Unit Title: Understanding the Power and Responsibility of Data
Level: Applied Professional Practice
Duration: 120–150 minutes (flexibly divided over 2–3 sessions)
🎯 Learning Objectives
By the end of this week, you should be able to:
- Understand key data concepts and types relevant to AI use.
- Recognise personal, organisational, and public data vulnerabilities.
- Evaluate and improve your privacy hygiene as an AI user.
- Apply ethical and legal compliance standards (e.g., GDPR, copyright, model licensing).
- Construct workflows that respect data boundaries and storage norms.
🧭 Lesson Flow
| Segment | Duration | Format |
|---|---|---|
| 1. Introduction to Data Literacy | 25 min | Conceptual and Technical |
| 2. Privacy in the Age of AI | 30 min | Practices and Exposure Risk |
| 3. Compliance and Regulation | 25 min | Legal/Ethical Frameworks |
| 4. Safe AI Workflow Design | 20 min | Templates and Habits |
| 5. Exercises + Knowledge Check | 40–60 min | Data Audits and Redesigns |
🧑🏫 1. Introduction to Data Literacy
📖 Teaching Script:
AI is only as trustworthy as the data that trains or feeds it.
As a user, your ability to understand, respect, and guard data integrity defines the quality and safety of your AI practices.
📘 Key Data Types for AI Users:
| Data Type | Examples |
|---|---|
| Structured Data | Spreadsheets, tables, databases |
| Unstructured Data | Emails, PDFs, audio, freeform notes |
| Personal Data | Names, addresses, IP, emails |
| Sensitive Data | Health info, race, religion, biometric |
| Public Domain Data | Government reports, open-source datasets |
🧠 Terms to Know:
- PII = Personally Identifiable Information
- Anonymisation = Removing links between data and identity
- Data provenance = Origin or source of the data
- Metadata = Data about the data (e.g., timestamps, author)
🔍 Three Mini-Examples:
- Using AI to analyse customer feedback emails: how do you ensure PII isn’t leaked or retained?
- Creating a dataset for training a policy summariser: where did the texts come from?
- Asking AI to rewrite a document with internal figures: are those figures supposed to be shared?
🛡️ 2. Privacy in the Age of AI
📘 Common Privacy Risks:
| Risk Type | Example |
|---|---|
| Unintentional exposure | AI trained on sensitive student papers outputs them again |
| Input memory leaks | Prompting AI with client details that get “remembered” |
| Public-facing misuse | Using real chat logs for training or marketing without consent |
🧠 Tools and Tips for Privacy Hygiene:
- Redact sensitive data before entering prompts
- Use synthetic data (invented but realistic) for testing
- Work in private browsing/incognito modes when experimenting
- Avoid storing sensitive prompts in shared tools (Notion, Google Docs)
🧪 Example Prompts to Practise Privacy:
- “Create a simulated user profile without real names or emails.”
- “Turn this raw health data into anonymised case summaries.”
- “Evaluate whether this prompt includes personal data.”
⚖️ 3. Compliance and Regulation
📘 Frameworks You Must Know:
| Regulation | Key Focus | Applies To |
|---|---|---|
| GDPR (Europe) | Data rights, processing limits | Any EU subject’s data |
| UK Data Protection Act 2018 | National implementation of GDPR | UK-specific operations |
| CCPA (California) | Consumer opt-out and transparency | California users |
| OpenAI/Anthropic Licences | Usage rights, commercial terms | You as a platform user |
| Copyright Law | AI-generated reuse of text/images | Publications, education, creative use |
🧠 Scenarios to Apply Law:
- You ask ChatGPT to summarise a paid eBook — is that compliant?
- You build a policy newsletter from scraped government pages — do you credit the sources?
- You copy Midjourney art into your product packaging — do you have usage rights?
✏️ Sample Compliance Prompt:
“Check the above content for copyright or licensing risk. Identify if sources need attribution.”
🧩 4. Safe AI Workflow Design
📘 Safe AI Use Habits:
| Habit | Description |
|---|---|
| Always document source data | Track what went in and where it came from |
| Anonymise before input | Turn “Jane from London” into “a 35-year-old woman” |
| Use disclaimers | Let others know your content was AI-assisted |
| Avoid uploading client/internal docs | Don’t give AI access to contracts, internal comms, or accounts |
🧪 Workflow Design Examples:
Scenario: You generate quarterly business insights for clients
Workflow:
- Upload redacted data (no names or firms)
- Prompt for trends only, no case-specific predictions
- Review output against privacy checklist
- Add disclaimer: “AI-assisted. All data anonymised.”
📘 Template: AI Compliance Checklist
- Have I removed or hidden sensitive data?
- Am I allowed to use this data in this way?
- Is the output legally shareable or distributable?
- Do I need to cite or disclose AI use?
🧪 5. Exercises + Knowledge Check
✅ Exercise 1: Privacy Redesign
Take one of your recent AI outputs.
- Identify data risks
- Rewrite the prompt with redaction
- Add a disclaimer paragraph
✅ Exercise 2: Compliance Reflection
Pick one of the following: GDPR, CCPA, UK DPA.
- Summarise it in your own words
- List 2 ways it applies to your AI usage
- Write 100-word checklist based on it
✅ Exercise 3: Build a Privacy-First Prompt
Design a prompt that asks for insight without breaching data sensitivity.
Test it. Review its safety with the audit checklist.
🧠 Knowledge Check (10 Questions)
- What is PII and give 2 examples?
- Name one key difference between structured and unstructured data.
- What does GDPR regulate?
- What is data provenance and why is it important?
- How can you anonymise AI inputs?
- What are 2 risks of memory leaks in chat tools?
- When do you need to disclose AI use?
- Write a privacy-safe version of this prompt: “Summarise client email from Mary, age 52, about her cancer case.”
- What is synthetic data?
- Why should you avoid storing AI prompts in public docs?
📝 Wrap-Up Assignment (Optional)
Title: “Designing Ethical and Legal AI Workflows”
Include:
- One high-risk example you’ve fixed
- Your 5-rule AI privacy checklist
- A 100-word summary of a regulation (e.g., GDPR)
- Reflection: What have you changed in your AI habits?
📦 End-of-Week Deliverables
- ✅ Prompt redacted and rewritten
- ✅ Compliance summary + checklist
- ✅ Privacy-first prompt built and tested
- ✅ Knowledge check completed
- ✅ Optional: Workflow audit reflection