EV-2026-0148 · Workpaper · linked to Microsoft 365 Copilot — staff rollout
Final signed NSW AIAF workpaper for the Council-wide M365 Copilot rollout (~280 licensed staff). Approved at AIRC on 2026-05-07 with two conditions, both closed before this version.
Auto-generated from AIG Sentinel intake on 2026-04-18. Signed digitally via M365 Entra. Hash chained at upload; immutable thereafter.
Council-wide deployment of Microsoft 365 Copilot for staff document drafting, email summarisation, and meeting transcription within Teams. Scope: 280 licensed staff across all departments. Out of scope: resident-facing systems.
Medium. Reasoning: Copilot processes internal-only data (no resident PII), AI outputs always reviewed by staff before use or external send, no automated decisions. Initial provisional High downgraded after architecture review confirmed tenant isolation.
Internal documents in M365 tenant, staff email, Teams meeting transcripts. No resident PII enters Copilot prompts. Retention: Copilot operates on existing M365 data with existing GA28 retention. No additional retention.
PIA confirms no PPIPA or HRIPA collection beyond what M365 already collects. Staff training mandatory before Copilot enable. PIA artefact EV-2026-0136 referenced.
AIRC 2026-05-07 approved with two conditions: (1) mandatory training before per-user enable; (2) quarterly review of Microsoft compliance position re: Copilot data handling. Both conditions met for v3.2.