Safety, Privacy, and Responsible Use of Copilot By the end of this lesson, students should be able to: IMPORTANT: Privacy policy details described in this lesson reflect publicly available information as of the course creation date. Microsoft's privacy policies and product settings evolve. Always verify current practices at microsoft.com/privacy and microsoft.com/trust-center – do not rely on this course for current policy specifics. How Microsoft handles Copilot conversation data – the general picture. Based on publicly available information, Copilot conversation data may be used to improve Microsoft's AI products. Microsoft has documented that conversation data may be reviewed by humans for safety and quality improvement. Retention periods and specific data practices vary based on your account type and Microsoft's current policies. Verify current specifics at: microsoft.com/privacy and the Microsoft Privacy Dashboard at account.microsoft.com/privacy. Your primary privacy control: the Microsoft Privacy Dashboard. Microsoft provides a Privacy Dashboard at account.microsoft.com/privacy that allows you to: Additionally, Microsoft has described settings related to how your data is used in Copilot. Find and review these in your Microsoft account settings – the exact navigation may change with product updates. Personal Microsoft account vs. organizational Microsoft 365 account – an important distinction. Personal Microsoft account (used to sign in to consumer services): Subject to Microsoft's consumer privacy policy. Data handling is governed by Microsoft's standard consumer terms. Organizational Microsoft 365 account (used by businesses and organizations): Subject to your organization's Microsoft 365 agreement with Microsoft. Microsoft has stated that for Microsoft 365 Copilot (the business version), data is not used to train foundational models and stays within the organization's Microsoft 365 tenant. Verify current data handling terms at microsoft.com/trust-center. If you use Copilot through a work account managed by your organization, your organization's IT or legal team can tell you what data handling policies apply. Do not assume consumer privacy terms apply to a work account. The principle of minimum necessary disclosure. Even with privacy settings configured to your preference, share only what Copilot needs – not everything you have access to. Data that was never shared cannot be affected by any policy change. Steps to protect your privacy. A freelance consultant using a personal Microsoft account uses Copilot for client work. When she reviews her Microsoft Privacy Dashboard, she finds conversation history has been saved. She adjusts her settings to limit data collection, deletes conversation history she is uncomfortable with, and establishes a practice of anonymizing all client-specific information before pasting it into Copilot. She also checks whether her client contracts include AI tool restrictions. This lesson provides general conceptual guidance – not legal advice. If you handle data governed by specific regulations (HIPAA, GDPR, FERPA, PCI-DSS), consult your organization's legal or compliance team before using Copilot with any covered data. Regulatory compliance obligations may restrict AI tool use in ways that go beyond personal privacy preferences. Log in and enroll to access lesson quizzes.
Lesson 2: Microsoft’s Data Practices and Your Privacy Controls
Lesson Objectives
Lesson Content
Practical Example
Safety Notes