Data Security for AI

Not all data is safe for AI. You play the most important role in keeping Smith's data secure. Follow Smith's rules for choosing the right AI tool for your data.

Confidential Data

AI Tools: NEVER use in any AI tool unless you have express permission from Smith's CIO and/or Counsel.

Extremely sensitive internal data, whose unauthorized access, use, alteration, or disclosure could cause significant legal, reputational, or financial harm to the institution.

Confidential data includes any information that is protected by federal or state laws or regulations, including but not limited to personal Information and non-public financial information.

Examples: Personally identifiable information such as name along with social security number or birth date. Nonpublic financial information, human subjects research data.

Restricted Data

AI Tools: Only use in tools approved for Restricted data.

Includes all other personal and institutional data where the loss of the data could harm an individual’s right to privacy or negatively impact the finances, operations, or reputation of Smith College. Data may have regulatory reporting requirements.

Examples: FERPA records, salary data, legal records, performance reviews.

Public Data

AI Tools: Safe to use in any tool, even if not explicitly listed on the AI Tools list.

Loss, disclosure, or public use of this data would pose no risk or harm to the college or its constituents. Any data not classified as Confidential or Restricted.

If there is any uncertainty on whether data should be classified as Public or Restricted, the data should be classified as Restricted by default.

Examples: Published research, public website content.

As you consider which AI tool might be appropriate for your task, it is important that you understand these classifications, are able to accurately classify your data into one of the three categories, and have verified that the tool(s) you'll be using allow for the use of such data. Keep in mind that data within the context of AI tools can include text, data/numbers, screenshots, images, videos, and audio.

If you are unsure whether your data is Confidential, Restricted, or Public information and if it can be used in an AI tool at Smith, please request a review via the software security review form.

Request a Security Review

For a video overview of the data classifications and responsible use of AI tools within the Smith College community, select the title slide below to view Generative AI Guidance, Privacy & Responsible Use. The slide deck is also available for viewing.

Select the title slide to view the video. A new browser window will open Panopto.

Title page screenshot: Generative AI Guidance, Privacy & Responsible Use

Data Stewardship

Be Fluent

Fluency in the three data security classifications is a critical step to protecting people's privacy and securing the college's information.

Advise

Help your teams and those around you:

- - Understand the data classifications and how this matters to data security and privacy.
Understand the permitted use of Smith data in AI tools.
Understand the process for getting new tools approved for use with Smith data.

Report

The wrong data in the wrong place.
AI tools purchased or in business practice that need to be evaluated for security.

Under Smith College’s Written Information Security Program (“WISP”) policy, data falls into one of three classifications—Confidential, Restricted, or Public. For details, refer to Written Information Security Program for Safeguarding Personal Information.

Last Updated: 6/10/26

Page updated

Report abuse