data that can be used to identify an individual. If your use case necessitates the use of PII, data must be de-identified to protect privacy and security. Helpful information on de-identifying data can be found on the data de-identification page.
  • Restricted Data: Includes Social Security numbers, credit card numbers, bank account numbers, passwords, health records, photos (when used for identification), etc. You can read more about this category of highly sensitive dta in the CES Information Classification standards.
  • HIPAA-Protected Data: Includes medical records numbers, health insurance beneficiary numbers, health insurance claims, payment history for medical services, invoices or billing statements related to health care services, health information such as diagnoses, treatment plans, prescription records, medical test results, and surgical and hospitalization records, or other biometric and genetic information like fingerprints, voiceprints, and genetic data.
  • Controlled Unclassified Information: Includes CMMC, NIST SP 800-171, and export-controlled data(ITAR, EAR, and others). This is typically applicable toresearch sponsored by the Department of Defense, Department of Energy, National Institutes of Health, andsome other federal agencies.

More information about the CES Data Classification standard and examples can be found at CES Infomation Governance portal and specifically the CES Information Classification document.

If you have any questions about this information or think your use case may qualify for an exception, please reach out to your institutional AI Committee for review.

Additionally, due to the rapidly evolving state of these emerging technologies and their accompanying risks, these guidelines may need to be updated regularly. Updates will be made to this site and/or disseminated through your institutional AI Committee as needed.