Because of the added data protection measures enabled through ChatGPT Edu and our specific contract, we are able to enter data that is classified as Public, Internal, and Confidential into the platform when it is necessary to do so for a legitimate business purpose.
However, due to the evolving state of AI tools and technologies, it is still important to exercise caution, so it is recommended to de-identify data when possible to add an extra layer of privacy and security protection. Some helpful information on de-identifying data can be found on the data de-identification page.
Additionally, to use this license, you should avoid entering the following types of data, unless approved by your institutional AI Committee:
- Restricted Data: Includes Social Security Numbers, Credit Card Numbers, financial account information, health records, etc. You can read more about this category of highly sensitive data in the CES Information Classification standards.
- HIPAA-Protected Data: Includes medical records numbers, health insurance beneficiary numbers, health insurance claims, payment history for medical services, invoices or billing statements related to health care services, health information such as diagnoses, treatment plans, prescription records, medical test results, and surgical and hospitalization records, or other biometric and genetic information like fingerprints, voiceprints, and genetic data.
- Controlled Unclassified Information: Includes CMMC, NIST SP 800-171, and export-controlled data (ITAR, EAR, and others). This is typically applicable to research sponsored by the Department of Defense, Department of Energy, National Institutes of Health, and some other federal agencies.
More information about the CES Data Classification standard and examples can be found at CES Infomation Governance portal and specifically the CES Information Classification document.