Artificial Intelligence provides many opportunities for learning and productivity within the University of Maine System. Among uses, Generative AI, such as ChatGPT, Google Gemini, or Microsoft CoPilot, can be used to automatically generate text based on a prompt or data set. However Generative AI, comes with questions and challenges on appropriate use. While regulations, policies and practices are often the same for Generative AI, the means of interactivity makes the use somewhat unique.
This document is not policy but is guidance that is intended to help readers stay within existing statutes, regulations and policy and to provide guidance oriented toward legal and ethical uses of AI resources. This guidance is intended to supplement but not replace or supplant other University or UMS policies or guidance.
Contents
Detailed Information
Definitions
“Generative AI” means any artificial intelligence tool designed to mimic human intelligence by examining user inputs, such as questions, prompts, statements, images, or videos, and producing a human-like output, such as a response to a question, a written statement, software or programming code, or design. Generative AI includes both standalone tools and tools that are embedded in other software.
“Personal Information” means any information that can be used to identify a person. This includes any information that is protected by State and Federal laws, including but not limited to the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
“Protected Information” means any information defined in Data Classification APL VI-I as (i) Restricted; (ii) Confidential; and/or (iii) Internal.
Information Security & Privacy Guidance for Generative AI Use
The University of Maine System emphasizes the importance of safeguarding institutional data and complying with FERPA and other regulatory requirements. Faculty, staff, and students should not enter any Protected or Personal Information into Generative AI tools, as these tools can use input data for training, potentially exposing sensitive information. This includes student data, even if it is directory information, if the student has opted out. Instructors should not require students to use Personal Information in assignments involving Generative AI, and students should be aware that their information might not be protected under university policies if shared with AI providers. For any questions or before acquiring AI-related products, consult the Information Security Officer or University of Maine System IT.
Meetings & Participant Privacy
Voice recognition is a means of submitting data into a contractor-based AI system. Follow the same security and privacy practices for data that is submitted through as data entered in other means. Restricted or Confidential data cannot be used in a product that hasn’t been approved for it. For list of approved systems see APL VI-C Appendix C: Permitted and Restricted Systems for Data Storage and Data Processing
AI and AI add-ins cannot be used in video conference sessions unless all participants are aware of the use and agree to not disclose any Personal Information or Protected Information. Ensure participants agree to its use and acknowledge that they are not to speak about Personal Information or Protected Information and that what is spoken could reveal personal thoughts of information about themselves. Again it is worth noting that words that identify specific students could be a FERPA violation.
Intellectual Property
You may not use Generative AI in any way that infringes on copyright or Intellectual property. Submitting copyrighted materials (text, images, video, or audio) into a Generative AI program could violate the copyright. This includes university, faculty, and classmate produced materials (examples: syllabi, instructor produced instructional content, or peer-written papers). Generative AI may draw upon the work of others in generating a response. Therefore, if you quote or paraphrase from the response of the Generative AI, you should confirm that you are not plagiarizing existing work or otherwise violating intellectual property rights of another.
Acceptable Use
University of Maine System Acceptable Use Policy applied to the use of Generative AI. Prohibited activities include, but are not limited to use of Generative AI for unauthorized access, disruption, harassment, or obscene material. Generative AI may not be used to generate malicious content, such as malware, viruses, or any other content that may have the ability to circumvent the University of Maine System’s (or other third-party entity’s) access control measures.
Review Output for Bias
Generative AI may generate outputs that could result in a disparate impact to individuals based on their protected classifications, such as their race, ethnicity, national origin, age, sexual orientation, or disability status. You should consider whether the data, statements, prompts, or other inputs you are using may result in such disparate impact. You should not rely on any Generative AI output that is indicative of a potential bias.
Disclosure of Generative AI Use
Faculty and staff who leverage Generative AI to produce written materials or other work product should disclose that those materials and/or work product are based on, derived from, or are a direct reproduction of the output of Generative AI. Transparency of the use of Generative AI is best practice.
Confirm Accuracy
Generative AI may output information that is inaccurate, outdated, misleading, biased, or entirely fabricated and should be reviewed for accuracy prior to publication of or reliance on the output.
Accessibility
The University Policy on accessibility applies to Generative AI Systems. Ensure the AI interface and any materials, such as text, charts, graphics, imagery, audio, video, etc., that are generated by the AI in response to user prompts provide equal access and opportunity for persons with disabilities.. Equal access and opportunity, as provided by technologies, such as AI, are defined in University policy and an administrative practice letter.
Required use of AI in Courses
When requiring use of Generative AI in courses faculty should follow local requirements and guidelines outlined by their University.
References
Employment Protection of Data APL - APL VI-C
- Identifies individual responsibilities that limit sharing of information.
- Appendix C identifies Permitted and Restricted Systems for Data Storage and Data Processing
Acceptable Use of Information and Information Systems - APL VI-H
- Identifies expected and unacceptable behaviors for use of information systems.
FERPA Policy and Procedure APL - APL X-F
- Describes protection of student data under FERPA and identifies directory information as the only information that can be released without consent, but only for those students who have not opted to have their information suppressed.
University of Maine System Purchasing Procedures APL - APL VII-A
- Identifies the need Standards for Safeguarding Information in contracts whenever a service provider will have access to sensitive information.
- This article provides more guidance on standards for safeguarding data
Data Classification APL - APL VI-I
- Describes the classification of data in order to protect sensitive information.
Information Security Incident Response APL -APL VI-B
- Provides information on reporting security incidents.
Information and Communications Technology Accessibility Policy - BOT Policy Section 902
- Requires that information and communications technologies including content and other output meet accessibility requirements for equal and effective access by persons with disabilities.
Information and Communications Technology Accessibility APL VI-G
National Institute of Standards and Technology’s (NIST’s) characteristics of trustworthy AI. For uses of generative AI that are not prohibited, university faculty, staff, students, and affiliates can help protect themselves and others by choosing tools and services that exhibit
Note: In addition to violating university policies, many of the above uses also violate generative AI providers’ policies and terms.