The Second Wave of AI Governance: Navigating Transcription Tool Privacy Risks

We are already living in the second wave of AI governance — and this time the battleground is the meeting room, where ubiquitous transcription tools turn casual conversation into permanent, searchable records with a single click. As Noga Rosenthal warned in a recent IAPP piece, the convenience of tools such as Otter.ai, Fireflies, Microsoft’s transcription features and vendor bots masks deep privacy, legal and governance risks that many organizations are only beginning to confront. iapp.org/news/a/the-second-wave-of-ai-governance-the-risks-of-ubiquitous-transcription-tools/)

Background: from “don’t paste PII into ChatGPT” to “what’s being recorded right now?”​

The first wave of enterprise AI governance focused on controlling what employees feed into generative models: policies, committees, training and restrictions aimed at preventing accidental exposure of proprietary data and personally identifiable information. That work mattered and it reduced obvious data exfiltration risk. But it was the low-hanging fruit. The second wave — which Rosenthal frames as an urgent, operational problem — asks a different question: what are AI tools capturing of ourations while we work, and where does that captured data live afterward?
Two technical trends made this second wave inevitable. First, speech-to-text and meeting summarization moved from niche SaaS into default features of mainstream collaboration platforms. Second, a new generation of lightweight integrations and browser/phone apps let users automatically transcribe any meeting — sometimes as a visible bot participant, sometimes invisibly on-device. The net effect: meetings that were previously ephemeral are now routinely converted into persistent, indexable artifacts. This shift has immediate legal, privacy and cultural consequences that deserve deliberate governance rather than ad-hoc reaction.

Why transcription tools matter: the practical trade-offs​

AI transcription tools deliver tangible benefits for knowledge workers and organizations:

• They capture actionable items and decisions, making follow-up reliable.
• They create searchable repositories for onboarding and audits.
• They free attendees from note-taking so they can engage more deeply.

Those benefits explain why adoption has been explosive, but convenience comes with costs. When every meeting can be transcribed by any participant or by automated bots, organizations face layered risks: statutory wiretapping exposure, accidental or unauthorized retention of sensitive information, erosion of trust in manager-employee interactions, and new e-discovery liabilities.

The legal perimeter: consent laws and the messy geography of recordings​

A central legal risk is the patchwork of U.S. recording laws. Some states require all-party consent before recording (commonly called two‑party or all‑party consent), while others allow a single participant to consent. The result is that a cross-state meeting may implicate multiple legal regimes simultaneously.

• California’s Penal Code §632 criminalizes the intentional recording of a “confidential communication” without the consent of all parties and carries both criminal and civil penalties, including fines and possible jail time.
• Illinois’ eavesdropping statute (720 ILCS 5/14‑2) similarly makes surreptitious recordings unlawful unless all parties consent, with criminal penalties and civil remedies.

These laws are not academic: violations can lead to criminal prosecution, treble damages or statutory penalties, and they may be invoked in employment disputes or civil litigation where surreptitious recordings alter the balance of evidence. Given the geographic dispersion of modern teams, the conservative — and practical — posture many counsel recommend is to treat meetings as if all-party consent is required and to require explicit, contemporaneous consent before any recording or transcription begins. This is the risk posture Rosenthal advises organizations to adopt.

The technology reality: bots that announce themselves, and recorders that don’t​

Not all transcription is invisible. Many services — for example, Otter.ai’s Notetaker bot — appear in meeting participant lists and produce an on-screen notification that transcription is active. But those indicators are sometimes brief, easy to miss, or configured to auto-join meetings, leading to surprising and unwelcome recordings for hosts and attendees. User reports and vendor support threads document cases where Otter joins calendar-linked meetings automatically and where hosts struggled to disconnect it.
At the same time, vendors and startups have built “bot-free” and on‑device capture tools that intentionally avoid visible presence, enabling local audio capture and transcription without a participant entry. These tools solve the “notification” problem but raise a different class of governance concerns because recordings are created without any in-meeting clue they exist. Vendors market this as a privacy or reliability feature for users who need transcripts when bots are blocked, but it effectively eliminates the possibility of informed consent by other participants.

Data governance and privacy gaps: what’s captured, where it lives, who can see it​

Transcription tools tend to violate two classic privacy principles: data minimization and purpose limitation. Rather than capturing only the action items or summaries a meeting requires, they ingest entire conversations — including sensitive topics such as medical accommodations, compensation, performance reviews and privileged legal conversations.
Key technical and governance questions that are often unanswered include:

• Where are transcripts and audio files stored? Are they hosted in the U.S., the EU, or both? Who controls the encryption keys?
• Who can access transcripts within the vendor and within the customer organization? Are transcripts available to admins, auditors, or vendor contractors who perform transcription review?
• Do vendor terms allow using customer transcripts to train AI models, and if so, is that opt-in or opt-out?
• How long are recordings retained, and are they subject to indefinite retention in personal user accounts?

Independent reviews and enterprise assessments show vendors vary dramatically. Some vendors store data in U.S.-based cloud providers and make it clear that enterprise contracts can restrict model training and provide data residency and retention controls, but default settings and free tiers often lack those protections. Security documentation and privacy reviews have highlighted that transcripts may be used for training unless an explicit enterprise agreement forbids it, and deletion practices can be opaque.

The human costs: conversations chilled, trust eroded, outcomes compromised​

Beyond statutes and storage, recordings change behavior. Candid manager–employee conversations — especially difficult feedback and performance improvement plans — rely on psychological safety, privacy and the ability to speak plainly about sensitive matters. The mere presence of a recording can curtail frank discussion, prompt performative interactions, and create a later evidentiary trail that surfaces in litigation or regulatory inquiries.
Equally concerning: employees may record meetings defensively (or opportunistically). Whether recorded by a manager, peer, or the employee themselves, these transcripts can be produced later in discovery and expose organizations to claims, reputational risk or the need for additional litigation counsel. Rosenthal’s practical recommendation — to define, prohibit, and communicate — is an attempt to preserve the trust that underpins effective workplace communications.

---

A practical governance playbook for the second wave​

Organizations that have already tackled the first wave of governance (policies about inputs, model access, and vendor approval) should treat transcription governance as a second-phase program. Below is a practical, prioritized playbook that synthesizes legal constraints, vendor realities and privacy best practice.

1. Update your AI and recording policy — make recording rules explicit​

• Mandate explicit consent. Require verbal or written consent at the start of every meeting before any recording or transcription begins. Treat all internal cross‑state calls as though all‑party consent is necessary.
• Define prohibited contexts. Create a clear “Do Not Record” list: performance reviews, HR investigations, medical accommodation discussions, attorney–client communications, disciplinary proceedings and candidate interviews.
• Clarify personal device usage. Ban or tightly restrict unauthorized on‑device or extension-based transcription in sensitive meetings.

This aligns with the practical legal posture advised by counsel in high‑risk jurisdictions and matches university/legal guidance that recommends contemporaneous consent and classification of meeting data.

2. Inventory and classify meeting data​

• Map which teams and meeting types generate sensitive content.
• Classify transcripts the same as other business records (e.g., PII, PHI, legally privileged).
• Apply data-retention rules from your enterprise governance framework: shorter retention for sensitive conversations, automatic deletion where possible.

3. Vendor review and contract controls​

• Require enterprise‑grade contracts (DPAs, SCCs, SOC 2 reports) that explicitly forbid vendor use of transcripts for model training unless agreed and documented.
• Demand data residency and encryption-in-transit and at-rest guarantees; insist on granular admin controls and audit logging for transcript access.
• Verify deletion/remediation procedures and ensure you can produce or destroy transcripts on demand.

Independent audits and vendor reviews show default consumer tiers often lack these enterprise protections — so make the contractual step non-negotiable for business-sensitive use.

4. Technical controls and platform settings​

• Disable automatic bot auto-join features at the tenant level where platform admin controls exist.
• Configure platform notices and require hosts to enable “notify participants when recording starts” features.
• Use DLP and content classification tools to detect and quarantine transcripts containing PII or other sensitive keywords.

Vendor admin settings in major conferencing platforms and third-party apps allow many of these controls — but they must be configured centrally and monitored.

5. Training, culture and escalation pathways​

• Train managers on when to insist on in-person or offline conversations instead of remote meetings where recordings might be made.
• Teach employees how to check for bots and how to remove unauthorized integrations from their calendars and meeting platforms.
• Create a notice-and-redress channel if someone believes a meeting was surreptitiously recorded.

Behavioral change is essential: policies without training are paper defenses. Rosenthal highlights the need for a feedback loop — policies must adapt as tools and employee behavior evolve.

6. Legal incident response and e-discovery readiness​

• Treat unexpected transcripts as potential incident artifacts. Log, isolate, and assess whether a statutory violation occurred.
• Coordinate with legal to preserve or defensibly delete transcripts in line with retention and litigation hold policies.
• Run tabletop exercises that include scenarios where an employee’s personal device or extension created a surreptitious record.

Technical mitigations and product choices: trade-offs to weigh​

Choosing between cloud-based transcription and on-device recording is a trade-off of visibility, control and risk.

• Cloud bot visible in participant list: Pros — transparency, easier to enforce consent; Cons — data stored on vendor systems, potential model-training usage unless contractually restricted.
• On-device or bot-free capture: Pros — data stays local at recording time, no disruptive bot notifications; Cons — often surreptitious, eliminates opportunity for other participants to consent, increases risk of undiscoverable retention in personal accounts.

Enterprises should prefer solutions that provide tenant-level controls, domain capture for employee accounts (so org admins can manage where transcripts live), and contractual assurances on training and retention. Free consumer tiers and browser extensions are the highest-risk vectors because they typically lack enterprise controls and often default to model-training-friendly terms.

Where governance tends to fail (and how to avoid it)​

• Assuming vendor defaults are safe. Default settings often prioritize product convenience and growth — not enterprise privacy. Always verify, negotiate and document.
• Leaving decisions to individual employees. Geographic legal complexity and cross-jurisdiction calls make individual decision-making unrealistic. Centralize controls and default to the strictest common denominator.
• Equating notification with informed consent. A fleeting “Otter.ai has joined the meeting” message is not a substitute for explicit, contemporaneous consent addressing who can access, how long transcripts are retained, and whether the transcript may be used for model training.
• Forgetting personal accounts. Employees often keep transcripts in personal vendor accounts, creating discoverable records and breach risk. Policies must require corporate accounts and define sanctions or remediations for personal-data persistence.

A short checklist for compliance-minded IT teams (quick operational steps)​

• Publish an immediate “Do Not Record” meeting list and require hosts to read a one-line consent script at meeting start.
• Disable auto-join bot features at the tenant level; revoke calendar integrations for unknown third-party apps.
• Contractually require vendors to:
• Prohibit training models on customer data unless explicitly permitted in writing.
• Provide tenant-only admin controls for data access and retention.
• Offer auditable deletion and data export on demand.
• Implement DLP scanning of transcripts and limit retention to a defensible period (e.g., 30–90 days for non-sensitive meetings; shorter for sensitive content).
• Run quarterly awareness sessions for people managers covering the risks of recorded coaching and HR conversations.

What boards and CISOs should ask vendors right now​

• Do you use customer audio/transcripts to train your models? Under what conditions and for which subscription tiers?
• Where is data stored (country/region) and who holds the encryption keys?
• What admin controls exist for tenant-wide blocking of bots, audit logging and retention policies?
• How are human reviewers used in transcription quality assurance, and what contractual safeguards govern their access?
• What is your documented process for customer-initiated deletion, and are deletions propagated to backups?

If answers are ambiguous, treat the vendor offering as high risk for sensitive use.

Final analysis: governance can preserve both utility and trust — but only with discipline​

The second wave of AI governance elevates a deceptively simple point: the mechanics of capture matter as much as the mechanics of input. Transcription tools are already embedded in the modern workplace because they deliver real productivity gains. But those gains are accompanied by legal exposure, privacy risk, and cultural harm if left unmanaged.
There are concrete, feasible actions organizations can take today: update policies, restrict and centralize controls, demand enterprise contractual protections, and retrain people managers on recording etiquette. These are not technological miracles; they are governance decisions that require alignment between legal, HR, IT, and line managers.
The alternative is slow-moving erosion: a workplace where every candid conversation risks being preserved in perpetuity, where managers avoid necessary feedback for fear of litigation, and where employees record defensively because they feel they must. The second wave is an opportunity to tune governance so it protects both the enterprise’s legal posture and the human relationships that make work possible. Organizations that act now will preserve the usefulness of transcription tools while preventing preventable exposure and trust breakdowns.
Conclusion
Transcription and recording technologies are not merely productivity features — they are new data collectors that reconfigure legal, privacy and cultural terrain. The right response blends clear policies, contract discipline, centralized technical controls and an organizational commitment to preserve the confidentiality of sensitive conversations. The second wave of AI governance is not a distant policy exercise; it is a live, operational challenge that organizations must meet today if they want to keep the benefits of AI notetakers without paying the avoidable costs.

---

Source: IAPP The second wave of AI governance: The risks of ubiquitous transcription tools | IAPP