Your team started using Claude Cowork last month. It moves files, drafts client emails, tidies spreadsheets and runs small automations from a folder on someone's laptop. Useful work. But your IT policy still describes a world of shared drives and email attachments, and says nothing about a desktop agent that reads and writes real business files. That gap is worth closing before it becomes an incident.
Why a desktop agent needs its own policy line
Most acceptable-use policies were written for passive tools that answer questions and nothing more. Claude Cowork is different because it acts. It opens the folders you point it at, edits documents, calls connected apps and can run code in a sandbox. For an Australian small business handling client data, that changes the risk picture in three concrete ways.
Data reach. Cowork sees whatever folder you connect. If that folder holds client tax files or health records, the agent has read access to information covered by the Privacy Act 1988.
Action, not just answers. The agent creates and changes files. A poorly worded instruction can overwrite a real document, not just return a weak paragraph.
A new surface for mistakes. Connectors to Gmail, Notion, Xero or a CRM mean an agent action can send, post or update something a client will see.
None of this is a reason to avoid the tool. It is a reason to write down who can use it, on what data, and with which guardrails. A short addendum to your existing policy does the job. You do not need a $30,000 legal review or a forty-page framework.
What the addendum should cover
Keep it to a single page. Six sections are enough for most firms in Sydney, Melbourne or Brisbane.
Scope. Which staff and roles may run Cowork, and on which devices.
Approved data. What folders and file types are allowed, and what is off-limits, such as client identity documents, medical records or full card numbers.
Connectors. Which connected apps are approved, and who signs off a new one.
Human approval. Which agent actions always need a person to review before they take effect: sending email, publishing content, writing to a CRM or accounting system.
Records. Where agent activity is logged and how long you keep it.
Incidents. What to do if the agent touches data it should not have, including your Notifiable Data Breaches obligations.
That last line matters. Under the Notifiable Data Breaches scheme, an eligible breach of personal information must be reported to the OAIC and to the people affected. Serious or repeated breaches of the Privacy Act can attract penalties of up to $50 million for a company. A short reminder in your policy about who to call keeps a small slip from becoming a reportable event that is handled badly.
The one-page addendum template
Copy the block below into your existing IT or acceptable-use policy. Replace the square brackets with your own details.
Claude Cowork Acceptable Use Addendum
Approved users: [roles or named staff]. Cowork runs only on [company-managed devices].
Approved data: staff may connect [these folders]. The following are never connected: [client ID documents, health records, full payment card data].
Connectors: approved apps are [Gmail, Google Drive, Notion]. New connectors require sign-off from [owner or IT lead].
Human in the loop: the agent may draft but never send, publish or post without a named person approving. Writes to [Xero or the CRM] require the same.
Logging: keep the session outputs folder and a short activity note for [12 months].
If something goes wrong: stop the session, do not delete evidence, and notify [name or role] within [2 hours]. They assess whether it meets the Notifiable Data Breaches threshold.
This is deliberately plain. A policy staff cannot read is a policy staff will not follow. If you want the wording tuned to your industry code, an accountant's APES 110 duties or an APRA-regulated context, that is a short conversation rather than a project.
Rolling it out without slowing anyone down
A policy sitting in a folder changes nothing. Three steps make it real.
Brief the team in fifteen minutes: show one good use and one thing never to do.
Set the default folder. Point Cowork at a working folder that holds no sensitive client files, so the safe path is also the easy path.
Review after a month. Look at what people actually used it for and adjust the approved list.
For a five-person firm, the whole exercise costs an afternoon. Set that against the cost of a single mishandled client dataset, where remediation, notification and lost trust can run well past $50,000 before you count the client who walks.
Claude Cowork earns its place quickly once the boundaries are clear. The addendum is not there to slow adoption. It is there so you can say yes to the tool with a straight face when a client asks how you protect their information. If you want help adapting this template to your firm and its regulatory setting, you can book a short call.



