myState Directory
AI at MSU
Guidance · For Faculty · Staff

02 AI Do's and Don'ts at MSU

The short, practical version: which AI tools to use for sensitive work, what never to paste into a chat, and the handful of habits that keep you on the right side of FERPA, HIPAA, and MSU policy.

Last updated May 2, 2026

If you only read one AI guidance page at MSU, read this one. The full policy lives elsewhere — this is the working version: the handful of rules that, if you follow them, will keep your AI use safe, compliant, and useful.

The single most important habit: Sign in to MSU-licensed AI tools with your netid@msstate.edu account. That is what keeps your conversations inside MSU’s tenant — protected by our enterprise agreements, not used to train public models, and governed by the same data protections as your Outlook and OneDrive.

Do

  • Sign in with your netid@msstate.edu account. This applies to Microsoft Copilot, Claude, Gemini, and any other AI tool MSU has licensed. Personal Gmail @gmail.com or ChatGPT accounts are not MSU tools, even if you only use them for work.
  • Use the MSU-licensed tools for any work involving university data. That includes student information, personnel matters, contracts, draft communications, financial data, and research notes. See the MSU AI Tools page for the current list of approved enterprise tools.
  • Verify anything that matters before you act on it. AI tools generate confident-sounding text that can be wrong — names, dates, citations, statistics, policy details. Treat AI output the way you’d treat a draft from a smart but new student worker: useful, but always reviewed.
  • Disclose AI use when it’s meaningful. In research, follow your discipline’s and your publisher’s norms. In student-facing work, follow your syllabus and your college’s expectations. When in doubt, name the tool and what it did.
  • Keep your prompts professional. Anything you type into an MSU-licensed tool may be logged, retained, and subject to discovery the same way an email is.

Don’t

  • Don’t paste confidential or protected information into free, personal, or consumer AI tools. That includes ChatGPT free, Claude free, Gemini free, Copilot without a sign-in, and anything labeled “personal.” Free-tier consumer accounts may use your inputs to train future models. Once it’s in, you cannot pull it back.
  • Don’t share FERPA-protected information outside MSU-licensed tools. Student grades, advising notes, transcripts, disciplinary records, financial aid details, and anything else from an educational record stays inside MSU systems. If a tool is not signed in with your NetID, assume it is outside.
  • Don’t share HIPAA-protected health information with any general-purpose AI tool, free or paid. HIPAA workflows require specific contractual protections most general AI tools do not have. If your work involves PHI, talk to MSU’s compliance office before involving AI.
  • Don’t paste in passwords, API keys, or credentials. Ever. If you accidentally do, rotate the credential immediately.
  • Don’t let AI make a final decision about a person. Use it to draft, summarize, brainstorm, and analyze — but the human (you) makes the call on hiring, grading, admissions, accommodations, discipline, and performance. Document your reasoning, not the AI’s.
  • Don’t assume “private” means private. Free tools’ privacy promises change. Enterprise tools under MSU contracts are the floor, not the personal account you’ve been using for a year.

A simple rule of thumb

If you wouldn’t email it to a stranger, don’t paste it into a free AI tool. If you wouldn’t email it outside MSU, only paste it into an MSU-licensed AI tool signed in with your NetID.

When you’re not sure

  • Data classification questions — check with the data steward for the system that owns the information (Registrar for student records, HR for personnel, Sponsored Programs for grant data, etc.).
  • HIPAA / health information — contact MSU’s HIPAA privacy office before using AI on any PHI workflow.
  • Research data with a Data Use Agreement, IRB protocol, or sponsor restrictions — your DUA, protocol, or sponsor terms govern. AI use must fit inside those terms, not around them.
  • Anything you’re genuinely unsure about — pause, ask, and document. The cost of asking is low. The cost of a FERPA or HIPAA disclosure is not.

Suggested for

Every faculty and staff member at MSU — whether you’ve been using AI for two years or you’re opening Copilot for the first time today. Pair this with the MSU AI Tools page for the list of currently approved enterprise tools, and the AI Data Security at MSU page for the longer policy context.

← All resources