With the rapid rise of AI-powered large language models (LLMs) like ChatGPT, Copilot, and others, faculty, staff, and students are increasingly using these platforms to streamline work, enhance learning, and explore new ideas. While these tools offer powerful capabilities, they also introduce new risks, particularly around the unintentional exposure of sensitive information.
The Hancock College IT Department is committed to supporting innovation while safeguarding institutional data. This guidance is designed to help our community understand the risks of entering sensitive data into web forms and AI tools, and how to use these technologies responsibly.
Note: These guidelines are intended to prevent the unintentional exposure of restricted or internal data, as defined in Hancock College’s Data Classification Guide. They do not override or conflict with the District’s Board Policy on Academic Freedom BP 4030. Most academic materials, such as course content, syllabi, and general instructional resources are considered suitable for public use and are not subject to these restrictions. However, sensitive data must not be entered into web forms or AI tools unless they are approved by Hancock College.
Understanding the Risks of Web-Based Data Exposure
Web forms, whether part of AI tools, survey platforms, or productivity apps, can pose a significant risk when used to input sensitive information. Many of these tools are hosted by third-party vendors and may not meet Hancock College’s data protection standards.
When internal or restricted data is entered into a web form that is not controlled by Hancock College or an approved vendor, it may be:
- Stored indefinitely on external servers
- Shared with unknown third parties
- Exposed in future outputs or breaches
- Used to train AI models without consent
Below are a list of queries that might be entered into an AI tool and their potential for leaking sensitive data.
"Give me a catchy title to put on invitations for a student event" ✅ No sensitive data
"Make an image of Spike the Bulldog holding a balloon" ✅ No sensitive data
"Help me write a charter for a new campus club" ✅ Publicly available data
"Summarize this research paper into a few paragraphs to distribute to my class" ✅ Publicly available data
"Write a new board policy based on the attached internal documentation" ⚠️A review of the internal documentation would be needed to determine. If any internal processes which are not allowed to be published publicly, then the internal document should not be included.
"Summarize this Financial Aid department meeting on Zoom" ⚠️This likely includes internal data but AI transcription is allowed through the approved Zoom client
"Analyze this list of students in a spreadsheet and ...." 🚫 Student information can not be sent to untrusted channels
"Write a rejection letter to job candidate John Smith <jsmith@gmail.com>" 🚫 Personal, confidential information must not be transmitted through untrusted channels
Approved Tools and Data Protection Policies
Hancock College has vetted and approved a number of platforms for institutional use. These tools meet our security and compliance standards and are safe for handling internal communications and documents:
- MyHancock Portal
- Microsoft Office 365 Suite (including Outlook, Teams, Word, Excel, OneDrive etc.)
- Accessible Learning/LAP Online
- Adobe Creative Cloud Suite
- Argos
- Astra
- Banner
- Canvas
- Degreeworks
- Dynamic Forms
- iParq
- SuccessNet/Starfish
- TeamDynamix
- Zoom
These platforms are either hosted by Hancock College or are contracted vendors with appropriate data protection agreements.
Additionally, Hancock College has a strict policy that prohibits third-party applications from accessing files, emails, and Teams chats. This means that browser extensions, plug-ins, or external AI tools will not be granted access to these resources.