VCU Approves New AI Policy: “Acceptable Use of Generative AI Technology”
VCU’s new AI policy “Acceptable Use of Generative AI Technology” was officially approved on November 12 and outlines the general requirements for the adoption and use of GenAI tools by VCU employees and affiliates. The policy aims to ensure that VCU uses GenAI tools ethically, securely, and in alignment with the institution’s mission to promote real-world learning, innovative research, and community engagement. Technology Services encourages all members of the VCU community to review the policy carefully and consider its impacts on your use of GenAI tools.
The policy requirements and relevant resources are summarized below:
Core Principles: VCU’s use of GenAI tools must align with our institution’s core values and regulatory frameworks, such as the IT Policy Framework. VCU will identify the GenAI tools it provides, how user data is handled, and who is responsible for the proper use and outcomes of those tools. The CIO’s AI Tools and Technologies page provides this information currently.
AI Infrastructure and Tool Adoptions: Only GenAI tools that have been approved by IT Governance may be used with sensitive and non-public data (Category II) or confidential or regulated data (Category I). Entering any Category I or Category II data into publicly available AI tools is prohibited. Our Data Classification Tool is a great way to identify VCU data categories. Additionally, any VCU technology that allows users to interact directly with a GenAI tool must include a clear notice identifying it as such. For example, approved chatbots must include a disclaimer identifying it as an AI technology.
Data Management: Before adopting any GenAI tool, VCU units are expected to understand the classification of data that will be used and follow any appropriate IT Governance processes. When possible, minimize the data sent to a GenAI tool and de-identify data unless the tool is approved by IT Governance for such data. Users must also ensure that all Category I and Category II data sent to GenAI tools are encrypted.
Acceptable and Ethical Use: Employees and affiliates are responsible for ensuring the accuracy, integrity, and appropriateness of any AI-generated content. They must also ensure inputs do not violate intellectual property rights, contract terms, or any applicable federal and state regulations, including FERPA and HIPAA, among others. GenAI tools must not be used with the intent to do harm.
Training and Education: Technology Services will develop and maintain training on the responsible use of GenAI tools, including required trainings that VCU employees and affiliates must complete.
Be sure to read the entire policy and be on the lookout for more resources to help you understand and adhere to the policy requirements. This blog and the CIO website on AI will be updated as further guidance is developed and made available. Also, don’t hesitate to contact [email protected] with any questions.
Categories AI and Emerging Tech Policy and Guidance, Uncategorized