The second wave of AI governance: The risks of ubiquitous transcription tools

A manager begins a video call with an underperforming employee to deliver difficult feedback. Thirty seconds in, a notification pops up: "Otter.ai has joined the meeting." The employee didn't ask for permission. Every word of that conversation is now being transcribed, processed and stored. Or, posing an even greater risk to the company and the manager, the employee is secretly recording the conversation on their cell phone via an AI transcription tool. 

If this scenario sounds familiar, you're not alone. And if it doesn't, it's probably only a matter of time.

We've entered the second wave of AI governance

Most organizations have completed the first phase of AI governance: setting up cross functional AI governance committees, drafting AI governance policies around the use of new AI tools and establishing guardrails around what information employees can put into AI tools. Ideally, employees already know by now that they can't paste an Excel sheet that includes a company-wide list of employees’ social security numbers or information around a medical accommodation into free AI tools.

We've probably congratulated ourselves on this work only to realize that it was the easy part.

The harder challenge is now emerging. We are now faced with managing how employees are actually using these AI tools during their workday, especially as these tools capture any information input by employees. And nowhere is this more pressing than with transcription and recording tools that have become fixtures of every meeting.

The privacy problem

Tools like Otter, Fireflies, Microsoft Copilot and Zoom's transcription service have become ubiquitous. They're genuinely useful, helping teams capture action items, creating searchable records and freeing participants to focus on conversation rather than note-taking.

They're also creating privacy land mines that many organizations haven't addressed.