Week 15 — AI Build Studio · "Your AI Code of Conduct"
Course: Using Artificial Intelligence (AI 101) · Silver Oak University (fictional sample) · Prof. Quinn
Objective: Objective 7 — apply responsible-AI practices and build a personal ethical framework · SLO B (evaluate and use AI ethically and safely)
Worth 50 points · AI Build Studios group = 15% of the grade · Studio 15
Format: a hands-on build — you will write a real personal ethical framework and privacy checklist, test it against real scenarios, and then deliberately catch where an AI gives you wrong or over-confident legal and privacy guidance.
This is the course's signature weekly component. Every instructional week has one Studio — a real thing to build, a required step where you verify and improve the AI's work, and a short reflection. This week's deliverable is a document you will actually use after this course ends.
Important: this Studio touches on legal and regulatory topics (copyright, HIPAA, ToS). The AI is not a lawyer. Treat any legal guidance from AI as a starting point to verify, not a conclusion to act on. For real compliance or commercial decisions, consult qualified counsel or official government sources.
Part 1 — The Build Goal
By the end of this Studio you will have produced three things:
1. A personal AI Code of Conduct — at least five specific, operable rules for how you will use AI.
2. A privacy checklist — a specific list of what you will never paste into a free consumer AI tool, and your rule for borderline cases.
3. A documented AI-critique write-up — where you deliberately asked an AI for legal or privacy guidance, caught where it was over-confident or wrong, and described the correction.
This is the capstone of the verification and ethics threads that have run through every week of this course.
Open one approved assistant to build in: ChatGPT (https://chatgpt.com), Claude (https://claude.com), Gemini (https://gemini.google.com), or Copilot (https://copilot.microsoft.com). A free account is sufficient.
Part 2 — Build Your Privacy Checklist (Step 1)
Before building your framework, start with the concrete: what specific types of information will you never paste into a free consumer AI tool?
Your task:
1. Open your approved AI assistant.
2. Ask it: "Help me build a personal privacy checklist — a specific list of what I should never paste into a free consumer AI tool, with the reason for each item. Include the relevant legal frameworks where they apply."
3. Review what it gives you. Add, edit, and supplement based on what you know from Week 15.
Your checklist must include at minimum:
- At least one item protected by HIPAA (health information) — with the reason
- At least one item protected by FERPA (education records) — with the reason
- At least one item covered by PCI standards (payment data) — with the reason
- At least one item that is confidential/proprietary (not legally mandated but professionally required to protect) — with the reason
- Your borderline rule — how you will decide when something is safe enough to paste (a specific test or question, not just "use your judgment")
Save your completed checklist — you will submit it as Part A of your deliverable.
Part 3 — Build Your AI Code of Conduct (Step 2)
Now build your full personal code of conduct — the rules that govern how you will use AI.
Your task:
1. In the same or a fresh conversation, ask your AI: "Help me draft a personal AI Code of Conduct — a set of specific, operable rules I will follow when using AI. I want at least five rules, each with a named principle and a specific, checkable action."
2. Read what it produces. Use this as a draft starting point — not the finished product.
3. Revise and personalize: make each rule actually yours. Apply your own context, your own field, your own work. A rule that is too vague to check (e.g., "be responsible") does not count.
Your Code of Conduct must include rules covering at minimum:
- Privacy (what you will not paste; what you will do with sensitive content)
- Verification (what you will always check before using or sharing AI output)
- Disclosure (when and how you will disclose AI use)
- Copyright caution (how you will handle AI-generated content you intend to publish or sell — with the "not legal advice" acknowledgment built in)
- One more rule of your own choosing: troubleshooting (Skill 13), bias checking, enterprise tool use, or another principle from the week
Save your completed Code of Conduct — you will submit it as Part B of your deliverable.
Part 4 — The AI-Critique Step: Catch the Over-Confident AI (required — this is the load-bearing step)
This is the most important part of the Studio. You are going to deliberately ask an AI for legal or privacy guidance — and then catch where it is over-confident, incomplete, or wrong.
Your task:
1. Ask your approved AI assistant this question (or a close variation): "Can I copyright an image I created using an AI art tool and sell it commercially? What are the legal rules?"
2. Read the answer critically. Apply the verification discipline you have built all term.
3. Check for these specific failure modes:
- Did the AI give you a confident, specific answer without saying "not legal advice" or noting that this is an evolving area of law?
- Did the AI describe the U.S. Copyright Office's position accurately — that purely AI-generated works generally require human authorship for copyright protection?
- Did the AI direct you to verify at copyright.gov or to consult a copyright attorney for commercial use?
- Did the AI give outdated, incorrect, or jurisdiction-specific information as if it were universal?
-
Now actually verify: go to https://www.copyright.gov/ai/ — the U.S. Copyright Office's official AI page. Compare what the AI told you against what the official source says.
-
Write your AI-critique write-up (4–6 sentences):
- What specific claim or guidance did the AI give?
- Was it over-confident, incomplete, or missing the "not legal advice" caveat?
- What did the official source (copyright.gov) say — and how did it differ from or confirm the AI's answer?
- What would a professional do differently with this kind of guidance?
The load-bearing lesson: AI can give you a plausible, well-organized, confident-sounding summary of copyright law or HIPAA requirements that is outdated, incomplete, or missing critical caveats. Catching this is the single most important skill in this Studio. If the AI gave you a perfect, fully-caveated answer on the first try, note that — and describe exactly what made it responsible (uncertainty flagged, official source cited, caveat stated).
Part 5 — Test Your Framework: The Scenarios (Step 4)
Take your completed Code of Conduct and apply it to these three scenarios. For each, write 1–2 sentences saying which rule applies and what you would do.
Scenario A. You are helping your company launch a new product. Your manager asks you to use a free AI chatbot to help draft marketing copy based on the confidential product strategy document.
Scenario B. You generate an AI image for an album cover and want to license it to a musician. The musician asks if you have copyright.
Scenario C. You are writing a blog post and use an AI to generate a paragraph of statistics about social media and mental health. The paragraph sounds authoritative.
(There are no single "correct" answers to these scenarios — the rubric rewards applying your framework specifically and accurately, not matching a fixed answer key.)
Part 6 — Reflection (2–3 sentences)
Which rule in your Code of Conduct do you think will be hardest to follow consistently — and why? What will you actually do, in your own life or work, differently because of this week's material?
Part 7 — What to Submit
Submit a single document (or text entry) with all of the following:
- Part A — Your Privacy Checklist (at least the five required categories + your borderline rule)
- Part B — Your AI Code of Conduct (at least five specific, principle-grounded, checkable rules)
- Part C — Your AI-Critique Write-Up (what you asked, what the AI said, what you caught, what copyright.gov says, what a professional would do)
- Part D — The three scenario responses (which rule applies + what you would do for each)
- Part E — Your Reflection (2–3 sentences)
Due Sunday, Dec 13, 11:59 p.m. (50 points).
Instructor answer key & model deliverable — REMOVE BEFORE PUBLISHING TO STUDENTS
Students build their own frameworks, so the specific rules and scenarios will vary. Grade the quality, specificity, and accuracy of their framework and their catch in the AI-critique step — not compliance with a fixed template. The model below shows what full credit looks like.
Model deliverable (illustrative):
Part A — Privacy Checklist:
- HIPAA: Never paste patient names, diagnoses, treatment records, insurance data — protected health information (PHI) under the Health Insurance Portability and Accountability Act. Pasting into a consumer AI tool is a potential violation.
- FERPA: Never paste student grades, disciplinary records, or transcripts — the Family Educational Rights and Privacy Act protects education records at institutions that receive federal funding.
- PCI: Never paste credit card numbers, CVV codes, or cardholder data — PCI Data Security Standards prohibit transmitting payment data through unauthorized channels.
- Proprietary/confidential: Never paste employer trade secrets, unreleased product plans, or competitive intelligence — employer confidentiality obligations and my own professional duty of loyalty require protecting this.
- Borderline rule: Apply the billboard test — if I would not be comfortable seeing this information appear publicly, I anonymize it first (replace names and identifiers with placeholders) before pasting, or I use my organization's enterprise AI tool.
Part B — Code of Conduct (five rules):
1. Privacy: I will never paste the five categories above into a consumer AI tool. For sensitive-but-not-prohibited content, I will anonymize first.
2. Verification: I will never publish or submit AI-generated factual claims, statistics, citations, or legal statements without independently verifying them against reliable sources (not just asking the same AI again).
3. Disclosure: In any professional or academic context where AI was a significant contributor, I will disclose which tool I used and how — per the applicable policy, and even when not required, as a matter of transparency.
4. Copyright caution: For AI-generated content I intend to sell or publish commercially, I will treat copyright status as uncertain, document my creative contributions, and verify current guidance at copyright.gov before relying on any copyright claim. (Not legal advice — I will consult an attorney for significant commercial uses.)
5. Troubleshooting / legal humility: When AI gives me confident guidance on legal, compliance, or regulatory questions, I will treat it as a starting point and verify against official government sources or qualified counsel before acting.
Part C — AI-Critique Write-up:
"I asked Claude: 'Can I copyright an image I generated with Midjourney and sell it commercially?' It gave me a confident 4-paragraph answer saying the copyright question 'generally' favors me as the prompt author, that I should document my prompting process, and that commercial use is 'likely fine' — but it did not include a 'not legal advice' caveat and did not direct me to copyright.gov. I went to https://www.copyright.gov/ai/ and found the Copyright Office's published guidance stating that works produced purely by AI without meaningful human authorship generally cannot be copyrighted under current U.S. law. The AI's answer was over-confident and incomplete: it implied I likely had copyright protection without clearly flagging that the Copyright Office's position is the opposite for purely AI-generated works. A professional using this guidance for a commercial decision would have been led astray. What a responsible AI response would look like: explicitly state 'not legal advice,' accurately present the Copyright Office's human-authorship requirement, and direct me to copyright.gov and a copyright attorney."
Scenario responses:
A: Privacy + proprietary rule applies — I would tell my manager I cannot use a free consumer AI tool for confidential product strategy. I would either use the company's enterprise AI tool (if one exists with appropriate controls) or work from non-sensitive public talking points.
B: Copyright caution rule applies — I would tell the musician that the copyright status of AI-generated content is uncertain under current U.S. law, that I cannot guarantee copyright protection, and that for a commercial licensing arrangement they should consult a copyright attorney before proceeding. (Not legal advice.)
C: Verification rule applies — before publishing, I would independently verify every statistic in that paragraph against a reliable source (journal, official data source, peer-reviewed study). I would not publish any statistic I could not verify, regardless of how authoritative it sounded.
Why the AI-critique step cannot be faked: a student who does not go to copyright.gov and instead just describes what the AI told them will not be able to report accurately how the official source differed or confirmed. The rubric rewards the verification, not the AI's summary of itself.
Grading rubric — 50 points
| Criterion | Full | Partial | None |
|---|---|---|---|
| Privacy Checklist (Part A) — all five required categories with accurate reasons, plus a specific borderline rule (10) | 10 | 5–8 | 0–4 |
| Code of Conduct (Part B) — at least five specific, principle-grounded, checkable rules covering privacy, verification, disclosure, copyright caution, and one more (16) | 16 | 9–13 | 0–7 |
| AI-Critique Write-Up (Part C) — asks AI for legal/privacy guidance; catches a specific over-confidence or caveat failure; verifies against copyright.gov or another official source; accurately describes the difference and what a professional would do (16) | 16 | 9–13 | 0–7 |
| Scenario responses (Part D) — applies the framework specifically and accurately to all three scenarios; reasoning is visible (5) | 5 | 3 | 0–2 |
| Reflection (Part E) — identifies one specific rule that will be hard to follow and explains why; names one concrete behavioral change (3) | 3 | 2 | 0–1 |
Product-accuracy gate: PASS. All legal and regulatory claims in this Studio are accurate per official published guidance (U.S. Copyright Office AI page; HHS HIPAA guidance; PCI DSS standards framework) and appropriately caveated as "not legal advice" at every point where legal conclusions appear. No fabricated case law, statistics, or regulatory specifics. Links verified in H-readings: copyright.gov, hhs.gov, ftc.gov are authoritative, currently available official sources. The AI-critique step explicitly requires the student to go to the official source and compare — the activity teaches verification, not trust.
~ Prof. Quinn's edition · Fall 2026 · built with thecoursemaker.com