Responsible Use of AI Tools with University Data

The University of Waterloo encourages innovation and experimentation with AI tools. However, to protect University data, it is essential that members of the University community use AI services responsibly.

Approved AI tools

*Tool*	*Details*
Microsoft 365 Copilot Chat	University accounts can be used to log in to Microsoft 365 Copilot Chat for experimentation and productivity. Logging in with your UWaterloo account automatically applies personal and institutional data controls. Personal accounts should not be used in conjunction with University data.
Microsoft 365 Copilot (Under investigation)	The University does not currently provide Microsoft 365 Copilot licenses, but a secure and equitable access strategy is under review. Copilot (licensed) includes AI in Teams, Word, Outlook, PowerPoint, Excel, and more.

Tool

Details

Microsoft 365 Copilot Chat

University accounts can be used to log in to Microsoft 365 Copilot Chat for experimentation and productivity. Logging in with your UWaterloo account automatically applies personal and institutional data controls.

Personal accounts should not be used in conjunction with University data.

Microsoft 365 Copilot

(Under investigation)

The University does not currently provide Microsoft 365 Copilot licenses, but a secure and equitable access strategy is under review.

Copilot (licensed) includes AI in Teams, Word, Outlook, PowerPoint, Excel, and more.

When Using Third-Party AI Services

Use only approved services that have undergone an Information Risk Assessment (IRA) and Privacy Impact Assessment (PIA).

IRA-PIA requirements are available through the Privacy Office.

Services must be under contract with UW and have a vetted IRA-PIA to process confidential data.
If the tool lacks UW approval, only use with Public data as per Guidance on Information Confidentiality Classification (Policy 46).
Avoid sharing sensitive data unless explicitly permitted and contractually protected.
When unsure, submit an inquiry through the IST Help Portal.

Secure Use of AI Tools - Best Practices

Authentication

Use strong, unique passwords for AI-related accounts.
Enable multi-factor authentication (MFA) to add an extra layer of security against unauthorized access.
Consider use of a reputable Password Manager under a paid subscription model in order to generate and store unique passwords for your online accounts, including AI tool accounts.

Delete Chat History

Regularly delete stored AI conversations where possible to minimize data retention risks.

Review Privacy Settings

Adjust privacy options related to data-sharing and history retention to match your privacy preferences.

Self-Hosting Options

For higher control, consider self-hosting AI tools, ensuring compliance with UW's security requirements.