Digital tools, services, and assistive utilities based on generative AI, such as ChatGPT or Midjourney, can be a valuable resource for employees at SDU. However, when using generative AI, there are several considerations you should be aware of.
What is Generative AI?
Generative AI is a collective term for artificial intelligences that can create and generate new content. One characteristic of generative AI is that it often requires interaction or input from the user. This input can range from a question to a natural language command. This is known as a prompt. The generative AI uses this input to generate a response or a solution.
Using Generative AI
Below, you can find some considerations to keep in mind when using generative AI. Your imagination is the only limit. Be critical of the quality of the responses and, most importantly, be aware of the upcoming guidelines for the use of generative AI.
Use generative AI as a tool but remember that you are the expert, and approach the responses you receive critically.
Most generative AI solutions are built so that your input is delivered “out of SDU” when you use them. This means that the provider of the solution can use data, and that we risk that they are read by others. Data can be used to train the model, or can be read by the provider’s employees. Even if the provider promises not to, SDU does not always have the ability to control it.
If the AI system is assessed generally at SDU, you should follow the limitations outlined in the SDU-assessment (you can read more here). If not, it is possible to use the system locally (see more below).
Many generative AI systems are operated by entities other than SDU. In these cases, you typically may not use personal data in your inputs, and you should be aware of the types of information you input:
If the information is publicly available or intended for publication (e.g., text for sdu.dk), you are allowed to use it as input.
If the information is internal SDU information (e.g., regular meeting minutes without closed points or personal names), you should assess whether it is justifiable to use them as input. You need to consider whether there may be a risk in relation to the AI service you are using and the specific information you are sharing. There will be many situations where it is not a problem, but be aware that there may be a risk of the information being shared with unauthorized individuals.
If the information is confidential (e.g., closed meeting points, information subject to confidentiality agreements, information about patentable inventions, or similar), it must never be used as input in AI solutions that are not explicitly approved for it.
Approval of AI Services
The Committee for Information Security and Data Protection at SDU (UID) has approved new guidelines for security approval of IT systems in IT acquisitions. The guideline is currently being implemented. According to the guideline, central systems procured and licensed by SDU IT, including systems expected to be used by SDU students, must receive central approval from SDU IT and possibly SDU RIO if the system involves the processing of personal data.