No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren’t even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation.
Or maybe it is and I’m just a modern luddite.
Regardless, I’ll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion@boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they’re correctly setup contains a supervisor field
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who’s your manager, or potentially from Outlook emails. From what I can tell, Microsoft’s been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from “regular” functionality like email trace or antispam. I have no idea how that’s GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person’s mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren’t even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation. Or maybe it is and I’m just a modern luddite.
Regardless, I’ll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion @boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they’re correctly setup contains a supervisor field
Thanks for the info!
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who’s your manager, or potentially from Outlook emails. From what I can tell, Microsoft’s been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from “regular” functionality like email trace or antispam. I have no idea how that’s GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person’s mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no