Work with AI

 

The AI tools currently approved for use with public and confidential data are:

• Microsoft 465 Copilot & Copilot Chat
• Zoom Companion AI
• Vertex AI
• Azure Open AI

For a full list of applications and tools approved for university use, as well as NOT approved, please visit the page Reviewed University Applications (requires SSO). 

The University of Colorado has adopted data classification types including Highly Confidential Information, Confidential Information and Public Information. Review the CU Data Classification Table for more information about data types (or see accordion below and chart to the right). 

Be cautious when using AI tools, ensuring that personal, sensitive and university data are not uploaded or shared with unvetted AI systems, as they may not be secure. How an AI tool or assistant processes and uses the data that is input into it is a key factor in determining its security.

In addition to using university approved AI tools with public or confidential data, all users must follow and abide by university policy - and relevant state and federal law regarding protecting data and information systems. These include but are not limited to: 

• HIPAA 
• FERPA
• GLBA 
  
• GDPR 
• University HIPAA Policy
• University Acceptable Use of Information Technology Resources - Policy 5001
• Administrative Policy Standard 6005 - IT Security Program

Please note: For Microsoft AI tools, though Microsoft assures that your data and university data won’t be used to train their artificial bot, it is still advisable to exercise caution. When using Copilot Chat, be sure you are logged in to your university account and confirm that the "protected shield" is visible in the prompt area. Additional information about securely using AI are available. Visit the ISIC webpages: Microsoft Copilot products, Zoom AI Companion features and AI Security and Compliance. 

Request an Applications Assessment for assistance vetting AI prior to acquiring a technology, particularly if the AI is intended for clinical purposes or will use highly confidential data such as FERPA or HIPAA data.

The popularity of artificial intelligence technology is making news and we are seeing excitement about its use within the university. CU is in the process of establishing guidelines and compliance requirements for using AI — with the complexity of this technology, it may take some time. And without proper security controls, AI technology can become susceptible to privacy, confidentiality, and security threats. Cybercriminals could inject malicious data or images into a machine learning model to deliberately attack the integrity of the data. Data uploaded into AI technology could remain there permanently, circumventing appropriate university protections and security controls.

Be sure to avoid uploading or sharing university data into unvetted AI systems as they are not secure. Contact the Risk and Compliance team at [email protected] for assistance vetting AI prior to acquiring a technology, particularly if the AI is intended for clinical purposes or will use highly confidential data such as FERPA or HIPAA data. Learn more: CU Anschutz Security Policies, Standards and Guidance.

Document Classification Quick Guide

Public Data	Confidential Data	Highly Confidential Data
Directory data Public policies Publicly published business documents	Faculty/staff personnel records, benefits, salaries, performance evaluations, employment applications Internal memos and email Purchase requisitions Level 2 and 3 of student data All internal, un-published, or non-public university work product.	Protected health data Social security numbers Payment card numbers Financial account numbers Driver’s license numbers Level 4 and 5 of student data

You can find more details and information about data classification on the CU Governance website: Data Classification webpage. 

Below are further resources to ensure you are using Microsoft AI tools safely and securely.

• Learn how to use Microsoft Copilot AI tools safely with university data on our Securely Using Microsoft AI page. 
• Explore Microsoft's guidance on AI privacy, safety, reliability, and accountability on their Responsible AI page. 

Below are further resources to ensure you are using Zoom AI tools safely and securely.

• Learn how to use Zoom AI features safely with university data on our Zoom AI Companion security features page.  
• Explore Zoom's guidance on AI privacy, safety and security on their website.

CU Anschutz Information Strategy and Services has compiled a list of approved and unapproved applications and tools for university use.  Visit the Technology Reviewed for IT Compliance webpage to see the full list (page requires single-sign-on). Each item listed has undergone a thorough review for security vulnerabilities and has been classified based on the sensitivity level of the data it handles.