Pol 2.320 Institutional Artificial Intelligence Use

Kirtland Community College supports responsible, transparent, and ethical use of generative artificial intelligence (GenAI) and Agentic AI (agents) to enhance teaching, learning, operations, and services. This policy establishes expectations for privacy, data protection, and user notification when AI tools are used in institutional processes. The goal is to foster innovation while mitigating risks related to data security and intellectual property.

Scope

This policy applies to any AI technology—including text, image, code, and audio generators—used for college business, including but not limited to:

• Chat-based AI assistants: (e.g., ChatGPT, Copilot, Claude, Gemini)
• Automated document generation: Tools for drafting reports, emails, or marketing copy.
• AI-powered analytics: Predictive modeling for enrollment or financial forecasting.
• AI-driven tutoring or advising tools: Automated student support interfaces.
• AI-enhanced support services: Technical support chatbots or ticketing systems.
• Media Creation: AI tools used to generate institutional images, videos, or voiceovers.
• Agentic AI: AI systems designed to autonomously reason, utilize tools, and execute multi-step workflows to achieve specific objectives with minimal human intervention.

This policy applies to all Kirtland employees and contractors utilizing AI tools for institutional purposes but does not apply to faculty-approved use of AI for students in their courses. This policy encompasses both Enterprise (college-contracted) and Public (consumer-grade) AI tools operated by Kirtland and third-party vendors.

Guiding Principles

Transparency

Kirtland will inform users when they are interacting with, or their data is being processed by, a generative AI system. Users have a right to know if a response is synthetic or human-generated.

Privacy and Data Protection

AI tools must protect the confidentiality, integrity, and security of college data, consistent with:

• FERPA: Family Educational Rights and Privacy Act (1974)
• GLBA: Gramm-Leach-Bliley Act (1999)
• HIPAA: Health Insurance Portability and Accountability Act (1996)
• Institutional Policy: Kirtland’s Information Security and Data Classification Policies.

Human Oversight (“Human-in-the-Loop”)

Kirtland Community College adheres to a “Human-in-the-Loop” philosophy. While AI tools may support, streamline, or enhance college operations, they do not replace the necessity of human judgment.

• Mandatory Review: All AI-generated output, including but not limited to emails, reports, data summaries, and code, must be reviewed, edited, and verified by a qualified staff member before it is published, sent to a recipient, or acted upon.
• Professional Accountability: Humans remain legally and professionally accountable for the outcomes of AI-assisted work. Using “AI error” or “algorithmic hallucination” is not an acceptable defense for inaccurate or harmful information released under a staff member’s name or department.
• High-Stakes Decision Making: AI may provide data or suggestions, but it shall not have the final authority in matters involving:
  • Academic Integrity: Final determinations on student grading or plagiarism.
  • Disciplinary Actions: Decisions regarding student conduct or employee performance.
  • Employment: Hiring, termination, or promotion decisions.
  • Due Process: Any situation where a person’s rights, standing, or benefits are at stake.
• Contextual Validation: AI lacks the ability to understand Kirtland’s specific institutional culture, historical context, or empathetic nuances. Staff must review outputs to ensure they align with the College’s mission, values, and specific community needs.

Requirements for Institutional AI Use

User Notification

Whenever an AI system is used in a college-facing process (e.g., chatbot, automated writing feedback, ticketing assistant):

• Clear Labeling: Users must be clearly informed at the start of the interaction.
• Accuracy Disclaimer: A disclaimer will be provided stating that outputs may be imperfect and should be verified.
• Human Escalation: Users will be given a clear path (e.g., a contact email or office phone number) to request assistance from a human employee.

Example notification: “This service uses generative artificial intelligence to assist with your request. AI outputs may not always be accurate. If you prefer to work with a staff member, please contact [Office/Extension].”

Privacy and Data Handling

Any AI tool used for institutional purposes must adhere to strict data sanitization:

• Anonymization: Do not store or use identifiable student information/personally identifiable information (PII) unless approved by the Data Owner and ITS.
• Approved Platforms: Use only institutionally approved accounts (e.g., Kirtland-managed Enterprise licenses) for sensitive work involving financial or student records.
• Restricted Data Elements: Avoid entering protected or sensitive data into public AI prompts, including:
  • Social Security numbers or Financial account information.
  • Medical data or disability documentation.
  • Student grades, ID numbers, or specific academic records.
  • Employee evaluations, personnel records, or private legal strategies.

Vendor and Contractual Standards

Before adopting new third-party AI tools, contract terms must include:

• Data Ownership: Kirtland retains full ownership of all input data and generated output.
• Training Restrictions: A clause stating that Kirtland data will not be used to train public/global AI models.
• Security Standards: Verification of secure data retention and prompt deletion procedures upon contract termination.

Staff Responsibilities

Employees using AI tools for institutional tasks must:

• Fact-Check: Verify the accuracy of AI-generated output (checking for “hallucinations”) before using it in official communications.
• Attribute: Disclose when AI has been used to generate significant portions of a public-facing report or document.
• Verification Guarantee: Employees must manually fact-check and “sign off” on AI-generated content. No AI output should be “auto-sent” to students or the public without a human intermediary reviewing it for accuracy and tone.
• Report: Immediately notify ITS of any AI malfunctions, data leaks, or suspicious behavior by the tool.

Prohibited Uses

The following activities are strictly prohibited:

• Direct Processing of PII: Inputting confidential or sensitive student/employee data into public, non-enterprise AI tools.
• Autonomous Decision-Making: Using AI tools to make final determinations involving grades, admission status, employment actions, or disciplinary outcomes without human review.
• Deceptive Use: Deploying AI systems (like deepfakes or voice cloners) to impersonate college leadership, faculty, or staff.
• Unvetted Deployment: Implementing AI-driven “Shadow IT” (using personal paid subscriptions for work involving college data) without ITS approval.
• Copyright Infringement: Using AI tools to generate content that knowingly violates existing copyright, trademark, or licensing agreements.
• Direct Communication with Students: Using AI tools to perform direct communication and responses to student emails without human review.
• Blind Trust in Output: Distributing or acting upon AI-generated data, citations, or instructional content without first performing a manual verification against an authoritative, non-AI source.

Implementation and Review

• Governance: The ITS Department will maintain a “Service Catalog” of College-approved AI tools and their approved classification levels (e.g., “Safe for Public Data only”).
• Training: Training on “Prompt Engineering” safety and data privacy will be provided to employees for institutional AI systems.
• Policy Evolution: This policy is a living document. It will be reviewed biannually to address rapidly changing regulatory, technological, or operational updates.

Proposed May 21, 2026
Adopted June 18, 2026