Artificial intelligence tools like Zoom AI Companion, Copilot and ChatGPT can help save time by summarizing meetings, organizing notes and drafting quick content. However, when these tools are used to conduct University of Colorado business, the information they generate may be considered a public record under the Colorado Open Records Act (CORA). 

AI-generated content may be a public record 

Under Colorado law, public records may include any writings or digital materials made, maintained or kept by a public agency for use in exercising functions required or authorized by law. This can include AI-generated meeting summaries, transcripts, chats and similar records created while conducting university business. 

AI-generated content is not automatically exempt from disclosure requirements. If a meeting summary or ChatGPT conversation documents university business, it may be subject to a CORA request. 

Use AI meeting tools thoughtfully 

AI-powered transcription and meeting summary tools can improve productivity, but they should be used in ways that align with CU policies for data protection, compliance and IT risk management. 

Before enabling AI transcription or meeting summaries, consider whether the meeting is appropriate for an automated summary. 

Best practices 

• Avoid using AI meeting summaries or transcription for meetings involving sensitive, confidential or regulated information. 
• Inform all meeting participants before enabling AI notetaking, transcription or recording. 
• Review every AI-generated summary before sharing or relying on it. Treat AI-generated content as a draft that requires human review. 
• Verify names, action items, decisions, technical terminology and quotations. AI transcription is not perfect and may contain errors, misattribute comments or misunderstand specialized language. 
• Consider where transcripts and recordings are stored, who can access them and how long they are retained.  
• Retain AI-generated transcripts and summaries only as long as required under applicable records retention requirements (PDF).  
• Use only CU-licensed AI tools that have been reviewed and approved through the appropriate procurement and security processes. Free or unlicensed AI services often rely on broader data collection, intrusive data processing or other business practices that may not meet CU requirements. 

Protect university information while benefiting from AI 

AI meeting summaries and generative AI tools can improve efficiency when used appropriately. They also introduce considerations around privacy, security, records management and legal compliance. Taking a few simple precautions can help reduce these risks while still allowing you to benefit from AI-assisted productivity tools. 

The Office of Information Security (OIS) provides guidance on approved AI tools, data classifications and information-handling requirements. Following these guidelines helps ensure CU meets requirements while allowing staff to use AI technologies responsibly.