Originally by: Chris Gaetano

2025-05-16T17:06:38.000Z

Despite security enhancements from Microsoft, CPA firms are likely to disable the controversial Recall feature in Windows 11, which uses AI to create a precise record of user activity.

—————————————————————————————-
WISP Weekly Analysis. How is this story relevant to Cybersecurity and your Practice?

**Summary**:
Windows 11’s new AI-driven Recall feature logs granular user activity, prompting many CPA firms to disable it despite Microsoft’s on-device encryption and classification controls. Firms worry these detailed logs could expose sensitive client data if accessed by unauthorized parties. The greater risk lies in third-party applications and services that may capture or forward Recall data outside firm controls. Updating WISPs to address log management, enforcing strict Zero Trust policies, and enhancing vendor risk assessments and incident-response plans are critical.

**Relevance Score**: 4
This article highlights WISP requirements around logging, data retention, and third-party risk—core concerns under the FTC Safeguards Rule and SOC 2.

**Category Tags**:
#WISPCompliance #ClientDataProtection #VendorRisk #IncidentReporting #ZeroTrust

Full Story