IT 150 - Artificial Intelligence Data Management
Number
IT 150
Purpose
Ä¢¹½ÊÓƵÍø (CWI) recognizes the transformative potential of Artificial Intelligence (AI) in enhancing data management practices. This policy underscores the College’s commitment to harnessing the potential of AI responsibly and establishes governance principles for the responsible use of AI tools in handling institutional data, ensuring confidentiality, integrity, and compliance with applicable regulations.
Department
Information Technology
Effective
November 17, 2025
Last Revision
November 17, 2025
Last Reviewed
November 17, 2025
Scope
This policy applies to all CWI employees, contractors, and third-party vendors who use AI technologies to manage, analyze, or interact with institutional data.
Definition
- AI Tools – Software or platforms that use machine learning, natural language processing, or other AI techniques to process data.
- College-Hosted AI Services – Centrally managed AI solutions with institutional security controls, such as CWI Copilot.
- External AI Services – AI tools hosted outside CWI’s infrastructure, including public or commercial.
- Data Categories – Classification of institutional data based on sensitivity and regulatory requirements.
Policy
Information provided to AI tools must align with institutional standards for data security, privacy, and compliance. Only approved tools may be used with institutional data, and their use must reflect the sensitivity of the data involved.
Guidelines
When using AI tools, CWI employees must ensure the following:
- Data minimization – Collect and store only essential data. Protected data (PHI, FERPA, PCI, PII) requires explicit institutional controls and agreements.
- Cybersecurity by design – Prioritize multilayered security controls, encryption standards, and ongoing vendor assessments.
- Human oversight – Maintain human review of AI-generated outputs before operational use.
- Tool approval – All AI tools must be vetted and approved by Information Technology (IT) and listed on the official CWI Approved AI tools and Software list. In addition, all licensing and user agreements must be vetted and approved by the Contracts Management Office.
Roles & Responsibilities
- IT Division – Conducts security assessments, manages tools, and ensures compliance.
- Contracts Management Office – Facilitates legal review of contracts (terms and conditions) to ensure compliance with Federal and State laws and College policies.
- All Management Positions – Ensure faculty and staff use only approved tools and follow data classification guidelines.
Data Classification & Handling
The use of CWI data is restricted based on the type of data and the AI tools being utilized. IT maintains a list of approved AI tools by the type of data being utilized.
| Data Category |
Examples |
Permitted in External AI |
Tool Requirements |
| Restricted |
FERPA, PHI, grades, SSNs, salary data |
No |
Must use approved college-hosted AI tools with strict encryption and anonymization controls. |
| Confidential |
Draft policies, research data, AI transcription tools for internal meetings |
Limited |
Requires pre-approved, secured AI solutions with explicit institutional controls. |
| Public |
Press releases, course descriptions |
Yes |
Subject to general acceptable-use guidelines. |
Compliance & Enforcement
Failure to comply may result in removal of access, disciplinary action, or legal consequences in accordance with institutional policy.
Referenced
