Approver(s):
Authorizes Release:
Responsible Area:
Review Cycle:
Last Review:
Related Policies and Additional References:
Principles
As a Catholic and Marianist institution of higher education, 日韩乱伦鈥檚 University embraces innovation while affirming that all technological advancements must serve the dignity of the human person and the common good. Rooted in the Catholic intellectual tradition and the Marianist commitment to educating the whole person and the integrity of creation, the University鈥檚 approach to artificial intelligence (鈥淎I鈥) reflects not only regulatory compliance and academic integrity, but also a deeper vocation: the formation of persons of faith, ethical discernment, and service.
Purpose
This policy establishes expectations for the ethical, responsible, and lawful use of AI systems by all members of the University community. It defines categories of AI systems and establishes standards for their use. It affirms the responsibility of faculty, staff, and students for the integrity of their work and decisions when AI tools are used
Scope
This policy applies to all faculty, staff, and students when using AI systems in connection with academic, professional, research, or operational responsibilities. It governs both University-Managed AI Systems and external systems, whether free or fee-based, when such systems are used in fulfillment of University responsibilities or activities. This policy applies to Generative Artificial Intelligence systems, Agentic AI systems, predictive analytics systems, and software products that incorporate AI-enabled features.
Definitions
Aggregated Data
Data describing groups rather than individuals and is created by combining information from multiple records into higher level data; in aggregated data no particular individual can reasonably be identified, directly or indirectly. Examples of aggregated data are: total number of enrolled students, retention rate by entering cohort, average GPA by major, or number of applications by school.
Artificial Intelligence (AI) System
Any computational system designed to perform tasks that typically require human intelligence, including learning from data, recognizing patterns, interpreting natural language, generating content, or making predictions or recommendations. Several categories of AI systems are referenced in this policy:
- Generative Artificial Intelligence
- AI systems capable of producing new content such as text, images, audio, video, or code in response to prompts. AI-enabled or AI-augmented tools are traditional software applications that incorporate limited AI features to assist users, such as predictive text, grammar correction, transcription, or pattern recognition.
- University-Managed AI System
- An AI system that has been reviewed and approved by the University and is subject to institutional contractual safeguards addressing data ownership, data retention, secondary data use, model training restrictions, and security controls.
- Public AI System
- An AI system that is publicly accessible, governed by consumer terms of service, or not subject to institutional contractual protections regarding data use and retention.
- Agentic Artificial Intelligence (Agentic AI)
- An AI system designed to generate outputs in response to prompts and to initiate, plan, or execute actions autonomously or semi-autonomously based on defined goals. Agentic AI systems may interact with external systems, retrieve or modify data, trigger workflows, make sequential decisions, or perform tasks without continuous human direction once deployed. Agentic AI differs from traditional generative AI in that it can act upon information or systems rather than merely produce content.
De-identified Data
Data from which direct identifiers have been removed. Direct identifiers include names, ID numbers, email addresses, and other unique personal information. The data does not point to a specific individual. The remaining information does not reasonably allow a person to be identified , either by itself or when combined with other available data.
Institutional Data
Information created, received, or maintained by the University in the course of its operations.
PII Data
Data that can directly identify an individual on its own, without being combined with other information. Examples include names, Social Security numbers, student or employee ID numbers, email addresses, phone numbers, passport numbers, driver鈥檚 license numbers, and biometric records.
PII-Linked Data
Data that, when used in combination with other data elements, can be used to identify an individual, for example, gender plus ZIP code plus date of birth.
Public Data
Information approved for unrestricted public dissemination.
Regulated Data
Data protected by law, regulation, or contractual obligation, including but not limited to student education records protected by the Family Educational Rights and Privacy Act (FERPA), protected health information under HIPAA, payment card information, research data governed by sponsor agreements, personnel records, and data subject to GDPR or other privacy regulations. De-identified data that complies with institutional de-identification standards and does not present a reasonable risk of re-identification is not subject to the restrictions applicable to Regulated Data.
Reasonable Risk of Re-identification
Data shall be considered to present a reasonable risk of re-identification if:
- The data subject could be identified through combination with information in the
- University鈥檚 possession or control; or
- The data subject could be identified through statistical uniqueness or computational methods.
Sensitive Institutional Data
Institutional Data that, if disclosed without authorization, could reasonably cause harm to individuals or to the University. Data that has been aggregated or has been de-identified is not Sensitive Institutional Data.
Training
Any use of data to develop, refine, validate, fine-tune, retrain, or otherwise enhance an AI model鈥檚 performance, whether conducted internally or by a third-party vendor.
Policy
日韩乱伦鈥檚 University permits the responsible use of AI in support of its academic, research, administrative, and operational mission, provided that such use is consistent with human oversight, academic integrity, legal compliance, data protection requirements, and applicable University policies. Use of AI does not replace individual responsibility, professional judgment, or institutional accountability.
Users remain responsible for reviewing and verifying the accuracy, appropriateness, and compliance of AI-generated outputs. AI systems may assist in analysis, drafting, research, administrative processes, and teaching and learning activities, but they may not replace human judgment or serve as the sole basis for decisions or actions that materially affect individuals.
A. Permitted Uses
The following uses of AI are permitted, provided they are conducted in compliance with this policy and all other applicable University policies, standards, and procedures:
- General Academic, Administrative, and Operational Support
- AI systems may be used to assist with drafting, editing, summarizing, brainstorming, transcription, translation, research support, coding assistance, data analysis, workflow support, and similar activities, so long as the user reviews the output for accuracy, appropriateness, bias, and compliance.
- Teaching and Learning Uses
- Faculty may permit or restrict AI use in their courses and are responsible for clearly communicating course-specific expectations in syllabi, assignments, and related instructional materials. Students may use AI only as authorized by the instructor and remain responsible for the integrity, authenticity, and originality of their academic work.
- Use of University-Managed AI Systems with Approved Data
- University community members may use a University-Managed AI System for legitimate instructional, research, analytical, administrative, or operational purposes, including use involving Aggregated data and de-identified data, provided such use complies with applicable institutional safeguards, data use restrictions, and security requirements.
- Research Uses Consistent with Compliance Requirements
- AI may be used in research activities when such use complies with Institutional Review Board requirements, sponsor terms, contractual obligations, data use agreements, publication norms, and all other applicable research compliance standards.
- Disclosure Where Required
- Use of AI is permitted where disclosure is made when required by academic integrity rules, research protocols, publication standards, grant requirements, supervisory expectations, or other applicable University requirements.
B. Uses Requiring Prior Review or Approval
The following uses are permitted only after appropriate prior review, approval, or authorization by the University office with applicable oversight responsibility:
- Use of Regulated Data or Sensitive Institutional Data in AI Systems
- Regulated Data and Sensitive Institutional Data may be entered only into a University-Managed AI System that has been reviewed and approved to ensure appropriate security controls, contractual protections, retention terms, and data use restrictions.
- Training, Fine-Tuning, Retraining, or Improving AI Models Using Institutional Data
- AI systems may not be trained, fine-tuned, retrained, or otherwise improved using Institutional Data related to students, employees, or research participants without prior explicit authorization and formal review by the Vice President for Information Services or designee.
- Deployment or Integration of University-Managed AI Systems
- The implementation, adoption, or continued use of a University-Managed AI System for institutional purposes is subject to institutional review and oversight. The University reserves the authority to approve, condition, restrict, suspend, or discontinue the use of such systems to ensure compliance with legal, ethical, operational, and contractual obligations.
- Agentic AI Systems Interacting with University Systems or Data
- Any Agentic AI system that interacts with University systems or processes Institutional Data must operate within a University-Managed AI System and be subject to security review, access controls, audit logging, documented human approval checkpoints, and any additional review required by Information Services or other responsible offices.
- High-Impact Uses Affecting Individuals
- Any proposed AI use that may materially affect individuals, including but not limited to admissions, grading, employment, financial aid, discipline, contractual decisions, or research participation, requires meaningful human review and, where required by institutional process, documented authorization before deployment.
C. Prohibited Uses
The following uses of AI are prohibited:
- Use Without Human Oversight in Material Decisions
- AI may not be used as the sole basis for decisions or actions that materially affect individuals, including but not limited to admissions, grading, employment status, financial aid, discipline, or contractual determinations.
- Entry of Regulated Data or Sensitive Institutional Data into a Public AI System
- Regulated Data and Sensitive Institutional Data must not be entered into any Public AI System.
- Disclosure, Transfer, or Processing of Protected Data in a Manner that Creates Institutional Risk
- Institutional Data, including Sensitive Institutional Data and Regulated Data, linked to PII, must not be disclosed, transferred, or processed through AI in a manner that compromises confidentiality, privacy, security, legal compliance, or contractual obligations.
- Unauthorized Re-identification or Identifiable Data Use
- Users may not use AI systems to re-identify de-identified or Aggregated data, nor may they combine data in a manner that permits an individual to be reasonably identified, directly or indirectly.
- Unauthorized Model Training on Institutional Data
- Users may not use Institutional Data to train, fine-tune, retrain, validate, or otherwise improve an AI model without the required prior approval under this policy.
- Improper Use of Agentic AI
- Agentic AI may not be deployed in a manner that permits autonomous or semi-autonomous actions affecting Institutional Data, Sensitive Institutional Data, Regulated Data, or individuals without meaningful human review, appropriate authorization, and required institutional safeguards.
- Use Inconsistent with University Policy or Law
- AI may not be used in any manner that violates academic integrity requirements, research compliance requirements, acceptable use standards, information security rules, nondiscrimination and harassment policies, personnel standards, student conduct expectations, or any applicable law, regulation, contract, or University policy.
D. General Responsibilities
All users of AI systems must:
- Exercise professional and academic judgment in evaluating AI outputs;
- Review outputs for accuracy, completeness, bias, appropriateness, and relevance to context;
- Protect Institutional Data in accordance with University policy and applicable law;
- Comply with disclosure requirements where applicable; and
- Remain accountable for content, decisions, recommendations, and actions supported by or generated through AI systems.
Applications to Teaching and Learning
AI technologies evolve rapidly, and the University acknowledges that their appropriate use in teaching and learning may require ongoing discernment. Faculty are responsible for defining expectations for AI use within their courses. Such expectations must be clearly communicated in syllabi and consistent with applicable academic and institutional policies. Faculty remain accountable for grading, evaluation, and assessment decisions, even when supported by AI tools.
Students are responsible for adhering to course-specific requirements governing AI use and for maintaining personal academic engagement. Students remain accountable for the integrity and authenticity of their academic work, even when AI tools are used in accordance with instructor guidance.
Compliance with this policy in teaching and learning contexts is guided by principles of reasonableness, professional judgment, transparency, the Academic Misconduct policy, and good faith.
Violations
Violations of this policy may result in corrective action, loss of access, or disciplinary action under applicable University procedures, including the Faculty Handbook, the Student Code of Conduct, applicable employee policies, and research compliance procedures. Sanctions will be determined in accordance with established institutional processes.
Review
This policy shall be reviewed annually or as required to reflect developments in technology, regulation, and institutional governance.