Encouraging People to Try New AI Tools — While Still Protecting Sensitive Data

A lab photo
The lab of David MacAlpine, professor of pharmacology & cancer biology at Duke. MacAlpine is one of the many researchers concerned about data stewardship.

The following is a summary of a story that originally appeared on The Office of Information Technology website.

Duke University is working through a challenge many campuses are facing right now: how to encourage people to try new AI tools while still protecting sensitive data. Over the past year, faculty, staff, and students have explored generative AI in their classes, research, and daily work. As they did, a common set of questions came up. Where does the data go? Who sees it? And how is it used? Those questions mattered, especially because many public AI platforms automatically reuse what people type into them.

“As a researcher, data stewardship is fundamental to our work,” said David MacAlpine, professor of pharmacology & cancer biology at Duke. “Even when data is de-identified, how it’s handled and where it ends up matters.”

To help the community experiment safely, Duke’s Office of Information Technology partnered with IT Security, legal, and procurement teams to build privacy protections into the systems themselves. The idea is simple: People shouldn’t have to be privacy experts before trying a new tool. 

“It’s not glamorous, and it’s largely invisible,” said Nick Tripp, Duke’s chief information security officer. “But instead of asking every individual to assess privacy risk on their own, Duke builds those protections into the infrastructure people rely on every day.”

One example of this approach is DukeGPT, the university’s AI platform designed for institutional use. It gives students, researchers, and staff access to AI tools inside an environment that follows Duke’s data stewardship policies. Duke also negotiated an educational license for ChatGPT Edu. Under that agreement, input data stays within Duke’s environment and is not used to train external models or for marketing.

The university also set clear rules about internal data access. Content from individual AI interactions is not viewable except under a few specific, policy‑defined circumstances.

All of this creates a structure that supports responsible experimentation. “Responsible AI isn’t about saying no — it’s about creating the conditions where researchers can say yes with confidence,” MacAlpine said.

For more information on AI tools at Duke, go to the Office of Information Technology website.