Microsoft Copilot: what the sources say
Microsoft · United States
Profile last reviewed 31 May 2026. This record reflects the guide as published; check tautoru.ai/ai/tools/copilot for the current version.
What this record is. A dated summary of what Microsoft’s own terms and the applicable New Zealand rules say about putting different kinds of information into Microsoft Copilot, on each of its plans. Each entry links to the primary source it is drawn from.
What it is not. It is not legal advice, and it is not a certificate that any particular use is safe or approved. It records what the sources say; whether a given use is appropriate for your matter is your own judgment, on your own facts, and — where the stakes warrant it — a question for you and your own advisers. The colours summarise sources; they are not Tautoru’s permission.
The position, by kind of information
1. Public information
Material already published to the world and under no restriction: reported case law, statutes and regulations, regulator and government guidance, public company filings, and published writing. One caveat decides the edge cases — information being publicly available does not take it outside the Privacy Act. A public register full of named individuals is still personal information; treat bulk or re-identifiable personal data as category 5, not as category 1.
Public information carries no confidentiality or privacy constraint. Consumer Copilot is permitted for it; the only live question is accuracy, not data handling.
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026)
No confidentiality or privacy constraint; Microsoft 365 Copilot does not train on prompts or responses.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
No confidentiality or privacy constraint; Microsoft 365 Copilot does not train on prompts or responses.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
No constraint; the Azure OpenAI layer does not train on inputs.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
2. Internal non-confidential
Material that is neither public nor commercially confidential, and not about any identifiable person: blank templates and precedents, general know-how, and truly hypothetical scenarios.
Low-sensitivity internal material with no confidentiality or privacy constraint; permitted on consumer Copilot.
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026)
Low-sensitivity internal material; Microsoft 365 Copilot does not train on inputs.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
Low-sensitivity internal material; Microsoft 365 Copilot does not train on inputs.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
Low-sensitivity internal material; the Azure OpenAI layer does not train on inputs.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026)
3. Internal confidential (non-privileged)
Confidential information that is not legally privileged — whether it is your customer’s, client’s or a third party’s. It covers client identity and retainer terms, deal and business information, and anything imparted in confidence (by contract, by undertaking, or by the circumstances). If the material is also privileged, use category 4; if you are unsure whether it is confidential, treat it as if it is.
The issue with consumer Copilot is training: by default Microsoft may train on your conversations. Turn training off in the privacy settings and it becomes usable for internal-confidential material — the live constraint is then your duty of confidence (Conduct rules, ch 8): client authority or adequate safeguards. Be very clear, though: if training is left on, Microsoft may train on your data and you must not put internal-confidential material in. (Some chats may still be staff-reviewed; for the most sensitive work prefer Microsoft 365 Copilot.)
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
Microsoft 365 Copilot (Business) does not train on prompts or responses and is opted out of human review, so the live constraint is your duty of confidence — client authority or adequate safeguards — not the tool.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training, opted out of human review, tenant-isolated, with admin-controlled retention (Purview). The duty of confidence governs — obtain authority or rely on adequate safeguards.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
The Azure OpenAI layer does not train on inputs and can be configured for limited retention; the duty of confidence still requires authority or safeguards.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
4. Legally privileged
Material attracting legal advice privilege or litigation privilege — a subset of confidential information, and the most protected. Privilege belongs to the client, not the lawyer. Whether putting it into a third-party tool affects privilege turns on confidentiality and waiver, addressed in each tool profile and in our guidance; it is not a foregone conclusion. Whether a given document is privileged at all is a question for a qualified lawyer — the safe course is precautionary: if it could be privileged, proceed as if it is.
Again the issue is training. With the model-training toggle off, confidential use of consumer Copilot does not waive privilege (Evidence Act s 65; B v ADLS), so it is usable for privileged material with care. But be very clear: if training is left on, Microsoft may train on the material and you absolutely must not put privileged material in. For privileged work, Microsoft 365 Copilot is the cleaner choice. (Confidential use of a no-training tool does not itself waive privilege — see our guidance on privilege.)
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
Microsoft 365 Copilot does not train on inputs and is opted out of human review, so confidential use does not waive privilege (Evidence Act s 65; B v ADLS). Amber, not green, because privileged work warrants a deliberate firm protocol and client authority.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training, opted out of human review, tenant isolation and retention controls keep the material confidential in fact, so privilege is not waived (s 65; B v ADLS). A deliberate protocol is still warranted.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
The Azure OpenAI layer does not train on inputs; confidential use does not waive privilege. The product-level safeguards are yours to configure.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
5. Personal information (Privacy Act 2020)
Personal information means any data about an identifiable living individual. Explicit names are not required. Contextual details alone can identify a client, witness, or opposing party. Inputting this data into AI tools can trigger strict compliance rules. Under Section 11 of the Privacy Act 2020, sending personal data to an overseas cloud service provider solely for processing or safe custody on your behalf is not usually treated as a “disclosure”. You remain responsible for it. The moment an AI provider’s terms allow them to use your inputs for their own purposes (such as training their models), it becomes an official disclosure to an overseas agency, and can trigger information privacy principle 12.
The issue is training. With training turned off, putting personal information into consumer Copilot is workable: it remains a cross-border disclosure (IPP 12) to a US provider, so rely on the no-training setting and the comparable-safeguards analysis. But be very clear: if training is left on, Microsoft may train on the data and you must not put personal information in. For volume or sensitive personal data, a commercial plan is better.
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12 — Microsoft's DPA (Data Processing Agreement/Addendum) and no-training terms support the comparable-safeguards test, but NZ data may still be processed in the US (the EU Data Boundary is an EU-user benefit). No training on inputs means the offshore provider is not using the data for its own purposes. Record the basis.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12; the DPA, tenant isolation and retention controls support comparable safeguards. No training on inputs means the offshore provider is not using the data for its own purposes. Note NZ processing is not pinned to NZ, and Anthropic's models sit outside the EU Data Boundary.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12; the Azure DPA and region selection support compliance; no training on inputs means the offshore provider is not using the data for its own purposes.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
6. Sensitive personal information
Personal information whose misuse carries a heightened risk of harm. New Zealand’s Privacy Act does not define a separate “sensitive” class as the GDPR does in Europe, but in practice this material warrants extra care, senior approval and a privacy impact assessment: health and mental-health information, biometric data (a Biometric Processing Privacy Code applies from 3 August 2026), financial details, criminal history, and information about ethnicity, religious belief, sexual orientation or immigration status. Health information in particular requires a significantly higher standard of protection than ordinary personal information.
The issue is training. With training off, sensitive personal information can be used with care (there is a risk the IPP 12 cross-border rules apply). But be very clear: if training is left on, Microsoft may train on the data and you absolutely must not put sensitive personal information in. Given the sensitivity, a commercial plan with stronger controls is preferable.
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training, opted out of human review; the DPA supports sensitive data, but prefer Enterprise for the strongest controls. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; tenant isolation, Purview retention and admin controls support sensitive data under a deliberate protocol. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; configurable controls; suitable for sensitive data in an engineered workflow with your own safeguards. IPP 12 risk mitigated by no training on inputs.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
7. Children’s information
Information about a child or young person. It is also personal information (category 5), and often sensitive (category 6), and it carries additional care because of children’s vulnerability and the weight given to their best interests. Treat it as needing the strongest justification, even where a rule does not strictly compel it.
The issue is training. With training off, children's information can be handled with care (IPP 12 risk, and children's information carries heightened sensitivity). But be very clear: if training is left on, Microsoft may train on the data and you absolutely must not put children's information in. A commercial plan is preferable for material this sensitive.
Sources: Privacy FAQ for Microsoft Copilot (consumer) (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training, opted out of human review; handle under a deliberate protocol with enterprise controls. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; tenant isolation and retention controls support children's information under a protocol. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise data protection in Microsoft 365 Copilot and Copilot Chat (as at 31 May 2026); Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; configurable; IPP 12 risk mitigated by no training on inputs; controls are yours to build.
Sources: Data, Privacy, and Security for Microsoft 365 Copilot (as at 30 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
8. Court-protected material
Material under an independent legal restriction that binds regardless of the tool or plan: name suppression and non-publication orders, confidentiality and sealing orders, statutory automatic suppression (for example in some Family, care-of-children and youth proceedings), and undertakings you have given to the other side. The restriction is the bar, not the technology — if any order or undertaking might apply, proceed with extreme caution.
Suppression orders, confidentiality orders, sealed material and undertakings are independent legal restrictions that can apply regardless of tool or plan; the NZ Law Society's AI guidance is explicit that suppressed material must not be entered into AI tools.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
What the colours mean
- GreenBased on current provider terms and standard New Zealand frameworks, using this information on this plan is unlikely to breach primary regulatory or privacy restrictions. However, users must still consider any case-specific confidentiality obligations. Sources linked.
- AmberUse is acceptable only if specific safeguards are active. This workflow demands explicit settings adjustments, precise redactions, or specific contractual coverage to remain within legal limits. Sources are linked below.
- RedUsing this information on this plan will breach primary New Zealand regulatory or privacy limits. Proceeding requires a fundamental structural change — such as upgrading to a secure enterprise tier, switching vendors, or utilising a local, self-hosted deployment. Sources linked.
- BlackAn independent restriction — court order, suppression order, statutory prohibition, undertaking — applies regardless of tool or plan.
- Not yet assessedWe have not yet established a sourced position for this cell. It carries no colour rather than a guess (Policy §5.3).
Sources cited in this record
- Privacy FAQ for Microsoft Copilot (consumer) — Microsoft. Perma.cc record (as at 30 May 2026).
- Data, Privacy, and Security for Microsoft 365 Copilot — Microsoft. Perma.cc record (as at 30 May 2026).
- Generative AI guidance for lawyers — New Zealand Law Society. source (as at 31 May 2026).
- Enterprise data protection in Microsoft 365 Copilot and Copilot Chat — Microsoft. source (as at 31 May 2026).
- Evidence Act 2006, s 65 (Waiver) — New Zealand Legislation. source (as at 31 May 2026).
- B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 — Privy Council (on appeal from New Zealand). source (as at 31 May 2026).
- Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) — Office of the Privacy Commissioner. source (as at 31 May 2026).