AI data governance is how you stop staff pasting confidential, customer or regulated information into public AI tools where it can be retained and reused. The fix is not banning AI. It is steering people onto sanctioned, commercially protected tools and putting technical controls around the data itself.
Every Melbourne SME we work with has the same quiet problem: people are already using ChatGPT, Gemini and Copilot, whether or not anyone approved it. The data has already started moving. Governance is about catching up to that reality before it bites.
The actual risk: your data ends up in someone else’s model
When a staff member pastes a slab of text into a free, consumer AI tool, that text leaves your control. Depending on the product and the account tier, it may be stored on the provider’s servers, reviewed by humans for quality, and used to train future versions of the model. That is the part that catches people out — not a dramatic breach, just an employee trying to work faster.
The realistic scenarios are mundane and that is what makes them common:
- A bookkeeper pastes a payroll export into a free chatbot to “summarise the anomalies” — names, salaries and Tax File Numbers go with it.
- A lawyer drops a draft settlement deed in to “tighten the language” — privileged client material, now sitting on an external service.
- A sales rep uploads the full customer list to “write a follow-up campaign” — personal information of hundreds of people, handed to a third party with no agreement in place.
- A clinic manager pastes patient correspondence in to “make it sound friendlier” — health information, the most sensitive category there is.
None of these people are reckless. They are using a tool that is genuinely useful, on data they handle every day, without realising the back end works differently to Office or their line-of-business app. That is the gap governance closes.
Consumer AI vs commercial AI: the difference that matters
Not all AI tools treat your data the same way, and the difference is entirely about which account you are signed into. This is the single most important thing to get staff to understand.
Consumer tiers — a free ChatGPT account, a personal Gmail’s Gemini, a chatbot someone signed up for with their own email — generally reserve the right to retain prompts and use them to improve the model. The provider’s consumer terms, not a commercial contract, govern what happens to your data.
Enterprise and business tiers — the paid, commercially licensed versions tied to your organisation — come with explicit data-protection commitments. Prompts are not used to train the underlying models, data stays within a contractual boundary, and you get administrative controls. The same brand can sit on either side of that line depending on the plan.
| Tool | Consumer / free tier | Commercial / enterprise tier |
|---|---|---|
| ChatGPT | Prompts may be retained and used to improve models | ChatGPT Team / Enterprise — prompts not used for training, data stays in your workspace |
| Microsoft Copilot | Personal Copilot — consumer terms apply | Microsoft 365 Copilot — commercial data protection, prompts and data not used to train foundation models, stays within the Microsoft 365 service boundary |
| Google Gemini | Personal-account Gemini — may be reviewed and retained | Gemini for Google Workspace — enterprise data protection, content not used for training |
The practical instruction for staff is short: if AI work involves anything that is not already public, it goes through the sanctioned, organisation-signed-in tool — never a personal or free account. Microsoft 365 Copilot in particular sits inside the same service boundary as your existing Microsoft 365 data, which is why it is the natural starting point for most Melbourne SMEs already on Business Premium. Our guide to what is included with Microsoft 365 support in Melbourne covers where Copilot fits.
The Australian regulatory angle
This is not just a tidiness issue. Feeding personal information into an uncontrolled AND offshore service can put you on the wrong side of the Privacy Act 1988.
Under the Australian Privacy Principles (APPs), you must take reasonable steps to protect personal information (APP 11) and you carry obligations when personal information crosses borders to an overseas recipient (APP 8). Most consumer AI services process data offshore, which means an employee pasting customer data into a free tool can quietly trigger a cross-border disclosure you never assessed or agreed to.
The privacy reforms passed in late 2024 sharpened the picture. They introduced a statutory tort for serious invasions of privacy, strengthened enforcement powers for the Office of the Australian Information Commissioner (OAIC), and signalled tighter expectations around automated decision-making and transparency. The direction of travel is clear: regulators expect organisations to know where personal information goes and to be able to show they controlled it.
Sensitive information — health, biometric, and similar categories — attracts a higher bar again. A health service that lets staff paste patient details into a consumer chatbot has a genuine problem, not a theoretical one. If you operate in that space, our note on healthcare IT support and OAIC obligations is worth a read. The point for everyone else: regulated and customer data needs governance before it goes anywhere near a model.
The technical controls that actually work
A policy document on its own changes nothing. The control that holds is the one that does not depend on every employee remembering a rule at the moment they are busy. Here is the stack we put in place, roughly in order.
An AU-aligned AI acceptable use policy
You still need the policy — it sets the expectation, names the sanctioned tools, and gives you something to point to. The key is that it must be specific to your tools and your obligations, not a generic template. We have written separately about building an acceptable use policy that staff actually follow; the short version is that it should name which tools are approved, what data must never go into any AI tool, and who to ask when unsure. Treat the policy as the starting line, not the finish.
Sanctioned tools, properly licensed
Give people a good, approved option and most of the problem evaporates. Staff reach for free tools because nothing better was offered. Roll out Microsoft 365 Copilot or Gemini for Workspace on the right licence, sign them in under the organisation account, and the data stays inside the commercial boundary by default. Sanctioning a tool is cheaper than cleaning up after an uncontrolled one.
Microsoft Purview sensitivity labels and DLP
This is where governance gets teeth. Sensitivity labels tag and can encrypt your most sensitive files, and Data Loss Prevention (DLP) inspects content and acts on it. A DLP policy can warn or block when someone tries to send a document full of Tax File Numbers or Medicare numbers to an external destination — including, increasingly, paste actions into a browser-based AI tool via endpoint DLP. Labelling and DLP are also what govern what Copilot itself is allowed to surface internally. We cover the full setup in our piece on Microsoft 365 data governance, but the headline is that labels plus DLP are the data-layer control that does not rely on goodwill.
Conditional access
Identity controls decide who can reach the sanctioned tools and from where. Conditional access policies let you require a managed, compliant device and an MFA-verified identity before someone touches the corporate AI tools, and let you block access from unmanaged personal devices where you have no visibility. This is the difference between “we hope people use the right account” and “the wrong account simply cannot reach our data”.
Staff training
Controls reduce the blast radius; training reduces how often the trigger gets pulled. People need to understand, in plain terms, why a free chatbot is different from the signed-in corporate one, and what counts as data they must not paste. A fifteen-minute briefing that shows the consumer-versus-commercial difference does more than a fifty-page policy nobody reads.
Govern before you adopt
The mistake we see most is enthusiasm-first: a business rolls AI out across the company, then thinks about data governance when something goes wrong. Reverse it. Decide what data is sensitive, label and protect it, set DLP rules, pick and license your sanctioned tools, lock access with conditional access, then turn AI loose. Governance first is not slower — it is the only version that does not generate a clean-up project six months later.
A Box Hill scenario
An accounting firm in Box Hill we work with came to us after a partner noticed staff using personal ChatGPT accounts to draft client letters — pasting in figures, names and TFNs as they went. Nobody had done anything malicious; the firm had simply never offered an approved tool or said where the line was. We rolled out Microsoft 365 Copilot under their existing Business Premium licences, applied Confidential sensitivity labels with encryption to their client folders, set DLP rules on TFNs and Medicare numbers, and used conditional access so the corporate tools only worked from managed devices. We paired it with a short staff session on the consumer-versus-commercial difference. The firm now has a faster, sanctioned tool and a defensible answer if the OAIC or their professional indemnity insurer ever asks how client data is controlled.
TechAssist has run Microsoft 365 for Melbourne SMEs since 2014, with thirteen Australian-employed engineers and a 24/7 NOC in Tecoma. The govern-then-adopt review has quietly become one of the more common pieces of work we do as AI tools spread through workplaces.
Frequently asked questions
Is it safe to use ChatGPT for work?
It depends entirely on the account. A free or personal ChatGPT account may retain your prompts and use them to improve the model, so it is not appropriate for confidential, customer or regulated data. ChatGPT Team or Enterprise, signed in under your organisation, does not use your prompts for training and is a reasonable sanctioned tool. The rule of thumb: anything not already public goes only through the approved, organisation-licensed tool.
Does Microsoft 365 Copilot use our data to train its models?
No. Microsoft 365 Copilot operates under commercial data-protection commitments. Your prompts, responses and organisational data are not used to train the underlying foundation models and stay within the Microsoft 365 service boundary. That is precisely why it is a safer default than a personal AI account for business data.
Can staff pasting data into AI tools breach the Privacy Act?
It can. Pasting personal information into a consumer AI service that processes data offshore can amount to a cross-border disclosure under APP 8 and a failure to take reasonable security steps under APP 11. Sensitive information such as health data raises the bar further. Sanctioned tools, sensitivity labels and DLP are how you keep that data inside controls you can demonstrate to the OAIC.
How do we stop people using free AI tools without banning AI entirely?
You give them a good sanctioned alternative and put controls around the data. License a commercial tool such as Microsoft 365 Copilot or Gemini for Workspace, apply Purview sensitivity labels and DLP, enforce conditional access so the corporate tools only work from managed devices, and back it with a short, specific acceptable use policy and training. Most uncontrolled use stops once a better, approved option exists.
Where to start
You do not need to solve everything at once. Decide which data is genuinely sensitive, license one sanctioned AI tool, switch on a couple of DLP rules in audit mode, and run a fifteen-minute staff briefing. That alone moves you from “people are doing whatever” to a defensible, governed position.
If you would like a hand scoping an AI data governance rollout — sanctioned tools, Purview labels and DLP, conditional access and a policy that fits your obligations — talk to our cyber security team, or get in touch with TechAssist. We will tell you plainly what to lock down first and what you can safely leave alone.
