As AI-powered productivity tools become more accessible, many employees are independently signing up for AI notetaker apps or inviting them into online meetings—often without company authorisation. While these tools promise efficiency, they also introduce serious privacy, confidentiality, and security risks that organisations must urgently address.
What are AI Notetakers?
AI notetakers like Otter.ai, Fireflies.ai, Fathom, MeetGeek, Tactiq, Read.ai and Microsoft Copilot Facilitator join meetings as virtual participants or integrate directly into platforms like Microsoft Teams. They record, transcribe, summarise, and sometimes analyse conversations using large language models (LLMs) and cloud-based storage.
What are we seeing right now?
Privacy bodies like the OAIC and OVIC, have been talking about the privacy considerations around the use of commercially available Generative AI tools, including AI notetakers, since the early days of Generative AI, but without much evidence of use in the field yet at that time, many found this advice conceptually difficult to grasp at the time.
Fast forward to today and clients are now routinely questioning the presence of AI notetakers that appear as uninvited participants or guests in their online meetings. Typically, the notetaker will also email everyone with a summary of the meeting once it’s finished, which is usually what then sets off the alarm bells, especially if the notes haven’t come from the original meeting organiser!
The Risks vs Reward
AI notetakers can be powerful tools and save you a lot of resource time — when chosen explicitly , managed prudently, deployed intentionally and used responsibly. Organisations must balance productivity with privacy and compliance, especially in regulated industries or when meetings involve presentations or discussions around confidential or sensitive content, topics and matters.
Here are some pointers to guide your decision-making. We suggest getting them on your next leadership team meeting agenda pronto, communicating your decisions to your broader team, and then working with your IT team to get the right controls and permissions in place.
Key Risks to Assess
Lack of Consent and Transparency
Many AI notetakers begin recording without explicit consent from all participants. This can violate privacy laws such as the Privacy Act 1988 (Cth) in Australia, and international regulations like GDPR and CCPA.
Data Sovereignty and Storage
Transcripts and recordings are often stored in public cloud environments outside Australia, raising concerns about data sovereignty, unauthorised access, and cyberattacks.
Privilege and Confidentiality Breaches
In legal, HR, or executive meetings, AI notetakers may inadvertently record privileged or confidential information, potentially waiving legal protections.
Shadow IT and Compliance Gaps
Employees using AI tools without IT oversight create shadow IT/AI risks, bypassing governance frameworks and exposing organisations to unmonitored data flows.
Data Classification and Sensitivity Label Limitations
Even Microsoft’s own Facilitator app does not inherit sensitivity labels from meetings, meaning confidential discussions may be stored without appropriate classification.
The Road to Success
Managing risk in the AI-enabled business world must start at the top but must also very quickly become part of the new way everyone things about their day-to-day work as well.
AI isn’t going anywhere, and there are substantial efficiency gains to be had. If members of your team are already using tools you have not authorised, it’s time to consider properly licensing them and teaching them to use your preferred tools according to what’s acceptable and appropriate for your organisation and stakeholders. Here’s how to get started.
Make Intentional Governance and Management Decisions Now
- Policy Position: Decide on and communicate your organisaiton’s position and update your policies to explicitly prohibit the use of unauthorised AI notetakers by your team or in meetings. This also means deciding what will be AI-ok for your team to use – more on this later.
- Top tip! Many organisations have prepared advisory statements to present at the beginning of meetings, presentations or to add to meeting invites advising that no AI unauthorised notetakers are permitted.
- Maintain an Approved Tools List: Maintain a whitelist of approved AI tools (e.g., Microsoft 365 Copilot if you want to make use of the AI-notetaking capabilities available inside your organisation’s data boundaries.)
- Incident Reporting: Establish a culture of “no-fault” reporting and clear channels for your team to ask questions or report unauthorised AI usage or the “overhsaring” of confidential or sensitive information.
Start Training & Awareness Initiatives
- Educate staff on the risks of AI notetakers and the importance of compliance with your new policy position and rules and give them a refresher course on the types of data and information your organisation handles and how that data should be classified, shared, and managed.
- Require meeting organisers and presenters to inform and obtain consent from all participants before enabling any AI transcription.
- Teach your staff to be on the lookout for AI notetakers and proactively ask them to be removed from meetings if not approrpriate.
- Top tip! If you have decided to stick with Microsoft 365 Copilot Meeting Summaries and/or the Microsoft Facilitator Agent, get your team well trained and put some workflows and processes in place to leave minimal room for error.
Get IT Controls in Place
Talk to your IT team about getting the following protections in place sooner rather than later.
- Disable Unauthorised AI Notetaker Apps: Instruct IT to disable any unauthorised AI notetaking apps that your staff many have installed.
- App Blocking: Implement settings to block all third-party apps by default unless explicitly approved by your management team.
- AI Reporting and Auditing: Explore what reporting and alerts can be provided to you to monitor usage and manage new risks.
- Top tip! Ensure only properly licensed and authorised users can access the Facilitator features now available in Microsoft 365 Copilot.
Ready to make a start?
