Claude vs Copilot: which AI is safe for client data?

AI tools like Claude and Microsoft 365 Copilot are genuinely useful, and your team is almost certainly using them already. The question we get from Brisbane businesses is usually “is Claude safe?” That is the wrong question. Both are reputable, secure platforms. The questions that actually matter for an Australian business are: where does your data go, who can see it, and are you still accountable for it under the Privacy Act?

Here is a plain-English guide to when each tool is the right call, which industries need to be most careful, and the one piece of privacy law worth understanding before staff start pasting client data into a chatbot.

The short answer

For everyday work that lives inside Microsoft 365 (emails, SharePoint, OneDrive, Teams, documents), Microsoft 365 Copilot is usually the cleaner governance choice. It works inside the Microsoft 365 service boundary, only shows each person content they already have permission to see, and Microsoft does not use your prompts, responses or the data it reads through Microsoft Graph to train its foundation AI models.

Claude is excellent too, just for a different job: drafting, brainstorming, coding, automation logic and analysis where no client, patient or employee data is involved. The risk is not Claude itself; it is staff feeding sensitive records into any external AI without the right agreements and controls in place.

Why Copilot is the cleaner default for Microsoft 365 work data

Microsoft’s own documentation is clear on a few points that matter for compliance:

• Your prompts, the responses, and the data Copilot reads through Microsoft Graph are not used to train the foundation AI models.
• That content stays within the Microsoft 365 service boundary, under the same privacy, security and compliance commitments as the rest of your tenant.
• Copilot only surfaces data the user already has permission to access, using your existing SharePoint and Teams permissions.
• Interactions are stored as encrypted “content of interactions” you can search, retain and govern through Microsoft Purview.

In other words, Copilot inherits the governance you already have in Microsoft 365. Nothing new leaves your tenant. That is a much simpler story to defend to a client, an insurer or an auditor.

One important catch worth knowing: Copilot can surface anything a user has access to, so if your SharePoint or OneDrive permissions are too loose, Copilot will happily expose over-shared files faster than anyone ever would by browsing. Tightening permissions first is part of the job, and a big reason we pair Copilot rollouts with a permissions review and our IT security work.

Where Claude genuinely shines

We are not anti-Claude. For the right tasks it is one of the best tools going:

• General drafting, summarising and rewriting (where you are not pasting in confidential records).
• Coding, scripts and automation logic.
• Brainstorming, research and analysis on non-sensitive material.

Used this way, with a commercial Team or Enterprise plan rather than a personal account, Claude is a capable and reputable platform. The line to hold is simple: it should not be touching client records, mailboxes or tenant data unless that use has been formally reviewed and approved.

The Privacy Act angle every business should understand

This is the part most businesses miss. Under the Australian Privacy Principles, APP 8 says that before you disclose personal information to an overseas recipient, you must take reasonable steps to ensure that recipient does not breach the Privacy Principles. And under section 16C, you can remain accountable for how that overseas recipient handles the information, even after it has left your hands.

So if a staff member pastes patient notes, HR files, financial records or a client’s personal details into an external AI hosted overseas, you may have made an overseas disclosure of personal information, and you are still on the hook for it.

That reframes the whole decision. The real questions become:

1. Is personal information being disclosed overseas? If staff paste client documents or emails into an external AI, quite possibly yes.
2. Do you know where the prompts, files and logs are stored and processed? Do not assume Australian data residency unless your plan or deployment specifically confirms it.
3. Do you have a data processing agreement, retention settings, a subprocessor list and a deletion process? Commercial AI plans have far better terms than consumer ones, but you still need to document the data flow.
4. Is the AI connected into Microsoft 365 with broad permissions? Granting an external app wide OAuth access to your tenant means less visibility over what it can reach, and it is hard to claw back once granted.

For background on who this applies to: the Privacy Act covers Australian Government agencies, businesses with annual turnover over $3 million, and some others regardless of size. Critically, health service providers are covered no matter their turnover, so a small GP clinic, pharmacy or allied health practice is in scope even under the $3 million threshold.

Industries that need to be most careful

If you handle sensitive personal information, the bar is higher. These are the client types we treat as high-risk:

• Healthcare, medical, allied health, NDIS and aged care. Health information is among the most sensitive categories, and providers are covered by the Privacy Act regardless of size. Avoid personal AI accounts entirely. See our approach to healthcare IT.
• Legal firms. Client confidentiality, privilege and matter strategy are high-risk even where the content is not “sensitive information” by definition. Copilot is the safer choice for matter files already in Microsoft 365, because access follows tenant permissions. More on IT for law firms.
• Financial services, credit, broking and insurance. Personal financial data, credit information and AML/KYC documents carry real regulatory exposure. See accounting and finance IT.
• Government, defence-adjacent and Commonwealth contractors. Data sovereignty, procurement conditions and auditability usually decide the matter. Default to Microsoft 365 Copilot or approved, Microsoft-hosted models.
• Education, childcare, community and disability services. Children’s and vulnerable-person data, case notes and family details raise the stakes. Treat as sensitive and ban personal AI accounts for client records.
• HR-heavy businesses. Employee records, payroll, medical certificates and disciplinary matters are privacy and employment-law sensitive. Fix file permissions first, because Copilot can surface over-shared HR folders.

A simple, practical AI policy

You do not need a 30-page document. We help clients land on a clear, two-list policy:

Approved

• Microsoft 365 Copilot with a work account, for business content already in Microsoft 365.
• Copilot agents connected only to approved SharePoint sites and business systems.
• Claude Team or Enterprise for general drafting, coding, automation and analysis with no client, patient or employee data.
• Azure-hosted, approved models for custom workflows that need tighter control.

Restricted (approval required)

• Uploading client files, medical records, HR documents, financial records, legal matter files or mailbox exports into Claude.
• Connecting Claude directly to Outlook, OneDrive, SharePoint, Teams or calendars.
• Using personal Claude or ChatGPT accounts for work data.
• Letting staff self-authorise AI apps in your Microsoft 365 (Entra ID) tenant.

This is the kind of governance we set up as part of AI and automation and compliance and data protection work. It pairs naturally with an SMB1001 cyber certification and the Essential Eight, which both expect documented controls over where data goes.

What about data residency? (the 2026 position)

This area is moving fast, so here is where it stands as of 2026:

• Microsoft 365 Copilot makes data-residency commitments under the Microsoft Product Terms, and Australia is an eligible region (via Advanced Data Residency and Multi-Geo). Note that AI processing for customers outside the EU can still occur in the US, EU or other regions, so residency of stored content and processing location are two different things.
• Claude now offers regional data residency including Australia (hosted in AWS Sydney) for its API and platform when explicitly configured, and Anthropic has opened a Sydney office. The key point: this is not automatic for a standard Claude Team account, so do not assume Australian residency unless your contract or deployment confirms it.
• Anthropic’s Claude models running inside Microsoft 365 Copilot are a separate case. Microsoft now offers them, but notes they are out of scope for the EU Data Boundary and in-country processing commitments. If you have strict residency rules, your Copilot admin settings matter.

The bottom line

For coding, automation, generic drafting and non-sensitive work, Claude Team is often excellent. For anything touching client records, mailboxes, SharePoint, Teams, OneDrive, HR, finance, legal or health data, Microsoft 365 Copilot is the safer default, because it works inside the Microsoft 365 controls you already have and honours your existing permissions, retention and audit.

We do not ban Claude. We treat it as an approved external tool once the plan, agreements, residency, retention and access have been reviewed, and we keep confidential client data inside the Microsoft 365 boundary where it belongs.

If you would like help setting an AI policy your team will actually follow, and making sure your Microsoft 365 permissions are tight before you switch Copilot on, get in touch for a no-obligation review.

This article is general information, not legal advice. For your specific obligations under the Privacy Act, check with a qualified privacy professional.

Adam Dodds

Adam leads the Itopia team in Brisbane, helping professional-services firms get secure, productive and confident with their technology, in plain English.