University of Maryland
AI Leadership Training · 2026 ← Back to Roster
AI at UMD

Using AI responsibly at Maryland

AI tools offer real value for your work — and UMD has made it straightforward to use them safely. This page explains what the guardrails are, which tools are approved, and how to work confidently within them.

🛡️
The core rule: UMD classifies data into four levels — Low (1), Moderate (2), High (3), and Restricted (4). Use a UMD-approved tool for anything above Level 1. Never use any AI tool for Level 4 data (HIPAA, PCI-DSS, CUI, export-controlled) without explicit DIT guidance. When in doubt, reach for TerpAI — it's free, available to all faculty and staff, and cleared for Level 2 work.
Understanding Data Classification
Data Classification Level 1 – Low Level 1 · Low
Public / Low Risk

Unauthorized access likely to have low or no risk. May include some non-public data.

  • Data made freely available by public sources
  • Published data & open access research
  • Educational content
  • University website content
Data Classification Level 2 – Moderate Level 2 · Moderate
Internal / Moderate Risk

Disclosure likely to have adverse effects, but not significant impact on the University.

  • University ID (UID)
  • Student or personnel records without high-risk medical info or identity-theft risk (e.g., vaccination records)
  • Internal memos & pre-decisional documents
  • Budget planning & operational data
Data Classification Level 3 – High Level 3 · High
Confidential / High Risk

Disclosure likely to have significant and severe adverse effects — social, psychological, reputational, financial, or legal harm.

  • Identifiable information used for identity theft (e.g., Social Security numbers)
  • Non-HIPAA sensitive health info (e.g., student mental health records)
  • Conduct/disciplinary investigative records
  • Student Loan Application Information
Data Classification Level 4 – Restricted Level 4 · Restricted
Restricted by Law or Contract

Access strictly controlled by laws, regulations, or contracts. Unauthorized disclosure carries significant legal consequences, including civil and criminal penalties, loss of funding, and loss of research partnerships.

  • HIPAA — Health Insurance Portability & Accountability Act data
  • PCI-DSS — Payment Card Industry data
  • CUI — Controlled Unclassified Information
  • Export-Controlled Information
Before You Paste: A Quick Check
Ask yourself these questions before you paste
1
Is this data governed by law, regulation, or contract — HIPAA, PCI-DSS, export controls, or Controlled Unclassified Information?
Stop. This is Level 4 — Restricted. Do not paste this into any AI tool without explicit guidance from the Division of IT or the Privacy Office. Unauthorized disclosure carries civil and criminal penalties.
2
Does the content include Social Security numbers, student mental health records, conduct/disciplinary records, or Student Loan Application Information?
This is Level 3 — High. Use ChatGPT Enterprise (UMD's Level 3-cleared tool) or remove the identifiers before using any other approved tool. You can almost always rephrase: "a student in this situation" instead of a name or SSN.
3
Is this internal university business — UIDs, student/personnel records without high-risk info, budgets, or operational data?
Level 2 at minimum. Use a UMD-approved tool (TerpAI, Google Gemini, Microsoft Copilot, or Perplexity Enterprise Pro). Avoid consumer tools like free ChatGPT or Claude.ai (personal account).
4
Is this general, publicly available, or clearly non-sensitive information?
Level 1 — you're in the clear. Any tool works fine for drafting, brainstorming, summarizing public content, or exploring ideas.
UMD-Approved AI Tools
Tool & Description Cost Max Data Level
TerpAI ⭐ Recommended starting point
UMD's own generative AI platform. Access to leading AI models, customizable knowledge integration, intuitive interface. Great for drafting, analysis, and brainstorming in everyday administrative work.
FacultyStaffStudents
Free
Level 2 Level 2 · Moderate
ChatGPT Enterprise
OpenAI's enterprise platform with SOC 2 data protection, extended context, and unlimited usage. The highest data clearance of all UMD tools — suitable for sensitive institutional and research tasks.
FacultyStaffSponsored Affiliates
$20/mo (subsidized)
$30/mo after June 2026
Level 3 Level 3 · High
Google Gemini
Integrated into Google Workspace (Gmail, Docs, Sheets, Slides, Meet). Ideal if you already live in Google tools. Includes NotebookLM for research synthesis across source documents.
FacultyStaffStudents
Free (included with Google Workspace)
Level 2 Level 2 · Moderate
Microsoft 365 Copilot
Embedded in Word, Outlook, Excel, PowerPoint, and OneDrive. Best for users deeply embedded in the Microsoft ecosystem. Available in web-grounded and work-grounded (M365 tenant) tiers.
FacultyStaffStudents
Licensed (contact DIT)
Level 2 Level 2 · Moderate
Perplexity Enterprise Pro
AI-powered research tool combining real-time web search with cited, evidence-based answers. Excellent for quickly surveying academic literature or current policy developments. Currently in a 1-year pilot.
FacultyStaff
Free (pilot)
Level 2 Level 2 · Moderate
Claude Pro / Claude Team
Anthropic's AI, known for strong reasoning and long-context analysis. Not directly provided by DIT — available through departmental procurement. Great for extended document analysis and nuanced writing tasks.
FacultyStaff (via department)
Dept. procurement required
Contact DIT for classification guidance
🔒 Level 4 Restricted Data — No AI Tools Without DIT Approval
No currently approved UMD AI tool is cleared for Level 4 data (HIPAA, PCI-DSS, Controlled Unclassified Information, or export-controlled data). Unauthorized disclosure of Level 4 data carries civil and criminal penalties, loss of research funding, and inability to obtain future grants or partnerships. Contact itsupport@umd.edu before using any AI tool with restricted data.
⚠️ Consumer Tools (personal accounts)
Free consumer versions of ChatGPT, Claude, Gemini, and Copilot are not approved for institutional data. These tools may use your input to train their models and do not carry UMD's data agreements. Reserve them for personal, public, or Level 1 tasks only — and never use your UMD credentials to sign up for an AI tool without contacting DIT first (itsupport@umd.edu).
Working Smart Within the Guidelines
🔍
Anonymize before you paste
Replace names, IDs, and identifying details with placeholders ("the student," "a direct report," "College X"). You get just as useful a response, and the data never leaves safe territory. This works for 90% of HR, student affairs, and personnel scenarios.
📋
Describe the situation, don't paste the document
Instead of uploading a confidential personnel file, describe the situation in general terms and ask AI to help you think through it. You get strategic guidance without exposing protected information.
Always review before you send
AI outputs require human oversight — especially in administrative decisions. Check for accuracy, tone, and appropriateness before using any AI-generated draft in official communications, reports, or recommendations. You remain accountable for the final product.
📣
Disclose AI use in official documents
UMD guidelines ask that AI-generated content in official communications or reports be disclosed and attributed. A simple note at the end — "Drafted with AI assistance and reviewed by [name]" — keeps you in compliance and sets a good example for your division.
🔬
Be extra cautious with research data
Unpublished manuscripts, grant proposals under review, confidential interview transcripts, and research subject information should not be shared with any AI tool — even approved ones — unless you've confirmed with your PI or the DIT Privacy Office first. Contact umd-privacy@umd.edu if unsure.
💡
Use AI to think, not to decide
AI is excellent for generating options, drafting language, summarizing information, and helping you think through problems. Consequential decisions — about people, policy, budget, or legal matters — should always be made by a person with proper authority, not delegated to AI output.
Regulations That Apply to Your Work
FERPA
Family Educational Rights & Privacy Act
Protects student education records. Names, grades, enrollment status, and academic performance are covered. Do not share identifiable student data with any non-approved AI tool.
HIPAA
Health Insurance Portability & Accountability Act
Covers individually identifiable health information. Relevant for research involving human subjects, University Health Center data, and employee wellness programs.
MPIA
Maryland Personal Information Protection Act
State law protecting personal information of Maryland residents. Applies broadly to any personal data UMD collects or processes, including data in administrative systems.
IP
Intellectual Property Policy
Unpublished research, inventions, and grant proposals have IP protections. Inputting them into AI tools without review could compromise patent rights or expose confidential work to third parties.
Questions? Get Help
General AI Tools & Policy
DIT AI Solutions Team
dit-ais@umd.edu
For tool selection, questions about approved tools, or feedback on UMD's AI services.
Data Privacy & Research
UMD Privacy Office
umd-privacy@umd.edu
For questions about FERPA, HIPAA, research data, or whether a specific use case is compliant.
Procurement & New Tools
IT Support
itsupport@umd.edu
Before signing up for any AI tool with UMD credentials, contact IT to ensure compliance with procurement and security requirements.
Policy & Guidelines
Office of the Provost
provost@umd.edu · 301.405.5252
For questions about UMD's AI use guidelines or institutional policy interpretation.
📚 Full Guidelines & Resources
The complete UMD Guidelines for the Use of Generative AI Tools — including sections on teaching, research, and administrative use — are available at ai-resources.umd.edu/resources/guidelines. The approved software catalog is at ai-resources.umd.edu/resources/software.