AI note-takers sound perfect: no more scrambling to write everything down, no more “sorry, can you repeat that?”, and everyone gets clean notes after the meeting or class. But when you invite an AI bot into a conversation, you are also inviting a third party to capture, store, and sometimes reuse that content in ways you may not expect.
Lately, we've seen a growing number of requests for using AI note-taking tools. If you've submitted one, you've probably noticed that our response often comes with a long list of questions.
We understand the appeal; most of us still rely on notebooks and handwritten notes, complete with the occasional "What on earth was I trying to write here?" moment. We also recognize that AI note-takers can make meetings more productive and accessible. The challenge is making sure we use them responsibly.
What do AI note-takers actually do?
AI summarization (or transcription) tools use speech recognition and natural language processing to convert real speech to text, create summaries, highlight key passages, translate languages, and compile action items discussed in virtual meetings, among other things. Some come already embedded in meeting platforms, such as Zoom AI Companion; others are third‑party services that join as “participants” through your calendar invites.
Not all AI transcription tools have the same risk profile. In an enterprise setup, these tools may run under UMD’s security and privacy controls, with negotiated protections, defined retention, and limited access. Third‑party services may require access to calendars, store data on external servers, and operate under separate privacy policies; in some cases, meeting data may also be used to improve future AI models.
These tools are built for effortless sharing: one click and a transcript or summary can circulate far beyond the original group. That is great for collaboration, and risky for privacy.
Why should we pay attention to these tools?
AI note-takers can improve productivity, but they also introduce several important risks:
- Privacy and confidentiality risks - AI assistants may capture sensitive business discussions, research data, personal information, and other confidential content; depending on the service, that information may be stored or processed outside the university’s control.
- Compliance and legal risks - Recording and transcribing meetings can trigger obligations under laws and regulations such as HIPAA, GDPR, FERPA, and state privacy laws; in some cases, participant consent may be required before recording.
- Security risks - Meeting recordings, transcripts, and summaries create additional copies of information that must be protected; weak security controls, unclear retention practices, or unauthorized access can increase the risk of exposure.
- Loss of visibility and control - AI tools are often easy to adopt without formal review, making it difficult for organizations to know where data is stored, who has access to it, and how it is being used.
- Oversharing and unintended disclosure - AI note-takers are designed to make information easy to share; summaries, recordings, and transcripts can be distributed more broadly than intended, potentially exposing sensitive information or participant details.
How can we use these tools without risking UMD’s whole reputation?
The good news is that these risks can be managed. Before using an AI meeting assistant, keep these five principles in mind:
- Use approved tools only. Choose AI assistants that have been reviewed by UMD and are covered by appropriate security, privacy, and contractual protections; if a tool is not approved, submit it for review before using it. Currently, the AI Companion within UMD's Zoom platform is approved for use.
- Be transparent and obtain consent. Inform participants when a meeting will be recorded or transcribed, explain how the tool will be used, and obtain consent before enabling it.
- Think about the sensitivity of the discussion. Avoid using AI assistants in meetings involving sensitive information, such as student records, patient information, personnel matters, privileged legal advice, or sensitive research.
- Review and control what is shared. AI-generated summaries can be inaccurate and may contain information not intended for broad distribution; review outputs carefully, share them only on a need‑to‑know basis, and clearly identify them as AI-generated.
- Delete information when it is no longer needed. Retain transcripts and summaries only for as long as necessary and dispose of them according to applicable records‑management requirements.
So the next time someone asks, “who is taking notes today?”, take a moment before you answer. If you decide to use an AI assistant, be sure the tool is approved, participants are informed and agree, the content is appropriate to record, and you have a plan for how the notes will be stored and shared.