When using generative AI tools, it’s critical to understand how your information is collected, stored, and reused.
Many free AI tools retain prompts and uploaded content to improve or train their systems. For this reason, the use of free personal AI accounts is never recommended for Penn State-related work. To help protect your information, Penn State provides access to University‑supported AI tools that include additional safeguards.
Using AI at Penn State
-
Use Penn State-provided tools.
-
Sign in with your Penn State account.
-
Complete two‑factor authentication.
-
Confirm you are signed in with your psu.edu email address.
-
Do not use free personal AI accounts for Penn State-related teaching, learning, research, or work.
-
Never input Level 3 or Level 4 information into any AI tool, including University‑provided tools.
What do the Levels refer to?
Penn State’s Policy AD95: Information Assurance and IT Security defines four information classification levels and outlines how different types of data must be handled. More details can be found on Penn State IT's Information Classification webpage.
Level 1: Public - Low Risk
Information that is already publicly available and intended to be shared openly. Level 1 data poses little to no risk to individuals or the University if this information is shared.
| Approved Data Use by AI Account Type | ||||
|---|---|---|---|---|
| Classification | Data Type | Free Personal | Paid Personal | Penn State Provided |
| Level 1 | Course Descriptions | Yes | Yes | Yes |
| Press Releases | Yes | Yes | Yes | |
| Public Website Information | Yes | Yes | Yes | |
| Publicly Available Content | Yes | Yes | Yes | |
Level 2: Internal - Moderate Risk
Information used for teaching, research, or operations that may identify specific individuals and is intended primarily for internal use. Level 2 information could cause some inconvenience or limited harm if exposed, but would not seriously impact individuals or the University.
| Approved Data Use by AI Account Type | ||||
|---|---|---|---|---|
| Classification | Data Type | Free Personal | Paid Personal | Penn State Provided |
| Level 2 | Course Grades | Never | Never | Yes |
| Non-PII Student Records | Never | Never | Yes | |
| Personnel Records | Never | Never | Yes | |
| Syllabi and Course Content | Never | Never | Yes | |
Level 3: Sensitive - High Risk
Information that can identify an individual or reveal sensitive personal details, including financial, medical, or biometric data. Level 3 information could cause serious harm to individuals or the University if accessed or shared improperly.
| Approved Data Use by AI Account Type | ||||
|---|---|---|---|---|
| Classification | Data Type | Free Personal | Paid Personal | Penn State Provided |
| Level 3 | Driver’s License Number | Never | Never | Never |
| Individually Identifiable Health Information (including HIPAA/PHI) | Never | Never | Never | |
| Passport Number | Never | Never | Never | |
| Personal Financial Information | Never | Never | Never | |
| Social Security Number (SSN) | Never | Never | Never | |
| Student Financial Aid Information (GLBA) | Never | Never | Never | |
| Username or email address, in combination with a password or security question and answer that would permit access to an online account | Never | Never | Never | |
Level 4: Restricted - Critical Risk
This level includes data that is subject to strict regulatory or legal protections. Mishandling Level 4 data can result in severe consequences for the University.
| Approved Data Use by AI Account Type | ||||
|---|---|---|---|---|
| Classification | Data Type | Free Personal | Paid Personal | Penn State Provided |
| Level 4 | Controlled Unclassified Information (CUI) | Never | Never | Never |
| Federal Contract Information (FCI) | Never | Never | Never | |
| Information subject to Federal Information Security Management Act (FISMA) moderate or high standards | Never | Never | Never | |
| Payment Card Industry Data Security Standard (PCI‑DSS) Data | Never | Never | Never | |