Generative Artificial Intelligence (AI) tools are rapidly gaining popularity, with many applications and services now offering AI-powered features and add-ons.  

At the University of Cape Town (UCT), staff and students engaged in administrative and support roles need clear guidance to use these tools responsibly and ethically to protect institutional, personal, and proprietary information at all times.

While the Centre for Innovation in Learning and Teaching (CILT) has developed separate resources for AI in research, teaching, and learning, this article provides best practices for AI usage in administrative and support functions, and potential privacy concerns with seemingly harmless AI tools.

These guidelines will evolve alongside advancements in AI, ensuring continued protection of UCT data and compliance with legal, contractual, and ethical standards.

Guidelines for AI usage

  • Transparency: clearly declare the use of AI tools in your work. 

    Example: If a document or meeting notes were generated primarily by AI, include a statement at the end noting AI involvement and confirming any necessary review or revision.

  • Compliance with POPIA: do not transfer personal information (such as email addresses, names, or recordings) to AI services governed by international laws that do not meet or exceed POPIA standards. For example, avoid entering sensitive data into public AI platforms like ChatGPT.
  • Treat AI inputs as public: never share personal, confidential, or UCT intellectual property with publicly available AI tools. Assume all information shared with these tools is public.
  • Data usage: publicly available (non-personal) data may be used with AI tools. For any sensitive data, consider legal, regulatory, or contractual obligations before use.
  • Fact-checking AI output: be aware that AI-generated responses may contain errors, biases, or inappropriate content. Always carefully analyse and verify AI outputs before use.

Additional considerations

  • Anonymise data wherever possible before using it with AI tools.
  • Where feasible, prevent AI tools from retaining your data inputs.
  • AI-generated responses are often imperfect. Always exercise judgment and edit outputs as needed.

Privacy concerns: example using meeting recordings

Recording meetings (such as in Microsoft Teams) is useful for capturing key discussions and actions but raises privacy and compliance issues. Many AI meeting assistant tools store data on servers in the USA, which may not align with POPIA requirements. UCT advises against using services that store data outside South Africa.

  • Always inform and obtain consent from meeting participants before recording.
  • Be cautious when sharing sensitive information in recorded meetings.
  • View the Teams meeting recordings web article for more information with managing permissions.
  • Where sensitive information is discussed in a meeting, either stop the recording or limit who can access the recording afterwards.  
  • Schedule time to assess who has access to meeting recordings, and where the recording is stored.  

Requesting AI Projects or Services

Before procuring generative AI tools, staff or departments should consult with ICTS. All third-party AI tools must undergo an information security and privacy risk assessment. If a tool is deemed unsafe, ICTS will recommend approved alternatives.  

UCT reserves the right to restrict the use of third-party AI meeting tools to protect institutional data and privacy.

Applicable UCT policies

All users are responsible for protecting the confidentiality, integrity, and availability of the information and data they handle. View the following policies on the ICTS policy repository for further guidance.

  • UCT Policy and Rules on Internet and Email Use
  • University of Cape Town Information Security Policy
  • Interim Privacy and Data Protection Policy