Yale University AI guidelines for staff


Since its founding in 1701, Yale has been dedicated to expanding and sharing knowledge, inspiring innovation, and preserving cultural and scientific information for future generations. Artificial intelligence (AI) is built upon technological innovation, and AI tools enable the expansion and sharing of knowledge at scale. Many faculty and researchers in the Yale community have been utilizing AI for years – some are even on the cutting edge of AI research and development. This communication is meant to reach an audience that includes new users of AI, and especially for community members who are thinking about using AI in their daily work at Yale.

Since publicly available tools like ChatGPT, Bing, and Bard have gained momentous popularity, this is a good time to go over some best practices that can help protect intellectual property as well as institutional knowledge and data. While staff are encouraged to try out AI tools, the guidance below stresses the importance of staying informed and mindful when using this rapidly evolving technology.

The following guidelines were created to protect University data and ensure adherence to contractual and ethical responsibilities when using AI.


These guidelines have been written with the use of Yale administrative systems and data in mind, as well as faculty and staff usage of AI tools. Topics these guidelines will address include:

  1. Best practices for faculty and staff when using AI at Yale;
  2. Examples of ways in which seemingly innocuous AI prompts can create privacy concerns.
  3. AI Project/Services requests
  4. Procurement considerations & process;
  5. Option for Azure subscription to host data securely.

What this guide is not:

Best Practices for faculty & staff:

  • If you use your Yale email/credentials to sign up for an AI tool, do not use your NetID password.

  • Treat information given to an AI tool (like ChatGPT) as if it were public; do not share information that is personal, confidential, or proprietary intellectual property

  • Review Yale’s data classification policy and avoid entering data that may fall into the moderate or high-risk data categories. You can review the University’s data classification here:  https://cybersecurity.yale.edu/data-classification

  • Be especially careful with sensitive data when using AI tools and consider whether the data you are using will compromise regulatory, contractual, or legal obligations.

  • Closely monitor output from AI tools and be aware that responses sometimes contain subtle but meaningful hallucinations, uncited intellectual property, factual errors and biased or inappropriate statements. Always use your judgment when analyzing AI responses.

Examples of AI prompts with commentary:

Write a 250-word recommendation for my top student who is applying to graduate programs in [field].

Can you help me create an announcement for an upcoming workshop on [topic]?

I need assistance in developing interview questions for candidates for [position].

What are some effective methods for promoting diversity and inclusion on campus?

I’m working on a grant proposal. Can you help me refine my project goals and objectives?

What are some best practices for managing conflicts among team members in a research project?

These examples reflect a variety of ways community members might utilize a tool like ChatGPT. When doing so, here are some considerations to keep in mind:

  • In general, it is best to anonymize personally identifiable information (PII) and if possible, use settings that ensure inputs are not retained by the AI.
  • It is especially important to avoid entering personal information, such as patient data or academic details of a student – for instance student education records are protected by FERPA.
  • Generated responses may be biased, inaccurate, or inappropriate. Make sure to use your judgment and edit outputs if you use them.
  • Be aware of intellectual property and confidentiality concerns: do not enter proprietary information into an AI tool and be aware that outputs may contain unattributed and unauthorized copyrighted information.
  • Investigators are individually responsible for maintaining research integrity, rigor and reproducibility of their work. Some academic publications have prohibited the use of generative AI tools in manuscripts, and federal granting agencies have emerging regulations prohibiting their use in submissions and reviews. In this rapidly evolving landscape, familiarize yourself with funding agency and publication guidelines to ensure compliance.

Requests for AI projects/services:

Procurement considerations:

  • For AI related requests get involved with the Procurement Department early in the process.
  • There are two main procurement tracks when considering AI tools, with distinct processes to manage data based on its location and ownership.
    • The first process is designed for data that is stored on-premises or resides within Yale’s own repository, ensuring direct control and adherence to institutional policies.
    • The second process caters to data hosted by suppliers, providing guidelines and protocols to effectively manage and secure such data. These supplier relationships are higher risk; Presume that the supplier’s tool is using the Yale data to train itself.
  • Systems that will use AI should complete a Security Planning Assessment (SPA) review with the Information Security Office.

Azure subscriptions:

  • Units or individuals interested in using AI for university-related projects can reach out to Infrastructure Services for a consultation to provision a Microsoft Azure subscription. Whether you aim to securely host chatbot repository data or give students space to practice certain skills using AI, this setup allows you to use AI while hosting your data within the university environment.
  • These subscriptions are paid with a COA and are charged based on actual usage, ensuring cost-effectiveness and scalability. The infrastructure services team is actively working to establish enhanced guardrails to make these environments as secure as possible for hosting university data. For more information, contact the ITS Cloud Support Team service link.