Generative AI can feel like a colleague, a trusted assistant, or even a confidant. Its responses are so humanlike that it’s easy to forget you’re talking to a machine. But the truth is, unlike when you’re speaking with a real person offline, the information you provide a GenAI tool may be read by someone else, saved where you can never delete it, or even repeated to another user.
It can be difficult to navigate the web of information and misinformation surrounding GenAI and how it uses your data. So, let’s bust some of the most common GenAI myths to help you chat with confidence.
🚫 Myth 1: “If I use a free GenAI tool for non-sensitive stuff, my data is fine.”
Fact: Free GenAI tools use your prompts and uploads to train models, which means that you’re allowing your data to be monetized or resold. That could include context about your work, interests, projects, or institution. While not all data needs to be protected, it’s crucial to make sure you’re not giving too much away when you use a free tool.
For example, if you ask a free tool to help brainstorm ideas for a capstone project on sustainable energy solutions at Pitt, you've just shared your research focus, your institution, and potentially proprietary ideas that could be used to train future models that could possibly surface in someone else's chat later.
Understanding how free tools use your data helps you to make informed decisions about the information you use in your prompts. You may be okay with a free tool making movie recommendations or summarizing web pages. But for anything related to your coursework, research, or university projects, use a protected Generative AI @ Pitt tool instead.
🛡️ Myth 2: “Pitt is watching my Generative AI @ Pitt chats”
Fact: All chats you enter into a Generative AI @ Pitt tool are private. Pitt system administrators can only see aggregate usage statistics. They don't access the content of your conversations, view your chat history, or see uploaded files. Plus, unlike with free tools, your data is never used to train external models. It's protected by enterprise data agreements that Pitt negotiated specifically to keep your information safe.
Bottom line? “Pitt-managed” doesn't mean you’re being actively monitored. It means that the University vetted the tool’s privacy practices and made sure your data would be protected. As long as you’re logged in through Pitt Passport, you can rest assured that your chats are secure.
Of course, Pitt must comply with investigations as required by law, including by providing user data like chat histories. This applies to any data you put online, including premium versions of GenAI tools.
🧠 Myth 3: “GenAI can't expose my personal data. It generates based on patterns, not memorization.”
Fact: Large language models (LLM) memorize and can inadvertently regurgitate personal data from their training data. And once personal information is embedded in an LLM, it's nearly impossible to remove.
University data is particularly sensitive. Student records, research datasets, and protected health information must never end up in a public GenAI tool’s training data. Be sure to protect personal information, like SSNs, account numbers, full names, medical details, and addresses, when using any GenAI tool. And remember, even chats you delete still influence the model's internal parameters, especially in public tools.
When You Need GenAI for Protected University Data: PittGPT
Navigating the ins and outs of data privacy can be difficult, but it doesn’t have to stop you from using GenAI tools. All faculty and staff have access to PittGPT — the University’s proprietary GenAI tool that can handle restricted data except HIPAA, NIST 800-171, and PCI DSS.
🎯 Myth 4: “Enterprise data protections mean I'm 100% protected — I can add anything into Generative AI @ Pitt.”
Fact: Generative AI @ Pitt’s enterprise data protections mean your conversation is private and won't train external models. That doesn't mean you should share everything. Even though your conversation is private, adding too much information unnecessarily exposes sensitive information to the AI system. If there's ever a security incident (which is rare but possible), or if you accidentally use the wrong tool, that data could be compromised.
Before adding sensitive data to your prompt, ask, “Does GenAI actually need this sensitive detail to help me?” When possible, redact names, dates, or identifying information, and when in doubt, remember that less is more.
📊 Myth 5: “All GenAI tools available through Pitt have the same data protections.”
Fact: Not all Generative AI @ Pitt tools are equally protective. Most Generative AI @ Pitt tools, including NotebookLM, are great for everyday academic work like class notes, research summaries, and course planning. For work involving sensitive data like student records or restricted research data, use tools specifically approved for that purpose. If you ever need a refresher on data classifications, our approved tools list has the most up-to-date info.
By taking a few seconds to review which tool fits your data, you can save yourself from compromising sensitive information. If you work with private or restricted data, this is an absolutely crucial step for using any GenAI tool.
Make Data Protection a Priority
Generative AI is a powerful tool, but its value depends on how thoughtfully you use it. Pitt has secured trusted platforms and clear guidelines; now it’s up to you to apply them. Choose the right tool for your data, minimize unnecessary details, and treat privacy as part of your workflow rather than an afterthought.
Before you hit "send" on any GenAI prompt, ask yourself:
- 🎯 What data am I sharing? Names, grades, research details, health info, financial data = protected data that needs the right tool.
- ✂️ Can I remove identifying details? Consistently use “Student A” instead of “Alex Thompson,” or “a colleague” instead of their full name.
- 🛡️ Is this the right tool for this data type? When working with private or restricted data, verify your tool choice against the approved tools list.
- 🤔 Does the AI actually need this detail? If you can get helpful output without sharing sensitive or personal information, leave it out.
By making data protection second nature today, you help ensure that GenAI remains a safe, reliable resource for tomorrow’s research and innovation.
— Pitt Digital
