CCA staff and faculty

1. Purpose and Scope

This policy provides guidance for the responsible use of generative artificial intelligence (AI) tools by staff and faculty performing administrative or instructional work for the college. It is designed to ensure the confidentiality, security, and integrity of CCA's institutional data and to protect the college and its employees from legal and reputational risks.

This policy does not address issues surrounding academic integrity as it relates to the use of generative AI, which is governed by policies found here.

2. Data and Information Handling

The security and confidentiality of all institutional data must be maintained when using generative AI. Users should be aware of the data's classification and the associated risks of its use with various tools. These data classifications are derived from the published CCA Data Classifications.

• Low-Risk Data: Information classified as Low Risk, or publicly available CCA information (e.g., public website content), may be used freely with any AI tools.
• Moderate and High-Risk Data: Data classified as Moderate or High Risk includes (but is not limited to), personally identifiable information, student education records, financial information, confidential, strategic, or sensitive data/reports/information, and unpublished institutional data.

Moderate and High-Risk Data must not be entered into any generative AI tool other than the Approved Tools listed below. Aside from these tools, information shared with generative AI tools is not private and could expose proprietary or sensitive information to unauthorized parties.

Any output from a generative AI tool that contains moderate or high-risk data must be handled according to the Institutional Data Policy.

3. Approved Generative AI Tools:

Moderate and High-Risk data must only be entered into generative AI tools that have been assessed and approved by Technology Services for such use, and only when using these tools under a CCA staff or faculty account. These tools are covered by contracts explicitly protecting college data, and ensure all data transmission and storage comply with CCA policies and security protocols.

AI Tools currently approved for use with CCA data include (must be logged in with your CCA account):

• Google Gemini for Education
• Zoom AI Companion
• Google Notebook LM

4. Use of Personal Accounts

CCA staff and faculty are not permitted to use their personal accounts with any public AI tools when using or referencing CCA data that is classified as moderate or high-risk data, is confidential or sensitive, is intellectual property, or protected under attorney-client privilege.

5. Using AI for Instructional Purposes

Using AI tools to aid in the development of instruction, instructional design, activities, syllabus, or other documents is acceptable, as long as you are either:

1. Using one of the Approved Generative AI Tools listed above while logged into your CCA account, or
2. Using ONLY low-risk or publicly available data in the prompts.

Additionally, the User Responsibilities below apply.

Instructors are not permitted to use generative AI to critique or evaluate/grade student work.

When using AI for recording class presentations, instructors must get permission from all students participating. As per the Audio Recording / Note-Taking Assistance policy, no class discussions can be recorded.

6. User Responsibilities and Best Practices

All CCA staff and faculty are responsible for the following when using generative AI tools:

• Verification: You are responsible for verifying the accuracy of any AI-generated content before sharing it with others. Use the tools to check sources.
• Bias: You are responsible for checking the output of AI-generated content for potential bias.
• Transparency: You should be transparent and disclose when AI was used to generate content.
• Recording: If you are processing a recording, ensure that you have permission from all participants to record, use and share the recording.

Compliance: Users should exercise caution and understand the potential risks before using these tools and must comply with the college's existing Information Security Policy, Acceptable Use of Campus Technology Policy, and Institutional Data Policy.

This policy was developed, in part, using Google Gemini.