Client Data Is Not a Test Prompt

Legal professionals are using public AI tools with client information in them. Some are doing it deliberately, after considering the risk. Many are doing it without thinking about it at all.

The practical reality is that when someone pastes a document into a public AI interface to get a summary or a quick answer, and that document has a client's name, case number, financial information, or immigration history in it, that information has left the firm's control. What happens to it from there depends entirely on the terms of service of the tool they used.

Most people have not read those terms of service.

What Confidentiality Actually Requires

Attorney-client confidentiality is not a best practice. It is a professional obligation with consequences attached. That obligation does not have a carve-out for "I was just using it to draft something."

For non-attorney legal professionals and document preparers, the obligation is different but the practical exposure is similar. If you are handling client immigration files, estate documents, or contract matters, your clients have an expectation that you are protecting their information. Using a public tool with their data as input is a breach of that expectation regardless of intent.

The Specific Risk with Public AI Tools

The major AI tools have trained their models on data. They have usage policies about whether your conversations are used to further train the model. Those policies change. They vary depending on whether you have a paid account. They vary depending on what settings you have active.

Even if your specific input is not used for training, public AI tools are accessed through cloud infrastructure. The data passes through servers you do not control. Enterprise agreements and business associate agreements exist for this reason. If you do not have one with the tool you are using, assume you are using a consumer product with consumer-grade data handling.

What This Looks Like in Practice

Someone is drafting a declaration for a client's asylum case. They paste the client's personal account, including names, dates, locations, and specific events from the client's life, into a public AI interface and ask the tool to help organize it.

That is the scenario. The tool produces a useful outline. The work gets done faster. The client information is now in a system the firm does not control, with data handling practices the user has not reviewed.

What to Do Instead

The first option is to use redacted documents. Remove all identifying information before using a public tool. This takes time, but it is the only way to get the efficiency benefit without the exposure. A separate post covers the redacted document method in detail.

The second option is to use tools built for this context. Enterprise agreements, business associate agreements, tools designed specifically for the legal and compliance environment. These exist. They cost more than free, but the cost comparison has to include the risk.

The third option is to keep AI out of any workflow that touches client-specific information entirely. That is a legitimate choice. It narrows the use cases significantly, but it is an honest one.

The option that is not available is using public AI with client data without thinking about it. That decision has already been made for you, by the terms of service you agreed to when you signed up.