Three students working together with Laptop and Books in Eldon seating area

AI meeting assistants: responsible use guidance 

The University is in the process of developing broader Artificial Intelligence (AI) policy to provide staff clarity and support as we navigate these exciting developments in technology together. In anticipation of this, we want to provide guidance specifically around the use of AI meeting assistants. This is to ensure we use them thoughtfully to protect data security and uphold trust within our community. This guidance offers best practice to help staff use AI meeting assistants effectively and responsibly in line with emerging expectations  

What is an AI Meeting Assistant? 

An AI meeting assistant is a service that may record or transcribe elements of a meeting, and sends them to an AI service to process. These services are often added into the meeting as a participant. They can be in the form of a ‘bot’ that actually attends the meeting, or as features built into the meeting software, such as Microsoft 365 Copilot. They can do a fantastic job of summarising key points and actions.   

Key considerations when using an AI meeting assistant

  • Don’t invite an AI meeting assistant to a meeting if you aren’t the organiser
  • If you are the organiser, only use a tool if the University has a contract with the supplier or the tool has been through the LIS approval process (see below)
  • At the start of the meeting, inform participants about the use of AI and give them the chance to object. If anyone objects at any point during the meeting, turn off the tool immediately
  • Avoid the use of AI transcription in meetings that discuss sensitive information
  • Use approved, risk-assessed tools (see below)
  • Follow the further guidance provided below

Further Guidance  

Accuracy & Liability: AI transcriptions may contain errors. Always verify AI-generated content for accuracy, as it may misinterpret discussions, leading to miscommunication. 

Privacy & Data Security: Always ensure AI tools are used in line with the University’s data security practices and store AI-generated records securely, accessible only by authorised personnel.  

Data Retention & Deletion: Follow good data retention practice by deleting AI-generated records when no longer needed and avoid storing unnecessary records, particularly where they may include personal or confidential data. 

Summary 

By following this guidance, staff can ensure the responsible use of AI meeting assistants, protecting data privacy and aligning with emerging policies.  

Please note it is safe to use built-in transcription tools for primary UoP meeting platforms such as Microsoft Teams and Google Meet where the same key considerations will apply. Staff are encouraged to use these before considering any third-party tool. 

The following tools have undergone an LIS security review following which, relevant considerations for their use have been documented. Any tools not approved for use will be clearly noted below. For further guidance, please contact the IS Service Desk. 

  • Otter AI 
  • Read AI 

Otter AI

Summary

The UOP Cyber Security Team has reviewed the information made available by Otter AI and is satisfied with the responses to our questions.

Otter AI does collect personal information; however, it is never sold to third parties and is securely stored on AWS. Their Service Organization Control (SOC) 2 Type 2 certification verifies compliance with industry regulations and confirms that the necessary controls are in place to safeguard our data effectively. Although after reaching out to Otter AI for a copy of the report no response has been received.

Otter AI does adhere to UK GDPR requirements, ensuring strong data protection standards.

The assessment has provided valuable insight into the risk posture of both Otter AI and AWS, confirming that the overall risk level is low. Therefore, there are no objections from a cybersecurity perspective. However, the following recommendation must be effectively communicated to users of the service.

Recommendations

  •  Avoid using Otter AI to record sensitive meetings.
  • Otter AI is suitable for non-sensitive meetings.

Users should be aware that any data collected is stored in the US, and we have no control over its use.

It is essential to inform our users of how to stop recording during a meeting and how to prevent it automatically doing so, ensuring they know when and how to do so to prevent sensitive information from leaving the UoP network. Below is a link of how to stop Otter joining meetings automatically:  https://help.otter.ai/hc/en-us/articles/12906714508823-Stop-OtterPilot-from-automatically-joining-your-meetings

To stop recording of current live meeting: Remove OtterPilot from a live meeting by navigating to "My Conversations" in the Otter app, selecting the conversation, and clicking "Stop Recording".

Read AI

Summary

The UOP Cyber Security Team has reviewed the information made available by Read AI and is satisfied with the responses to our questions.

Read AI does collect personal information; however, it is never sold to third parties and is securely stored on AWS. Their Service Organization Control (SOC) 2 Type 2 certification verifies compliance with industry regulations and confirms that the necessary controls are in place to safeguard our data effectively. Although after reaching out to Read AI for a copy of the report no response has been received.

Read AI does adhere to UK GDPR requirements, ensuring strong data protection standards.

The assessment has provided valuable insight into the risk posture of both Read AI and AWS, confirming that the overall risk level is low. Therefore, there are no objections from a cybersecurity perspective. However, the following recommendation must be effectively communicated to users of the service.

Recommendations

  • Avoid using Read AI to record sensitive meetings.
  • Read AI is suitable for non-sensitive meetings.

Users should be aware that any data collected is stored in the US, and we have no control over its use.

It is essential to inform our users how to disable recordings, ensuring they know when and how to do so to prevent sensitive information from leaving the UoP network. Below is a link of how to disable recordings for individual meetings: https://support.read.ai/hc/en-us/articles/23222131547795-How-do-I-remove-or-stop-Read-from-joining-meeting