Data Privacy and What Not to Put in a Prompt
Anything in a prompt is information shared with a system. For M365 Copilot in the MillerKnoll tenant, enterprise protections apply, not the same as public ChatGPT.
Lesson 3
Right tool, right content.
If you would not email it outside the company without approval, do not put it in a public AI tool without checking.
Enterprise Copilot versus public tools
Core principles
- Handle carefully: identifiable personal performance or health data, anonymize where possible.
- Confidential business: unreleased financials, M&A, strategy, client pricing, unreleased product details.
- Client and customer data, check policies and agreements.
- Legal and regulatory content, confidentiality plus risk of AI mistaken for legal guidance.
- Most drafting, summarizing, and brainstorming on non-sensitive work is fine, know the sensitive category and apply care there.
Check yourself
What practical rule does this lesson give for deciding whether to use a public AI tool with a piece of content?
Enterprise Copilot and public tools have fundamentally different data protections. The email heuristic is fast: if you would not externalize it without thought, apply the same caution to public AI. When unsure, use Copilot or skip AI entirely for that task.
Do this in Copilot
Review last five Copilot prompts, any PII, confidential, or client-specific content? Was the tool appropriate?
Paste this into Copilot Chat and work through it before moving on.
Safer generalization
Help me draft talking points about an associate on my team who has had attendance challenges, without using their name or identifying details. Focus on manager actions and HR partnership.
- Anonymization
Did you run this in Copilot? Mark complete when you have tried it.
RecordedNext lesson: Responsible Use in High-Stakes Contexts →
Navigate: press j for next lesson, k for previous.