Content and prompts submitted into a generative AI tool can be shared with the tool’s training dataset and shared in some manner with other users. Many of these policies share that data is automatically collected to enhance their training data, algorithm, and products (text, graphics, visual, audio, etc.). As with all terms and conditions, a generative AI tool’s privacy policy can be updated anytime. Check the data privacy policy of the tool regularly for how data is collected, used, and stored. It is best practice not to share sensitive information, personal or confidential, of any kind.

A few questions to consider:

• Is the data privacy policy findable?
• Are you asked for consent to provide data or are you automatically opt-in?
• How long is your data held (data retention)?
• What securities are there for de-identification?
• How are privacy risks addressed?
• Is there a third-party company involved? If so, what access and control does this company have over the data collected?

The University of Illinois Urbana Champaign addresses privacy through a variety of departments:

• The Illinois Technology Services Generative AI Resources page
• The Illinois Technology Services Privacy & Cybersecurity
• The Illinois Digital Rick Office’s Digital Risk Management

If you would like assistance as you consider data minimization, data anonymization, or data deidentification in your AI, the Privacy Team can help. Contact privacy@illinois.edu.