Ethics, Data Privacy and Security, and FIPPA Considerations

New artificial intelligence (AI) tools and large language models (LLM) (e.g., ChatGPT, Google Bard, Bing Chat) interact in a conversational way and have many uses, but also present ethical challenges.

Some key issues for educators related to AI-generated information are:

Transparency as sources are not identified and accuracy cannot be confirmed
Intellectual property issues due to unclear data ownership, authorship and citation information
Low reliability as inaccurate or biased data may be sourced or fantasy responses provided
Misinformation based on examples and data provided
Lack of accountability since the source of data is unclear
Privacy and security concerns as data could be misused or in breach of privacy requirements
Perpetuating stereotypes, ageism, sexism and racism (see examples from The Conversation)

Generative AI companies collect personal information from the time that a user visits the site to their completion of using their services. At minimum, account data includes enough information to associate the individual with their account to login (this is usually name and email address). Sometimes setting up accounts includes providing additional demographic data that is either optional or mandatory. For services that require payment, the payment information directly associates the individual based on how they pay with the account and associated content making it harder to anonymize or alias the individual.

Usage Data

Device Data

Session Data

Log Data

Browser type, IP address, browser settings, date and time of using the service, how the user interacted with the functionality of the service.

All personal information ends up being associated with each individual’s account, and generated third party personal information is also associated with each individual’s account and linked to the use of services by that individual. The result is that an individual’s use of generative AI services associates identifiable individuals with requests for products, and may associate identifiable third parties within that identifiable user’s resulting products.

Given the types of user information that are collected, and the third-party personal information that may be accurately input into generative AI, there are potential risks with using generative AI in learning environments. Foremost, the management of personal information needs to be minimal to what is necessary for the student to complete their studies in an academic program.

The following rubric supports faculty as a starting place in analyzing AI tools privacy and security risks:

Category	Criteria	Works Well	Minor Concerns	Serious Concerns
Privacy, Data Protection, and Rights	Sign Up/Sign In	Use of the tool does not require the creation of an external account or additional login, such that no personal user information is collected and shared.	The tool has been vetted through appropriate channels to ensure strict adherence to policies/standards for protecting the collection and use of personal data by a third-party group.	Personal information to a third party in creating an account is required. There are some questions for protecting the collection and use of such data by the third-party group.
	Data Privacy and Ownership	Users maintain ownership and copyright of their data; the user can keep data private and decide if /how data is to be shared.	Users maintain ownership and copyright of their data; data is shared publicly and cannot be made private.	Users forfeit ownership and copyright of data; data is shared publicly and cannot be made private, or no details provided.
	Archiving, Saving, and Exporting Data	Users can archive, save, or import and export content or activity data in a variety of formats.	There are limitations to archiving, saving, or importing/exporting content or activity data.	Content and activity data cannot be archived, saved, or imported exported.

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Fall Programs
and Courses

This Month’s Highlights

Ask a current student

Ethics, Data Privacy and Security, and FIPPA Considerations

Considerations for using Generative AI in the Classroom

Ethics

Data Privacy, Security and FIPPA

Privacy in the Context of Teaching and Learning

Type of personal data collected by Generative AI tools

References