Fresh Zealand’s Department of Corrections has taken action against staff members for improper use of Microsoft’s Copilot artificial intelligence tool, confirming a breach of its AI policy introduced in November 2025. The department confirmed the incidents after becoming aware of staff utilizing the tool in ways that did not align with established guidelines regarding sensitive information.
The AI policy, developed in line with guidance from the Government’s chief digital officer, explicitly prohibits the input of personal information – including identifying details, health or medical records, and information pertaining to individuals under Corrections’ supervision – into Copilot Chat. Corrections staff have access only to the free Microsoft Copilot Chat feature as part of their existing Microsoft 365 licenses, a standalone function not integrated with the department’s core data systems.
“We have recently become aware of a small number of incidents where staff have used Copilot to assist with their work in a way that does not comply with our AI policy and guidance,” said a Corrections spokesperson. “We’ve taken action as soon as we’ve become aware of these instances and made it extremely clear that any use of Copilot outside of its approved use is unacceptable.”
A privacy risk assessment was conducted following the discovery of the inappropriate use. The department emphasized that Copilot is intended solely as an assistive tool for creating and refining content that does not contain sensitive data. Staff are subject to auditing, with all prompts searchable and exportable, according to Corrections.
The issue is particularly sensitive within Community Corrections, where staff frequently draft reports. Department leaders are actively reinforcing proper AI usage with staff, with regular reminders of the AI policy and related guidance. Corrections has appointed an AI assurance officer, the director of cybersecurity, responsible for overseeing the safe and secure adoption of AI and reporting to the Government chief digital officer.
Corrections similarly participates in an All of Government Community of Practice on AI, managed by the Government chief digital officer, and has established an internal AI working group to govern AI practices and provide consistent advice on its safe use. Misuse of technology is treated “extremely seriously” by the department, with a commitment to protecting the privacy of individuals and maintaining the integrity of official documentation.
As of Friday, February 13, 2026, Corrections had not notified the Office of the Privacy Commissioner (OPC) regarding the incidents. Although, the department’s privacy team is collaborating with relevant work groups to provide further guidance on Copilot use, particularly within Community Corrections. Corrections maintains that any information entered into Copilot by its staff remains within the department’s control.
The Office of the Privacy Commissioner affirmed that the Privacy Act applies to the use of personal information through AI tools, and agencies are responsible for ensuring compliance. In a statement, the OPC noted that if Corrections’ policy is being adhered to, privacy concerns would be limited to instances of policy breaches by staff. “Where Copilot is used in a way that breaches Corrections policy, OPC would expect Corrections to take appropriate action to remedy this,” the statement read.
The department stated that approximately 30% of its staff have engaged with Copilot since its introduction. Corrections is “actively working” to ensure ongoing AI use is “safe, secure and appropriate.”
