Tech Law Talks Reed Smith

Anthony Diana and Therese Craparo are joined by John Collins from Lighthouse to provide an overview of some of the challenges and strategies around data retention and eDiscovery with Microsoft’s AI tool, Copilot. This episode explores Copilot’s functionality within M365 applications and the complexities of preserving, collecting and producing Copilot data for legal purposes. The panelists cover practical tips on managing Copilot data, including considerations for a defensible legal hold process and the potential relevance of Copilot interactions in litigation.
----more----
Transcript:
Intro: Hello, and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting-edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day. 
Anthony: Hello, this is Anthony Diana, a partner in the Emerging Technologies Group at Reed Smith, and welcome to the latest Tech Law Talks podcast. As part of our ongoing podcast series with Lighthouse on Microsoft M365 Copilot and what legal departments should know about this generative AI tool in M365. Today, we'll be focused on data retention and e-discovery issues and risks with Copilot. I am joined today with Therese Craprro at Reed Smith and John Collins of Lighthouse. Welcome, guys. So, John, before we start, let's get some background on Copilot. We've done a few podcasts already introducing everyone to Copilot. So if you could just give a background on what is Copilot generally in M365. 
John: Sure. So the Copilot we're talking about today is Copilot for Microsoft 365. It's the experience that's built into tools like Word, Excel. PowerPoint, Teams, Teams meetings. And basically what it is, is Microsoft's running a proprietary version of ChatGPT and they provide that to each one of their subscribers that gets Copilot. And then as the business people are using these different tools, they can use Copilot to help generate new content, summarize meetings, create PowerPoints. And it's generating a lot of information as we're going to be talking about. 
Anthony: And I think one of the interesting things that we've emphasized in the other podcasts is that each M365 application is slightly different. So, you know, Copilot for Word is different from Copilot for Exchange, and they act differently, and you really have to understand the differences, which we talked about generally. So, okay, so let's just talk generally about the issue, which is retention and storage. So, John, why don't you give us a primer on where is the data generally stored when you're doing a prompt and response and getting information from Copilot? 
John: So the kind of good news here is that the prompts and responses, so when you're asking Copilot to do something or if you're chatting with Copilot in one of the areas that you can chat with it, it's putting the back and forth into a hidden folder in the user's mailbox. So the user doesn't see it in their outlook. The prompts and responses are there, and that's where Microsoft is storing them. So there's also files that get referenced that are stored in OneDrive and SharePoint, which we may talk about further. But in terms of the back and forth, those are stored in the Exchange mailbox. 
Anthony: That's helpful. So, Therese, I know we've been working with some clients on trying to figure this out and doing testing and validation, and we've come across some exceptions. You want to talk about that process, I'll say. 
Therese: I think that's one of the most important things when we're talking about really any aspect of Copilot or frankly, new technology, right? It's constantly developing and changing. And so you need to be testing and validating and make sure you're understanding how it's working. So as you said, Anthony, you

Anthony Diana and Samantha Walsh are joined by Lighthouse’s Chris Baird as part of our series on what legal teams need to know about Microsoft 365 AI-driven productivity tool, Copilot.
This episode presents an overview of the risks relating to Copilot’s access to and use of privileged and sensitive data and how businesses can mitigate these risks, including using Microsoft 365's access control tools and user training. 
In particular, the episode provides in-depth information about Microsoft 365's sensitivity labels and how they can be used to refine a business’s approach to managing risk associated with privileged and sensitive data stored in Microsoft 365.
----more----
Transcript:
Intro: Hello, and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day. 
Anthony: Hello, this is Anthony Diana, a partner here in Reed Smith's Emerging Technologies group, and welcome to Tech Law Talks and our podcast series on AI for legal departments with a focus on managing legal and regulatory risks with Microsoft Copilot that Reed Smith is presenting with Lighthouse. With me today are Sam Walsh from Reed Smith's Emerging Technologies Group and Chris Baird from Lighthouse. Welcome, guys. Just to level set, Copilot is sort of the AI tool that Microsoft has launched relatively recently to improve productivity within the Microsoft environment. There are a number of risks that we went through in a previous podcast that you have to consider, particularly legal departments, when you're launching Copilot within your organization. And let me just start to level set with Chris, if you could give a little bit of a technical background on how Copilot works. 
Chris: Absolutely, Anthony. So thanks Thanks for having me. So I guess a couple of key points, because as we go through this conversation, things are going to come up around how Copilot is used. And you touched on it there. The key objective is to increase, improve data quality, increase productivity. So we want really good data in, want to maximize the data that we've got at our disposal and make the most of that data, make it available to Copilot. But we want to do so in a way that we're not oversharing data. We're not getting bad legacy data in, you know, stale data. And we're not getting data from departments that maybe we shouldn't have pulled it in, right? So that's one of the key things. We all know what Copilot does. In terms of its architecture, so think about it. You're in your Canvas, whatever your favorite Canvas is. It's Microsoft Word, it's Teams, it's PowerPoint. You're going to ask Copilot to give you some information to help you with a task, right? And the first piece of the architecture is you're going to make that request. Copilot's going to send a request into your Microsoft 365 tenant. Where is your data? It's going to use APIs. It's going to hit the Graph API. There's a whole semantic layer around that. And it's going to say, hey, I've got this guy, Chris. He wants to get access to this data. He's asking me this question. Have you got his data? And the first thing, really, there's this important term Microsoft use. They call it grounding. When you make your request into Copilot, whatever you request, you're going to get data back that's grounded to you. So you're not going to get data back from an open AI model, from Bing AI. You're only going to get data that's available to you. The issue with that is if you've got access to data you didn't know you had, you know, through poor governance. Maybe somebody shared a link with you two years ago. That data is going to be available to you as well. But what's going to happen, a few clever things happen fro

Anthony Diana and Karim Alhassan are joined by Lighthouse’s John Collins to discuss Microsoft's AI-driven productivity tool, Copilot.
This episode presents an overview of Copilot and its various use cases, the technical nuances and details differentiating it from other generative AI tools, the identified compliance gaps and challenges currently seen in production, and the various risks legal departments should be aware of and accounting for.
This episode also provides a high-level overview of best practices that legal and business teams should consider as they continue to explore, pilot and roll out Copilot, including enhanced access controls, testing and user-training, which our speakers will further expand upon in future episodes.
----more----
Transcript:
Intro: Hello and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day. 
Anthony: Hello, this is Anthony Diana, a partner here in the Emerging Technologies Group at Reed Smith. Welcome to Tech Law Talks. Today will be the first part of a series with Lighthouse focusing on what legal departments need to know about Copilot, Microsoft's new artificial intelligence tool. With me today are John Collins from Lighthouse and Karim Alhassan from Reed Smith. Thanks guys for joining. So today, we really just want to give legal departments sort of at a very high level what they need to know about Copilot. As we know Copilot was just introduced, I guess like last fall, maybe November of last year by Microsoft. It has been in preview and the like and then a lot of a lot of organizations are at least contemplating the use of Copilot or some of them, I've, I've heard have already launched Copilot without the legal departments knowing which is an issue in of itself. So today, we just want to give a high level view of what Copilot is, what it does at a really high level. And then what are the things that legal department should be thinking about in terms of risks that they have to manage when launching Copilot? This will be of a high level of additional series, which will be a little bit more practical in terms of what legal department should actually be doing. So today is just sort of highlighting what the risks are and what you should be thinking about. So with that John, I'll start with you. Can you just give a very high level preview of what, what is Copilot that's being launched? 
John: Sure, thanks Anthony for having me. So Copilot for M365 which is what we're talking about is Microsoft's flagship Generative AI product. And the best way to think about it is it's Microsoft which has a partnership with open AI is taken the ubiquitous ChatGPT and they've brought it into the Microsoft ecosystem. They've integrated it with all the different Microsoft applications that business people use like Word Excel, powerpoint and teams. And you can ask Copilot to draft a document for you to summarize a document for you. So again, the best way, think about it is that it's taking that generative AI technology that everyone is familiar with, with ChatGPT and bringing it into the Microsoft ecosystem and leveraging a number of other Microsoft technologies within the Microsoft environment to make this kind of a platform available to the business people. 
Anthony: Yeah. And I think, you know, I think from at least from what Microsoft is saying and I think a lot of our clients are saying that this is, this is groundbreaking, this is going to be and frankly, it's probably going to be the largest and most influential AI tool Enterprise has because Microsoft is ubiquitous, right? Like all your data is flowing through there. So using AI in this way, should provide tons of productivit

Partners Andy Splittgerber, and Christian Leuthner shed light on recent developments in the use of cloud services and EU data protection issues. This includes a summary of and comments on recent publications by the DSK (the German data protection authorities) as well as recent perspectives on data processors’ reuse of data. Andy and Christian conclude by giving some practical tips for both providers and customers.

2023 has been the year for the tokenization of real-world assets. The theme has been all-pervasive, with businesses across the world seeking to tokenize a whole spectrum of assets ranging from real estate to music, film, art, loans, invoices and credit. In this episode, Reed Smith’s Hagen Rooke (Singapore) and Soham Panchamiya (Dubai) are joined by Wayne Tan, general counsel at OpenEden, a platform that has become known for pioneering the tokenization of Treasury Bills. The conversation seeks to unpack the concept of tokenization and growing interest in this area, surveys some of the key activities in the real-world assets space, and contemplates the attendant legal and regulatory challenges.
This episode was recorded on 23 October 2023.

Anthony Diana joins Daniel Broderick, co-founder and CEO of BlackBoiler, to discuss how AI is already being used by legal departments to manage contracts, the requirements for making the use of AI for contract management, and how future developments in AI will impact contract management.