How to Protect Legal Teams Using Generative AI

State Bar of California approves guidance on use of generative AI in the practice of law. Key points: 🔹 A lawyer must not input any confidential information of the client into any generative AI solution that lacks adequate confidentiality and security protections. A lawyer must anonymize client information and avoid entering details that can be used to identify the client. (Duty of confidentiality) 🔹 AI-generated outputs can be used as a starting point but must be carefully scrutinized. They should be critically analyzed for accuracy and bias, supplemented, and improved, if necessary. (Duty of competence and diligence) 🔹 A lawyer must comply with the law (e.g. IP, privacy, cybersecurity) and cannot counsel a client to engage, or assist a client in conduct that the lawyer knows is a violation of any law, rule, or ruling of a tribunal when using generative AI tools. (Duty to comply with the law) 🔹 Managerial and supervisory lawyers should establish clear policies regarding the permissible uses of generative AI and make reasonable efforts to ensure that the firm adopts measures that give reasonable assurance that the firm’s lawyers and non lawyers’ conduct complies with their professional obligations when using generative AI. This includes providing training on the ethical and practical aspects, and pitfalls, of any generative AI use. (Duty to Supervise) 🔹 The lawyer should consider disclosure to their client that they intend to use generative AI in the representation, including how the technology will be used, and the benefits and risks of such use. A lawyer should review any applicable client instructions or guidelines that may restrict or limit the use of generative AI (Duty to communicate) 🔹 A lawyer may use generative AI to more efficiently create work product and may charge for actual time spent (e.g., crafting or refining generative AI inputs and prompts, or reviewing and editing generative AI outputs). A lawyer must not charge hourly fees for the time saved by using generative AI. (Charging for work produced by AI) 🔹 A lawyer must review all generative AI outputs, including, but not limited to, analysis and citations to authority for accuracy before submission to the court, and correct any errors or misleading statements made to the court. (Duty of candor to tribunal) 🔹 Some generative AI is trained on biased information, and a lawyer should be aware of possible biases and the risks they may create when using generative AI (e.g., to screen potential clients or employees). (Prohibition on discrimination) 🔹 A lawyer should analyze the relevant laws and regulations of each jurisdiction in which a lawyer is licensed to ensure compliance with such rules. (Duties in other jurisdictions) #dataprivacy #dataprotection #AIprivacy #AIgovernance #privacyFOMO Image by vectorjuice on Freepik https://lnkd.in/dDUuFfes

Gen AI is changing how attorneys work...but also demanding some thoughtfulness around this question of HOW as well as WHY. Some thoughts on this, fleshed out a bit more in the primer shared below: 🎯 Begin With Focused Pilots Test AI tools on specific tasks before broader adoption. One public defender's office equipped 100 attorneys with AI research tools and tracked results. Legal research time dropped by over 50%, pre-trial motion success improved, and late night research sessions became rare. ⚖️ Maintain Human Judgment Every AI output needs attorney review, particularly citations and legal arguments. Professional responsibility standards remain unchanged regardless of which tools assist your work. The lawyer's expertise must guide every decision. 📚 Build Real Competency Provide hands-on training specific to each role. Include team members from legal practice, IT, compliance, and operations. This collaboration ensures AI tools address actual workflow challenges rather than theoretical problems. 🔐 Protect Client Information Evaluate every AI platform's security measures before implementation. Client confidentiality requirements apply to all technology choices. Regular compliance audits help maintain standards as tools evolve. 💡 Create Verification Habits Develop systems that make source checking automatic. Look for AI tools that cite authoritative legal sources and show their reasoning. Encourage team feedback to improve how these tools serve your practice. Check out the brief primer I created below. #legaltech #innovation #law #business #learning

You’re reviewing a contract. You pop open your favorite AI chat and type: “What’s a more aggressive indemnity clause here?” A few follow-ups, some back-and-forth, and you've got a solid draft. Fast-forward a few months. That contract is now in dispute. And guess what? Opposing counsel wants your AI chat history. Scary? It should be. In Tremblay v. OpenAI, a federal court confirmed what many feared: AI prompts and outputs can be discoverable. Courts are starting to treat AI transcripts just like emails or memos, i.e. business records subject to eDiscovery. And GenAI isn’t like traditional legal research tools Lexis or Westlaw. These chats often contain: - Client-specific facts - Draft language - Internal legal reasoning ...and are likely not formal work product Here’s what legal teams should do now: 1/ Create a GenAI retention policy, just like you have for emails 2/ Train staff to treat chats like email: intentional, professional, retrievable 3/ Avoid “scratchpad” use for sensitive or strategic work What do you folks think?

🧠 “Data systems are designed to remember data, not to forget data.” – Debbie Reynolds, The Data Diva 🚨 I just published a new essay in the Data Privacy Advantage newsletter called: 🧬An AI Data Privacy Cautionary Tale: Court-Ordered Data Retention Meets Privacy🧬 🧠 This essay explores the recent court order from the United States District Court for the Southern District of New York in the New York Times v. OpenAI case. The court ordered OpenAI to preserve all user interactions, including chat logs, prompts, API traffic, and generated outputs, with no deletion allowed, not even at the user's request. 💥 That means: 💥“Delete” no longer means delete 💥API business users are not exempt 💥Personal, confidential, or proprietary data entered into ChatGPT could now be locked in indefinitely 💥Even if you never knew your data would be involved in litigation, it may now be preserved beyond your control 🏛️ This order overrides global privacy laws, such as the GDPR and CCPA, highlighting how litigation can erode deletion rights and intensify the risks associated with using generative AI tools. 🔍 In the essay, I cover: ✅ What the court order says and why it matters ✅ Why enterprise API users are directly affected ✅ How AI models retain data behind the scenes ✅ The conflict between privacy laws and legal hold obligations ✅ What businesses should do now to avoid exposure 💡 My recommendations include: • Train employees on what not to submit to AI • Curate all data inputs with legal oversight • Review vendor contracts for retention language • Establish internal policies for AI usage and audits • Require transparency from AI providers 🏢 If your organization is using generative AI, even in limited ways, now is the time to assess your data discipline. AI inputs are no longer just temporary interactions; they are potentially discoverable records. And now, courts are treating them that way. 📖 Read the full essay to understand why AI data privacy cannot be an afterthought. #Privacy #Cybersecurity #datadiva#DataPrivacy #AI #LegalRisk #LitigationHold #PrivacyByDesign #TheDataDiva #OpenAI #ChatGPT #Governance #Compliance #NYTvOpenAI #GenerativeAI #DataGovernance #PrivacyMatters